Privacy Policy

Last updated: March 2026

1. Information We Collect

Account Information

When you create an account, we collect your email address. If you sign in with Google, we also receive your name and profile image from Google. We store a Google OAuth token solely to verify your identity on subsequent sign-ins — we do not use it to access any other Google services. We do not collect passwords — authentication is handled via magic links or OAuth.

Billing Information

Payment information is collected and processed entirely by Stripe. We do not store credit card numbers, bank account details, or other payment credentials. We receive a Stripe customer ID and subscription status.

Usage Data

We log API requests (endpoint, timestamp, response status) for rate limiting and service monitoring. We do not track browsing behavior or share data with advertising platforms.

Analytics

We may use Google Analytics 4 to understand how the Service is used (e.g. sign-up conversions, page views). When enabled, Google Analytics sets its own cookies and collects anonymized usage data such as pages visited, session duration, and browser type. This data is processed by Google under its Privacy Policy. Google Analytics is not used for advertising or cross-site tracking. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

2. How We Use Your Information

• To provide and maintain the Service
• To send magic link sign-in emails
• To process subscription billing through Stripe
• To enforce API rate limits
• To understand usage patterns and improve the Service (via analytics)
• To communicate service updates (rare, opt-out available)

3. Data Storage

Account and subscription data is stored in a SQLite database hosted on Railway (Canada/US infrastructure). All data is transmitted over HTTPS. API keys are stored as SHA-256 hashes — we cannot recover your API key after creation.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties, except:

• Stripe — for payment processing
• Mailgun — for transactional emails (sign-in links)
• Google Analytics — for anonymized usage analytics (when enabled)
• Railway — infrastructure hosting provider
• Law enforcement — if required by Canadian law

5. Cookies

We use a single session cookie (authjs.session-token) for authentication. If Google Analytics is enabled, it may set additional cookies for analytics purposes (see Section 1, Analytics above). We do not use advertising cookies or third-party tracking pixels.

6. Your Rights

Under Canadian privacy law (PIPEDA) and Alberta's PIPA, you have the right to:

• Access your personal information
• Request correction of inaccurate data
• Request deletion of your account and data
• Withdraw consent for data processing

To exercise any of these rights, email us at privacy@albertapulsecheck.ca. We will respond within 30 days.

7. Data Retention

Account data is retained while your account is active. If you cancel your subscription, your account data is retained for 90 days in case you wish to re-subscribe, then permanently deleted. API usage logs are retained for 30 days.

8. Changes to This Policy

We may update this policy from time to time. We will notify active subscribers of material changes via email.

Contact

Privacy questions? Email privacy@albertapulsecheck.ca.