Privacy Policy

1. Information We Collect

Account information

• •Email address and optional display name (provided at signup)
• •Password (stored as a one-way bcrypt hash — we cannot see your password)
• •Subscription tier and Stripe customer/subscription IDs (if you subscribe to a paid plan)

Usage data

• •API request logs: endpoint, HTTP status code, response time, and timestamp
• •Daily and monthly usage counts (for rate limiting and quota enforcement)

Saved places

• •LSD codes, optional labels, and associated conversion data (coordinates, polygon geometry) that you choose to save

Information we do not collect

• •Payment card numbers (held by Stripe, never transmitted to or stored by our servers)
• •Location data, device identifiers, or tracking cookies

2. Why We Collect This Information

• •Account operation: authenticate you, manage your session, and display your saved places
• •Billing: process subscription payments through Stripe
• •Rate limiting and quotas: enforce daily lookup limits and monthly API quotas
• •Debugging and reliability: diagnose errors and monitor service health

3. Third-Party Service Providers

We share information with the following third parties solely to operate the service:

• •Stripe, Inc. (USA) — payment processing. Stripe receives your email address and payment card information. See Stripe's Privacy Policy.
• •Cloudflare, Inc. (USA) — CDN, DNS, and web application delivery. Cloudflare processes HTTP requests on our behalf. See Cloudflare's Privacy Policy.

We do not sell, rent, or trade your personal information to any third party.

4. International Data Transfers

Your data may be processed outside Canada by Stripe and Cloudflare, both headquartered in the United States. By using the service, you consent to this transfer. These providers maintain security practices consistent with industry standards.

5. How We Protect Your Information

• •Passwords are hashed with bcrypt (one-way; we cannot recover your password)
• •API keys are hashed with SHA-256 before storage (plaintext keys are never stored)
• •All data in transit is encrypted with TLS/SSL
• •Database access is restricted and not publicly exposed

While we take reasonable steps to protect your information, no system is completely secure. This is a personal project operated on personal infrastructure, and we cannot guarantee the absolute security of your data.

6. Data Retention

• •Account data is retained while your account is active.
• •Upon account deletion, your personal data (email, saved places, usage history) will be removed within 30 days.
• •Anonymized, aggregate usage statistics may be retained indefinitely for service improvement.

7. Your Rights Under Alberta PIPA

Under Alberta's Personal Information Protection Act, you have the right to:

• •Access the personal information we hold about you
• •Request corrections to inaccurate personal information
• •Withdraw consent for the collection or use of your information (which may require closing your account)
• •Request deletion of your account and associated data

To exercise any of these rights, contact us at the email address below. We will respond within 30 days.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered users. The effective date at the top of this page indicates when the policy was last revised.