Privacy Policy

Overview

This Privacy Policy explains how PureNorth collects, uses, discloses, and safeguards your information when you visit our website, make a booking, or otherwise interact with us. We adhere to the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial laws where applicable. We collect, use, and disclose personal information only for purposes a reasonable person would consider appropriate in the circumstances.

Data we collect

We collect the following categories of information. The specific data we collect depends on how you interact with PureNorth.

• Identity and contact: first and last name, email address, phone number, postal code, and service address(es).
• Booking and service details: service type, frequency, preferred dates/times, unit type and approximate size, entry instructions, notes and special requests, and images you provide (for example, “before/after” photos with your consent).
• Payment interactions: payment status, method, and transaction metadata. We do not store full payment card numbers; these are processed by our payment processor.
• Communications: messages and emails you send us, support requests, satisfaction ratings, and our responses. We do not record calls unless we explicitly inform you and obtain consent.
• Device and usage data: IP address, approximate location inferred from IP or postal code, browser and device type, operating system, language settings, pages viewed, links clicked, referring URLs, session duration, and general interaction patterns.
• Cookies and similar technologies: identifiers that help us remember your preferences, keep you signed in, perform analytics, and, where allowed, personalize offers.
• Sensitive information: We aim not to collect sensitive data. If you voluntarily share potentially sensitive details in instructions (e.g., health-related notes), we treat them with heightened care and only use them to deliver the requested service.

Sources of information

• Directly from you: when you submit forms, book services, communicate with us, or provide feedback.
• Automatically: through cookies, logs, and analytics when you use our website.
• From service providers: payment processors (e.g., confirmation of payment), address validation services, and communication tools that help us deliver and support our services.

How we use data

We collect, use, and disclose personal information for purposes a reasonable person would consider appropriate, including:

• Service delivery: create and manage bookings, dispatch cleaning teams, provide reminders, and handle support requests.
• Personalization: remember preferences, recommend suitable services, and tailor content.
• Payments and invoicing: process transactions, apply promotions, and manage refunds.
• Safety and security: protect against fraud and abuse, detect anomalies, and ensure platform integrity.
• Analytics and improvements: monitor usage, fix bugs, improve quality, and develop new features.
• Marketing communications: send service updates and offers where permitted by law and your preferences. You can opt out anytime.
• Legal and compliance: comply with laws, tax requirements, and enforce agreements.

Consent and other grounds under PIPEDA

We generally rely on your consent (express or implied) to collect, use, or disclose personal information. In some circumstances, PIPEDA allows collection, use, or disclosure without consent (e.g., investigations related to a breach of an agreement or contravention of Canadian law, fraud prevention, or where required by law). You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.

Sharing

We do not sell personal information. We disclose personal information only as necessary for the purposes described above, and we require recipients to protect it appropriately.

• Service providers: hosting, analytics, customer support platforms, email/SMS tools, and document storage.
• Payment processors: to securely process payments and manage refunds and chargebacks.
• Operational partners: background-checked cleaning professionals and logistics partners who require relevant booking details to perform the services.
• Legal and governmental authorities: when required to comply with law, court orders, or to protect our rights, users, or the public.
• Business transactions: in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate safeguards.

We share only the minimum necessary information and enter into agreements with service providers requiring confidentiality, security, and use only for specified purposes.

Cookies and similar technologies

We use cookies, local storage, and similar technologies to operate our website and understand how it is used. You can manage preferences via our cookie banner and your browser settings.

• Strictly necessary: essential for security, load balancing, and session continuity. These cannot be switched off.
• Preferences: remember choices such as service location and display options.
• Analytics: help measure visits and performance so we can improve our site.
• Marketing (optional): personalize offers and measure campaign effectiveness, where permitted.

Cookie lifetimes vary: strictly necessary cookies typically expire at the end of your session; analytics and marketing cookies may persist up to 13 months unless cleared earlier. Your consent choices are stored in your browser and can be updated any time using the cookie controls.

Do Not Track (DNT): Industry standards for responding to DNT signals are not yet consistent, so we do not respond to DNT signals. We continue to evaluate developments in this area.

Data retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law.

• Account and booking records: retained for your relationship with us and generally up to 7 years after your last interaction, to support service history and legal requirements.
• Payment and tax records: retained for at least 7 years to comply with financial laws.
• Analytics data: typically aggregated or deleted within 13 months.
• Support communications: retained as needed to resolve issues and improve quality, then deleted or anonymized.

Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction.

• Encryption in transit (TLS) and at rest where appropriate.
• Access controls, role-based permissions, and least-privilege principles.
• Multi-factor authentication for administrative access and employee training.
• Backups, logging, and monitoring for anomalies.
• Vendor due diligence and contractual security obligations.
• Incident response: In the unlikely event of a breach creating a real risk of significant harm, we will notify affected individuals and relevant authorities as required by law.

International data transfers

We primarily process data in Canada. Some service providers may store or process information outside your province or outside Canada (for example, in the United States). As a result, your information may be subject to the laws of those jurisdictions. We use contractual and technical safeguards intended to provide a comparable level of protection while data is processed abroad.

Your rights (Canada)

Under PIPEDA and substantially similar provincial laws, you have the following rights, subject to exceptions:

• Access: request a copy of your personal information under our control and information about how it has been used and disclosed.
• Correction: request corrections to inaccurate or incomplete information.
• Withdrawal of consent: withdraw consent to our collection, use, or disclosure, subject to legal/contractual restrictions and reasonable notice.
• Deletion: request deletion where appropriate and not otherwise required by law to retain.
• Portability: where feasible, request a copy of your information in a commonly used format.
• Complaint: lodge a complaint with us and, if unresolved, with the Office of the Privacy Commissioner of Canada (OPC).

How to exercise your rights

To exercise your rights, contact us using the details below. We will respond within 30 days, or explain any permitted extension. We may request information to verify your identity. If we cannot fulfill a request, we will provide the reason unless prohibited by law.

Children’s privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child under 13 has provided us personal information, please contact us and we will take appropriate steps to delete such information.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting a prominent notice on our website and updating the effective date above. Your continued use of our services after the changes become effective indicates your acceptance of the revised policy.

Questions and complaints

If you have a question or concern about our privacy practices, contact us first so we can try to resolve it. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada:

Office of the Privacy Commissioner of Canada, 30 Victoria Street, Gatineau, Quebec K1A 1H3

Contact

Email: [email protected] · Support: [email protected] · Phone: +1 (437) 628-0917

Hours: Monday–Friday, 9:00–18:00 ET