Privacy Statement

Effective Date: April 15, 2026

1. INTRODUCTION AND SCOPE

This Privacy Policy describes how Aquatic Safety Canada Inc. (referred to as "we," "us," or "our") collects, uses, discloses, and protects personal information in connection with our web-based safety compliance and facility management services. This policy applies to all users of our platforms and services across our operations in Alberta, British Columbia, and Yukon Territory.

We are committed to protecting your privacy in accordance with applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA), Alberta's Personal Information Protection Act (PIPA), and British Columbia's Personal Information Protection Act (PIPA).

By creating an account or using our services, you agree to the terms of this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.

2. INFORMATION WE COLLECT

2.1 Personal Information

We collect only the personal information necessary to provide our services, including:

Contact Information: First name, last name, and email address for account creation, service delivery, and communications related to your use of our services.

2.2 Operational and Facility Data

In the course of providing safety compliance services, we collect and process operational information that you provide, including:

Facility Safety Audit Data: Information related to facility inspections, safety assessments, and compliance evaluations.

Swimming Pool Operational Data: Water test results, chemical readings, maintenance records, and other operational information necessary for regulatory compliance and safety monitoring.

Incident Information: General incident data including date, time, location, and type of incident for trend analysis and safety improvement purposes. Our services include fields where you may document incident details. If you choose to enter personally identifying information (such as names or contact details) of individuals involved in an incident into these fields, that information will be treated as Personal Information and will be subject to all protections, security measures, and rights outlined in this Privacy Policy. As the party entering the data, you confirm you have the necessary authority or consent to provide this information to us for the purposes of your facility management.

2.3 Technical Information

We automatically collect certain technical information, which may be considered personal information in certain jurisdictions, including IP addresses, browser type, device information, and usage patterns through Google Analytics. This information is used to improve service performance, security, and user experience.

3. HOW WE USE YOUR INFORMATION

We use personal information only for the purposes for which it was collected, including:

Service Delivery: To create and manage your account, provide access to our platforms, deliver the safety compliance and facility management services you have purchased, and communicate with you regarding service-related matters.

Operational Analysis: To analyze facility safety trends, generate compliance reports, and provide insights that improve safety outcomes for your organization. All analysis for the purpose of identifying broad safety trends is conducted using aggregated and de-identified data.

System Security and Integrity: To protect the security and integrity of our systems, prevent unauthorized access, detect and respond to security incidents, and comply with legal obligations.

Service Improvement: To understand how our services are used, identify areas for enhancement, and develop new features that better serve our clients.

Legal and Regulatory Compliance: To comply with applicable laws, respond to lawful requests from public authorities, and enforce our terms of service.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not use your information for purposes beyond those described in this policy without obtaining your explicit consent.

4. INFORMATION SHARING AND DISCLOSURE

4.1 Third-Party Service Providers

We engage third-party service providers to support our operations. These providers may have access to personal information only to the extent necessary to perform their functions. We execute data processing agreements with all sub-processors that contractually obligate them to protect the information and use it only for the purposes for which it was disclosed.

Application Development and Hosting: We use Replit for application development and database provisioning. Your data is stored in SQL databases hosted on Google Cloud Platform infrastructure that may be located in the United States or Canada. While we implement access controls within our applications to ensure users can only access their own organization's data, the underlying infrastructure is managed by our service provider. We have implemented contractual safeguards and conduct security reviews of our service providers to ensure appropriate protection of your information.

Payment Processing: When you make payments for our services, we use Stripe, Inc. and other integrated payment processors. These processors are independent controllers of your payment information, which is governed by their respective privacy policies. These processors handle payment information in accordance with Payment Card Industry Data Security Standards (PCI DSS). We do not store your full payment card number on our systems.

Analytics Services: We use Google Analytics on our main website to understand how visitors interact with our site. Google Analytics collects information such as how often users visit the site, what pages they visit, and what other sites they used prior to coming to our site. We use this information to improve our website and services. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

4.2 Cross-Border Data Transfers

Important Notice: Personal information we collect may be transferred to, stored, and processed on servers located outside of Canada, including in the United States. When your information is transferred outside Canada, it is subject to the laws of that foreign jurisdiction. This includes the lawful authority of courts, law enforcement, and national security agencies (such as those operating under the United States CLOUD Act) to access your information, potentially without notice to you or us.

By using our services, you consent to the transfer of your personal information to jurisdictions outside Canada for the purposes described in this policy. To ensure a comparable level of protection, we rely on contractual data protection addendums and conduct security reviews of our service providers.

4.3 Legal Requirements

We may disclose personal information when required or permitted by law, including to comply with a subpoena, court order, or other legal process, to respond to lawful requests from public authorities, to protect our rights and property, or to investigate potential violations of our terms of service.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred to the acquiring entity. We will notify you of such a transfer and the acquiring entity will be required to protect your personal information in a manner consistent with this Privacy Policy and applicable privacy laws, or obtain your consent for any material changes to privacy practices.

5. DATA SECURITY

We are committed to our legal duty to implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. Our security measures include:

Encryption in Transit: All communications between your browser and our services are encrypted using Transport Layer Security (TLS) 1.2 or higher, protecting data as it travels across networks.

Encryption at Rest: All data stored on our infrastructure is encrypted using AES-256 server-side encryption, ensuring that data remains protected even if physical storage media is compromised.

Database Security: Our database infrastructure includes automatic encryption key rotation and granular access controls to limit data access to authorized systems and personnel only.

Authentication and Authorization: Every request to access data within our applications requires authentication and authorization. Users can only access data belonging to their own organization, and role-based access controls restrict what each user can view and modify.

Infrastructure Security: Our underlying infrastructure is provided by Google Cloud Platform, which applies enterprise-grade security controls, key management, and continuous security monitoring.

5.1 Our Shared Responsibility for Security

We are committed to our legal duty to implement reasonable administrative, technical, and physical safeguards to protect your personal information. These measures, detailed above in Section 5, are designed to prevent unauthorized access, use, or disclosure.

However, you acknowledge that no method of transmission over the Internet or method of electronic storage is 100% secure. Absolute security cannot be guaranteed by any organization. Your own security practices are critical. You agree to partner with us in protecting your data by:

  • Creating and maintaining a strong, unique password for your account

  • Safeguarding your login credentials and not sharing them with others

  • Promptly notifying us at [Insert Security Email Address] if you suspect your account has been compromised

  • Ensuring the security of the devices and networks you use to access our services

  • Enabling multi-factor authentication if available

5.2 Security Incident Response

In the event of a security breach that creates a real risk of significant harm to individuals, we will notify affected individuals and applicable privacy regulators as required by Canadian privacy legislation. Notifications will include information about the nature of the breach, the personal information involved, steps we are taking to mitigate harm, and steps you can take to protect yourself.

6. DATA RETENTION

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal and regulatory requirements, resolve disputes, and enforce our agreements.

Account Information: Contact information is retained for the duration of your active account and for a period of 24 months following the termination of your service agreement to allow for account reactivation and to meet our financial and legal record-keeping obligations. Anonymized backup and archival copies may be retained for longer periods for disaster recovery purposes.

Operational Data: Facility safety audits, pool operational data, and incident information are retained in accordance with applicable regulatory requirements and industry standards for safety record retention. In many cases, safety and compliance records must be retained for periods specified by provincial occupational health and safety legislation.

Technical Information: Analytics and technical data are typically retained for shorter periods necessary for system optimization and security monitoring, generally not exceeding 26 months.

Upon request, we will delete or anonymize your personal information unless we are required or permitted by law to retain it. Deletion requests should be directed to the contact information provided in Section 10 of this policy.

7. YOUR PRIVACY RIGHTS

Under Canadian privacy legislation, you have the following rights regarding your personal information:

Access: You have the right to request access to the personal information we hold about you and to receive information about how we use and disclose that information.

Correction: You have the right to request correction of inaccurate or incomplete personal information.

Withdrawal of Consent: Where we rely on your consent to process personal information, you may withdraw that consent at any time, subject to legal or contractual restrictions and reasonable notice. Please note that withdrawing consent to the processing of essential information, such as your contact details, will prevent us from providing our services and will result in the deactivation of your account.

Complaint: You have the right to file a complaint with applicable privacy regulators if you believe we have violated your privacy rights. Contact information for privacy regulators is provided in Section 10.

To exercise any of these rights, please contact us using the information provided in Section 10. We will respond to all requests within 30 days, as required by law. To protect your information, we will require you to verify your identity before processing any request for access or correction.

8. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies on our website to enhance user experience, analyze site usage, and support our operations.

Google Analytics: Our main website uses Google Analytics, which employs cookies to collect information about how visitors use our site. This information is used in aggregate form to help us understand traffic patterns and improve our website. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Essential Cookies: We use certain cookies that are essential for the operation of our services, including cookies that enable you to log into secure areas and maintain your session.

Most web browsers allow you to control cookies through browser settings. However, disabling certain cookies may limit your ability to use some features of our services.

9. CHILDREN AND MINORS

Our services are not intended for use by individuals under the age of majority in their province or territory of residence. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected personal information from a minor, we will take steps to delete that information promptly.

10. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational reasons. We will post the updated policy on our website with a revised effective date. If we make material changes that significantly affect how we collect, use, or disclose personal information, we will provide additional notice, such as by email notification or prominent notice on our website, prior to the changes taking effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our services after changes to this Privacy Policy constitutes your acceptance of the updated policy.

11. CONTACT INFORMATION

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Aquatic Safety Canada Inc.
1031 - 174 St. SW
Edmonton, Alberta, Canada
support@aquaticsafetycanada.ca
780-915-0145

Privacy Officer Our designated Privacy Officer is responsible for ensuring compliance with this policy. You can contact them at:

President Email: kelly@aquaticsafetycanada.ca

Privacy Regulators:

If you believe we have not adequately addressed your privacy concerns, you may file a complaint with the applicable privacy regulator:

Office of the Privacy Commissioner of Canada (This office has jurisdiction for privacy matters arising in Yukon Territory) 30 Victoria Street Gatineau, Quebec K1A 1H3 Toll-free: 1-800-282-1376 Website: www.priv.gc.ca

Office of the Information and Privacy Commissioner of Alberta 410, 9925 109 Street NW Edmonton, Alberta T5K 2J8 Phone: 780-422-6860 Website: www.oipc.ab.ca

Office of the Information and Privacy Commissioner for British Columbia PO Box 9038, Stn. Prov. Govt. Victoria, British Columbia V8W 9A4 Phone: 250-387-5629 Website: www.oipc.bc.ca