Privacy Policy

1 Who Is Responsible for Your Information

ShieldBase is the organization accountable for personal information collected through the Platform under PIPEDA. Our designated Privacy Officer can be reached at info@shieldbase.ca.

2 What Personal Information We Collect

We collect only the information necessary to provide and improve the Platform. This includes:

We do not collect sensitive personal information such as financial account numbers, government-issued ID numbers, or health information.

3 How We Collect It

We collect personal information:

• Directly from you — when you apply, register, submit Posts, contact support, or use the Platform;
• Automatically — through cookies and server logs when you interact with the Platform; and
• From service providers — our hosting and database providers may process technical data as part of delivering the Platform (see Section 6).

4 Why We Collect It — Purposes

Under PIPEDA, we are required to identify the purposes for which personal information is collected at or before the time of collection. We collect and use your personal information for the following purposes:

• To review your membership application and create your account;
• To provide, operate, and improve the Platform;
• To process subscription payments and manage your billing;
• To send transactional communications, including account approval, post status updates, and subscription notices;
• To send commercial electronic messages, where you have provided consent in accordance with CASL (see Section 9);
• To detect, investigate, and prevent fraud, abuse, or policy violations;
• To comply with applicable legal obligations; and
• To respond to your inquiries and support requests.

We do not use your personal information for targeted advertising, profiling for commercial sale, or any purpose not listed above without first obtaining your consent.

5 Consent

Under PIPEDA, we rely on your consent — express or implied — as the legal basis for collecting, using, and disclosing your personal information. By applying for membership and using the Platform, you consent to the collection and use of your personal information as described in this Policy.

You may withdraw your consent at any time by contacting us at info@shieldbase.ca, subject to legal or contractual restrictions and reasonable notice. Withdrawing consent may limit or prevent your ability to use the Platform.

6 Disclosure to Third Parties

We do not sell, rent, or trade your personal information. We may disclose personal information only in the following circumstances:

• Service providers: We use Supabase (database and authentication), Netlify (hosting and form processing), and email delivery providers to operate the Platform. Each is bound by confidentiality obligations and may not use your information for their own purposes;
• Legal requirements: We may disclose personal information if required to do so by law, court order, or government authority, or where we believe disclosure is necessary to protect our legal rights or the safety of others; and
• Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your personal information may be transferred to the successor organization, subject to the same privacy protections.

Where feasible, we will notify you of any such disclosure that is not required to be kept confidential.

7 Data Retention

We retain your personal information only as long as necessary to fulfil the purposes for which it was collected, or as required by law:

• Active accounts: Personal information is retained for the duration of your membership;
• Closed accounts: We will delete or anonymize your personal information within 90 days of account closure, except where we are required by law to retain it longer (for example, billing and tax records under Ontario law); and
• Posts: Anonymized, aggregate post data (neighbourhood risk scores with no personally identifying information) may be retained indefinitely for platform integrity purposes.

8 Security

We implement industry-standard technical and organizational safeguards to protect your personal information against unauthorized access, use, disclosure, alteration, or destruction. These measures include:

• Encrypted data transmission using TLS/HTTPS;
• Access controls limiting data access to authorized personnel; and
• Use of reputable, security-certified third-party infrastructure providers.

No method of data transmission or storage over the internet is completely secure. While we take reasonable precautions, we cannot guarantee absolute security. In the event of a material data breach affecting your personal information, we will notify you and the Office of the Privacy Commissioner of Canada as required by PIPEDA's breach reporting regulations.

9 Commercial Electronic Messages (CASL)

We comply with Canada's Anti-Spam Legislation, SC 2010, c 23 ("CASL"). We will only send you commercial electronic messages (such as promotional emails or feature announcements) if you have provided express or implied consent as defined under CASL.

Every commercial message we send will identify ShieldBase as the sender, include our contact information, and provide a clear and functioning unsubscribe mechanism. You may withdraw your consent to receive commercial messages at any time by using the unsubscribe link in any email or by contacting us directly. Unsubscribes will be processed within 10 business days.

Transactional messages — such as account approvals, post status notifications, and billing confirmations — are not commercial electronic messages and will continue to be sent regardless of your commercial email preferences.

10 Cookies

We use session cookies that are strictly necessary for the Platform to function, including maintaining your logged-in state. We do not use advertising cookies, cross-site tracking cookies, or analytics cookies that identify you personally.

You may disable cookies through your browser settings. Doing so may prevent you from logging in or using core Platform features. We do not use cookie consent banners because we do not set non-essential cookies.

11 Your Rights Under PIPEDA

You have the following rights with respect to your personal information:

• Access: You may request a copy of the personal information we hold about you;
• Correction: You may request that we correct any inaccurate or incomplete personal information;
• Withdrawal of consent: You may withdraw consent to our use of your personal information, subject to legal or contractual restrictions;
• Deletion: You may request deletion of your personal information, subject to our legal obligations to retain certain records; and
• Complaint: You may file a complaint with the Office of the Privacy Commissioner of Canada if you believe we have not handled your personal information in accordance with PIPEDA.

To exercise any of these rights, contact our Privacy Officer at info@shieldbase.ca. We will respond within 30 days of receiving a written request.

12 Third-Party Links

The Platform may contain links to third-party websites, including government resources and legal references. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

13 Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email to your registered address at least 14 days before the changes take effect. The "Effective Date" at the top of this page will be updated accordingly. Continued use of the Platform after the effective date constitutes your acceptance of the updated Policy.