Privacy Policy

This Privacy Policy describes how Energy Labs North ("we", "us", "our") collects, uses, and discloses personal information when you use our platform. We are committed to protecting your privacy in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable British Columbia privacy law.

1. What We Collect

Information you provide

• Account registration: email address, password (stored as a bcrypt hash — we never store your plaintext password), and optional role/use-case descriptor
• Interest registration: email address, selected plan, optional role, company name, and free-text description of intended use
• Contact form: name, email address, subject, and message

Information collected automatically

• Search queries: the addresses you search (stored to power the search history feature and for aggregate analytics)
• Usage data: pages visited, features used, and API calls made — used to understand how the Service is used and to enforce rate limits
• Authentication tokens: a session token stored in your browser's localStorage, used to keep you logged in

What we do not collect

We do not collect payment card information (handled entirely by Stripe, our payment processor, when paid tiers launch). We do not use third-party advertising trackers, pixel tags, or behavioural advertising cookies. We do not collect or sell personal data about the people who live in the locations you search — all demographic and neighbourhood data comes from Statistics Canada and other government open data sources.

2. How We Use Your Information

• To create and manage your account
• To provide the neighbourhood intelligence reports you request
• To send transactional email: email verification, password reset, and interest registration confirmation
• To contact you when the tier you registered interest in becomes available
• To respond to contact form submissions
• To enforce rate limits and detect abuse
• To produce aggregate, non-identifiable usage analytics to guide product development
• To comply with legal obligations

We do not sell your personal information to third parties. We do not use your personal information for automated decision-making that produces legal or similarly significant effects.

3. Legal Basis (PIPEDA)

Under PIPEDA, we rely on your consent (provided at registration) for collecting your email address and account data. We rely on legitimate interests for collecting usage data necessary to operate and secure the Service. You may withdraw consent at any time by deleting your account, subject to any legal obligations requiring us to retain certain records.

4. Data Sharing

We share personal information only in the following circumstances:

• Service providers: Resend (transactional email delivery), Cloudflare (infrastructure hosting and DDoS protection). These providers process data on our behalf under data processing agreements and may not use your data for their own purposes.
• Legal requirements: If required by law, court order, or to protect the rights and safety of users or the public.
• Business transfer: If we merge with or are acquired by another entity, your data may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

We do not share your data with data brokers, marketers, or analytics companies for advertising purposes.

5. Data Storage and Security

Your data is stored on Cloudflare's infrastructure, which operates globally including within Canada. Cloudflare's data centres are located in multiple jurisdictions; some data may be processed outside Canada. We use industry-standard encryption in transit (TLS) and at rest.

Passwords are hashed with bcrypt before storage. Session tokens are stored in Cloudflare KV with a time-based expiry. We do not store plaintext passwords or session tokens in our primary database.

No method of transmission or storage is 100% secure. If you become aware of a security concern, please contact us immediately.

6. Data Retention

• Account data: retained while your account is active and for 12 months after deletion, then purged
• Search history: retained for 12 months, then automatically deleted
• Interest registrations: retained until the relevant paid tier has been available for 24 months, then purged
• Contact form submissions: retained for 24 months
• Usage/API logs: aggregated after 90 days; raw logs purged after 90 days

7. Your Rights

Under PIPEDA and applicable BC privacy law, you have the right to:

• Access: request a copy of the personal information we hold about you
• Correction: request that we correct inaccurate information
• Deletion: request that we delete your account and associated personal information (subject to retention obligations above)
• Withdrawal of consent: withdraw consent for uses that are based on consent; this may affect your ability to use certain features
• Complaint: file a complaint with the Office of the Privacy Commissioner of Canada if you believe we have not complied with PIPEDA

To exercise these rights, contact us. We will respond within 30 days.

8. Cookies and Local Storage

We use browser localStorage (not cookies) to store your session token. We do not use third-party cookies or advertising trackers. If you clear your browser's localStorage, you will be logged out.

9. Children's Privacy

The Service is not directed at individuals under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email at least 14 days before the changes take effect. The effective date at the top of this page reflects the most recent update.

11. Contact

Privacy questions or requests: contact us. You may also file a complaint with the Office of the Privacy Commissioner of Canada.