Privacy Policy

Shopfloor Solutions Inc. ("Shopfloor", "we", "us", "our") operates a web-based business intelligence and growth platform for trades businesses that helps owners and their teams measure, understand, and improve business performance through data submission, benchmarking, diagnostics, and actionable reporting (the "Solution") and the associated website at https://www.shopfloorsolutions.ca and its subdomains (the "Website"). Together, the Solution and Website are referred to as the "Services."

This Privacy Policy describes how we collect, use, disclose, and protect personal information "Personal Information" about individuals who use our Services, visit our Website, or otherwise interact with us. We are committed to handling Personal Information responsibly and in compliance with applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA), and applicable United States privacy laws, including the California Consumer Privacy Act (CCPA).

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your Personal Information as described herein. If you do not agree, please discontinue use of the Services.

1. Overview

1.1 Business Users Only

The Services are intended exclusively for business use by trades business owners and their authorized team members. We do not knowingly collect Personal Information from individuals under the age of 18. If we become aware that we have inadvertently collected Personal Information from a minor, we will take steps to delete it promptly. If you believe we may hold Personal Information about a minor, please contact our Privacy Officer using the details in Section 12.

1.2 International Users

If you are accessing the Services from outside Canada or the United States, please be aware that your Personal Information may be transferred to, stored in, and processed in Canada and the United States, where data protection laws may differ from those in your jurisdiction. By using the Services, you consent to such transfer and processing.

1.3 Lawful Processing

We process your Personal Information only to the extent necessary for the purposes described in this Privacy Policy. Except as set out herein, your Personal Information will not be used for any other purpose without your consent. You may withdraw your consent at any time, though doing so may affect your ability to use the Services.

2. Information We Collect

2.1 Registration Information

When you register for a Shopfloor account, we collect the following information. Items marked with an asterisk (*) are required to create an account:

• First Name*
• Last Name*
• Email Address*
• Password* (required for email/password sign-up; not applicable for OAuth sign-in via Google or Microsoft)
• Company Name*
• Industry*
• State or Province of Operation*
• Business Postal Code*
• Business Country*
• Website or Domain (optional; if not provided, a phone number is required)
• Phone Number (required if no website/domain is provided; otherwise optional)
• Business Address Line 1 (optional)
• Business Address Line 2 (optional)
• Business City (optional)
• Business State or Province (optional)

2.2 Platform Usage Data (KPI and Business Information)

When you use the Solution, you submit operational and business data including KPI inputs, business metrics, and other information about your trade business (collectively, "User Data"). This data is used to generate benchmarks, diagnostic results, insights, recommendations, and reports. User Data may include details about your business operations but is not used to identify you personally beyond your account.

2.3 Authentication Information

When you register for or sign in to an account, we collect authentication credentials through email/password and, where you choose to use them, OAuth providers such as Google and Microsoft. We may also collect security-verification tokens and related anti-abuse signals when account access or form submissions are protected by bot-detection tools. Authentication session tokens, which contain your account identifiers, are stored in functional cookies on your device to maintain your logged-in session. See Section 8 for details.

2.4 Device, Log, and Usage Information

We and our service providers automatically collect technical information when you access the Services, including your IP address, browser type and version, operating system, referring URLs, page paths, session identifiers, session duration, and other usage telemetry. This information is used to operate, maintain, and improve the Services, to diagnose technical issues, and to generate aggregate analytics.

2.5 Communications

If you contact us by email or through the Services, including through our contact form, we collect the contents of your communications and the Personal Information you provide, such as your name, email address, company name, optional phone number, inquiry type, and message.

2.6 Payment Information

All payment processing is handled directly by Stripe, our third-party payment processor. Shopfloor does not collect, store, or have visibility into your payment card details. We receive billing-related information needed to manage subscriptions and customer accounts, such as Stripe customer and subscription identifiers, transaction and subscription status, billing contact email address, and company or account name information submitted through Stripe's checkout or customer portal.

3. How We Use Your Information

We use the Personal Information and User Data we collect for the following purposes:

• To create and manage your account and provide you with access to the Services
• To operate, maintain, secure, and improve the Services
• To generate KPI benchmarks, diagnostic results, recommendations, and reports based on your submitted data
• To send transactional emails, including account confirmations, subscription updates, and support communications
• To process your subscription payments through our payment processor
• To respond to your inquiries and provide customer support
• To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activity
• To monitor and analyze aggregate, anonymized trends and usage patterns to improve the Services and develop new features
• To maintain our customer relationship management records and manage consultation scheduling
• To comply with applicable laws, regulations, and legal obligations
• For any other purpose for which we obtain your consent

4. Anonymized and Aggregated Data

We may create de-identified and aggregated data derived from User Data and usage information "Aggregated Statistics". We use Aggregated Statistics to develop industry benchmarks, improve our diagnostic models, enhance the Services, and support internal analytics and research. Aggregated Statistics are maintained separately from Personal Information and are not used by us to identify any individual customer or user.

Where data is retained in de-identified form, we require that it be maintained in a form that cannot reasonably be used to re-identify any person, and we do not attempt to re-identify it. Data that has been fully anonymized in this manner no longer constitutes Personal Information and is not subject to the retention limits described in Section 7. Shopfloor may retain fully anonymized and sufficiently aggregated benchmark and analytics data beyond an individual customer lifecycle for ongoing benchmarking, analytics, product improvement, and related business purposes. Shopfloor owns all Aggregated Statistics.

5. Storage Location and Transfer of Personal Information

Personal Information stored in our primary application database is hosted in the United States through Supabase on AWS us-west-2. We also transfer Personal Information to third-party sub-processors located in the United States, the European Union, and other jurisdictions as described in Section 6 and Schedule "A" of this Privacy Policy. By using the Services, you consent to these transfers and storage locations.

As a Canadian company serving Canadian and international customers, we note that Personal Information stored in the United States may be subject to access by U.S. law enforcement or government agencies under applicable U.S. laws. We take reasonable steps to ensure that our service providers protect your Personal Information to a standard comparable to Canadian privacy law requirements.

All sub-processors are contractually required to handle Personal Information in a manner consistent with this Privacy Policy and applicable law.

6. Disclosure of Personal Information

6.1 Sub-Processors and Service Providers

We share Personal Information with third-party service providers who perform functions on our behalf, including hosting, authentication, payment processing, email delivery, analytics, and CRM. These providers are authorized to use your Personal Information only as necessary to perform their services for us. Our current sub-processors are listed in Schedule "A" to this Privacy Policy.

6.2 Solution Providers (Referral and Affiliate Links)

The Services may feature, recommend, or link to third-party solution providers through referral or affiliate links. If you choose to visit or sign up with a third-party solution provider through such a link, you will be directed to that provider's own website and subject to their own privacy policy. Shopfloor does not share your Personal Information with solution providers through referral links, and your interactions with those providers are governed by their own terms and privacy practices.

6.3 Business Transfers

If Shopfloor or substantially all of its assets are acquired by a third party, or if we undergo a merger, reorganization, or insolvency proceeding, your Personal Information may be transferred to the acquiring entity as part of that transaction, subject to the protections in this Privacy Policy.

6.4 With Your Consent

We may share your Personal Information with third parties in ways not described in this Privacy Policy where we have obtained your prior consent to do so.

6.5 As Required by Law

We may disclose your Personal Information without your consent where required or permitted by applicable law, including in response to a valid court order, subpoena, or government request, or where necessary to protect the rights, property, or safety of Shopfloor, our users, or the public.

7. Data Retention

We retain your Personal Information for as long as your account remains active. Following the end of your subscription period, the customer account administrator may request an export of account information, submitted business data, and copies of reports or documents previously delivered through the Services for a period of ninety (90) days by contacting support@shopfloorsolutions.ca. At the end of this ninety (90) day window, your Personal Information will be automatically and permanently deleted from our systems or irreversibly anonymized, depending on the nature of the record and the basis for retaining a non-personal record. Following deletion or anonymization, we retain only data that has been fully anonymized and aggregated in accordance with Section 4, which no longer constitutes Personal Information, except:

• where retention is required by applicable law or regulation
• where data is required to resolve a dispute, enforce our agreements, or prevent fraud
• where data has been de-identified and aggregated so that it can no longer reasonably be linked to an individual, in which case it may be retained for benchmarking, analytics, product improvement, and related business purposes as described in Section 4

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Services. We also may use analytics and performance technologies on public-facing pages when they are enabled in the relevant environment. A cookie is a small text file stored on your device that helps websites recognize your browser or remember certain settings.

The following table describes essential cookies used by the Services and non-essential analytics or performance technologies that may be enabled on public-facing pages:

8.1 Cookie Categories

Essential / Functional cookies are strictly necessary for the Services to operate. Without these cookies, you cannot log in or use the platform. These cookies do not require your consent under applicable law.

Non-essential analytics and performance technologies help us understand how visitors interact with our public-facing pages and how those pages perform. Depending on the tool, they may rely on cookies or cookieless measurement. Google Analytics 4 may use pseudonymous client IDs stored in first-party cookies when enabled, while Plausible, Vercel Analytics, and Vercel Speed Insights are designed to operate without browser cookies by default.

8.2 Managing Cookies

You may disable or delete cookies through your browser settings. Please note that disabling essential cookies will prevent you from accessing the platform. Instructions for managing cookies in common browsers are available at www.aboutcookies.org.

Where required by applicable law, non-essential analytics and performance technologies on public-facing pages are managed through consent settings when those tools are enabled. We will update this section as our deployed configuration changes.

9. Access, Correction, and Accuracy

You have the right to request access to the Personal Information we hold about you, to request correction of inaccurate or incomplete information, and to understand how we have used that information. Upon receipt of a written request, we will provide access to or a copy of your Personal Information within a reasonable time, subject to applicable law and any limitations or exceptions permitted by law, including where necessary to protect confidential commercial information, proprietary methods, security-related information, or the Personal Information of other individuals.

To submit an access or correction request, please contact our Privacy Officer at the contact information provided in Section 12. We will endeavour to respond to all requests within thirty (30) days. You may also update certain business account information directly through the platform where those controls are available. Other access, correction, and privacy requests should be submitted to our Privacy Officer at privacy@shopfloorsolutions.ca.

You may also request that we delete your Personal Information from our records. Upon receipt of a verifiable deletion request, we will use commercially reasonable efforts to remove your Personal Information from our systems. Please note that complete deletion may not always be possible due to legal or technical constraints, including where: (i) retention is required by applicable law or regulation; (ii) the data is needed to resolve a dispute or enforce our agreements; or (iii) the data has been fully anonymized and aggregated such that it can no longer reasonably be linked to you, in which case it is retained in accordance with Section 4 and no longer constitutes Personal Information. Deletion requests should be submitted to our Privacy Officer at privacy@shopfloorsolutions.ca.

10. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your Personal Information. This section describes those rights and how to exercise them.

10.1 Categories of Personal Information Collected

In the preceding twelve months, we have collected the following categories of Personal Information: identifiers (name, email address); commercial information (subscription and billing records); internet and network activity (usage data, IP address); geolocation data (coarse location derived from IP address); and professional or employment-related information (company name, industry, business address). We collect this information for the commercial purposes described in Section 3 of this Privacy Policy.

10.2 Your Rights

Subject to certain limitations, California residents have the right to: (i) request to know the categories and specific pieces of Personal Information we have collected about them; (ii) request deletion of their Personal Information; (iii) opt out of any "sale" of Personal Information (note: Shopfloor does not sell Personal Information as that term is defined under the CCPA); and (iv) not be discriminated against for exercising any of these rights.

10.3 How to Exercise Your Rights

California residents may submit a request by contacting our Privacy Officer at privacy@shopfloorsolutions.ca. We will verify your identity using the information associated with your account before fulfilling any request. We will respond within forty-five (45) days of receipt of a verifiable request.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting an updated Privacy Policy on our Website at https://www.shopfloorsolutions.ca/privacy and, where appropriate, by sending an email notification to your registered email address. The updated Privacy Policy will be effective as of the date indicated at the top of the document. Your continued use of the Services following notice of any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact - Privacy Officer

Questions, concerns, or requests regarding this Privacy Policy or our privacy practices should be directed to our Privacy Officer:

Schedule "A" - Sub-Processors

Shopfloor Solutions Inc. engages the following third-party sub-processors to support delivery of the Services. Each sub-processor is contractually bound to handle Personal Information in a manner consistent with this Privacy Policy and applicable privacy law.

Shopfloor may update this list from time to time as our business needs change. Material additions to this list will be reflected in an updated Privacy Policy.

For questions about our sub-processors or this Privacy Policy, contact privacy@shopfloorsolutions.ca.