Menu

Privacy Policy

Scroll Down

Laflor Solutions Inc. – Privacy Policy (2025)

Effective date: October 17, 2025
Last updated: October 17, 2025

Laflor Solutions Inc. (“Laflor”, “we”, “our”, or “us”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our websites, apps, products, and professional services (collectively, the “Services”). We are headquartered in Edmonton, Alberta, Canada.

By using the Services, you agree to the practices described here. If you do not agree, please do not use the Services.

1) Who we are & scope

This policy applies to personal information processed by Laflor in connection with:

  • Our public websites (e.g., marketing sites, landing pages, support portals)

  • Our software, mobile and web applications, APIs, and developer tools

  • Our consulting and managed services engagements

  • Your interactions with us (e.g., contacting support, applying for a job, attending webinars)

Some offerings may include service-specific terms or data processing addenda (DPAs). If there is a conflict, those service-specific terms govern for that offering.

2) Personal information we collect

a) Information you provide

  • Account & profile data: name, email, phone, company, role, password or auth identifiers, preferences.

  • Billing & transactions: billing address, payment method details (processed by our PCI-compliant payment processors), purchase history, tax IDs.

  • Support & communications: messages, tickets, call recordings (where permitted), feedback, survey responses.

  • Content you upload or generate: files, forms, images, videos, annotations, telemetry attachments, and metadata you choose to provide.

  • Recruitment data: resume/CV, cover letters, work history, references, and any information shared during the hiring process.

b) Information collected automatically

  • Usage & device data: pages viewed, features used, clicks, session duration, crash logs, diagnostics, IP address, device/OS/browser type, language, timestamps, and approximate location derived from IP.

  • Cookies & similar technologies: cookies, local storage, pixels, SDKs, and beacons to enable core functionality, analytics, remember preferences, and (if enabled) measure marketing performance. See Section 9.

c) Information from third parties

  • Single Sign-On (SSO) & identity providers (e.g., Google/Microsoft): basic profile data and authentication assertions.

  • Payment processors: limited transaction confirmation details (no full card numbers are stored by us).

  • Partners, resellers, and service providers: implementation details, lead/contact info.

  • Public sources: publicly available business contact and company information.

We do not intentionally collect sensitive personal information (e.g., precise geolocation, government IDs, health data, biometric templates) unless explicitly necessary for a specific feature and disclosed at the point of collection.

3) How we use personal information (purposes)

We process personal information to:

  1. Provide the Services: create and manage accounts, authenticate users, fulfill orders, deliver features, provide support.

  2. Improve & secure the Services: debugging, monitoring, analytics, research, testing, and developing new features; detecting, preventing, and responding to security incidents and abuse.

  3. Personalize experiences: remember settings, tailor content, recommend features.

  4. Communicate with you: service notices, transactional messages, security alerts, and—with your consent where required—marketing communications.

  5. Compliance & risk management: meet legal obligations, maintain records, enforce agreements, prevent fraud, and protect our rights and users.

  6. Business operations: accounting, auditing, planning, M&A due diligence, and lawful transfers as part of corporate transactions.

  7. AI/ML features (if enabled): operate features that use machine learning. We may use de-identified and aggregated data to improve models and Services. We do not use your customer content to train models in a way that would identify you or your organization unless you give us explicit permission.

4) Legal bases we rely on

Where applicable, our processing relies on one or more of: your consent, contractual necessity, legitimate interests(e.g., service improvement, security), legal obligation, and vital interests (rare).

Canada & Alberta. As of 2025, private-sector privacy in Canada is governed federally by PIPEDA (for commercial activities) and in Alberta by PIPA for provincially regulated private-sector organizations; Bill C-27 (CPPA/AIDA) did not come into force. Justice Laws+2Privacy Commissioner Canada+2

Commercial electronic messages (emails/SMS). We obtain consent and include required identification and unsubscribe mechanisms to comply with CASL. Canada Innovation and Investment Agency+1

If you are in the EEA/UK, we rely on GDPR/UK GDPR legal bases; if you are in California, we honor applicable US state privacy rights (e.g., CCPA/CPRA) as described in Section 11; if you are in Québec, we comply with Law 25 where applicable. Légis Québec

5) When we share personal information

We share information only as needed, including with:

  • Service providers / processors who perform services on our behalf (e.g., cloud hosting, analytics, email, payments, support). They must follow our instructions and protect your information.

  • Enterprise customers (for users provisioned by your employer or organization).

  • Partners and resellers involved in delivering or supporting the Services you use.

  • Legal & safety: to comply with law, enforce agreements, protect rights, investigate fraud/security issues, or respond to lawful requests.

  • Business transfers: as part of a merger, acquisition, financing, or sale of assets (we will ensure continued protection of your information).

We do not sell personal information in the conventional sense. If we engage in targeted advertising or disclose identifiers to ad/analytics partners, that may be considered a “sale”/“share” under certain laws; see Section 11 for opt-out choices.

6) Data retention

We retain personal information for as long as necessary for the purposes described above, to comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and context. We may de-identify or aggregate data and retain it for analytics and product improvement.

7) Security

We use administrative, technical, and physical safeguards designed to protect personal information (e.g., encryption in transit, access controls, logging, least-privilege, secure development practices, vendor reviews, incident response). No method of transmission or storage is 100% secure; your use of the Services is at your own risk.

8) International transfers

We may process and store information in Canada, the United States, and other countries where we or our service providers operate. When we transfer personal information across borders, we implement appropriate safeguards (e.g., contractual clauses, assessments, and supplemental measures) consistent with applicable law.

9) Cookies, SDKs, and similar technologies

We use the following categories:

  • Strictly necessary (required for login, security, and core features)

  • Preferences (remember settings)

  • Analytics & performance (understand how the Services are used)

  • Marketing (measure campaign effectiveness; only with consent where required)

Your choices:

  • Use our cookie banner/manager to set preferences.

  • Adjust browser settings to block/clear cookies (may impact functionality).

  • Some mobile apps allow you to reset or limit ad identifiers.

  • Where supported, we treat Global Privacy Control (GPC) signals as an opt-out of “sale/share” for California users (see Section 11).

10) Your privacy choices

  • Email/SMS marketing: opt-out using the unsubscribe link or by contacting us. (Transactional/service messages may still be sent.)

  • Account settings: update profile information and preferences in-product.

  • Consent withdrawal: where processing is based on consent, you may withdraw it at any time (this won’t affect prior lawful processing).

  • Do Not Track: we currently do not respond to browser DNT signals due to industry variability; use our cookie controls instead.

11) Region-specific disclosures

Canada (PIPEDA) & Alberta (PIPA)

You have the right to request access to your personal information, correct inaccuracies, and challenge our compliance. You may also request information about our use and disclosure of your information and withdraw consent, subject to legal or contractual restrictions. To exercise these rights, see Section 15 (Contact Us). If we cannot resolve your concern, you may contact the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner of Alberta. Justice Laws+1

Québec (Law 25)

If our processing falls under Québec’s Act respecting the protection of personal information in the private sector (Law 25), you may have additional rights, including data portability, transparency about automated decision-making, and breach notifications. Légis Québec

European Economic Area (EEA) & United Kingdom

Subject to GDPR/UK GDPR, you may have rights to access, rectify, erase, restrict, object, portability, and not be subject to a decision based solely on automated processing that produces legal or similarly significant effects. For cross-border transfers, we use appropriate safeguards.

United States (e.g., California)

If you are a California resident, you may have rights under CCPA/CPRA to know/access, correct, delete, and opt-out of sale/share of personal information, and to limit use/disclosure of sensitive personal information. We will not discriminate against you for exercising your rights. You can submit a rights request or opt-out using our controls in the product or by contacting us (Section 15).

12) Children’s privacy

Our Services are intended for use by organizations and individuals 16 years or older. We do not knowingly collect personal information from children under the age required by applicable law without verifiable parental consent. If you believe a child provided us personal information, contact us and we will take appropriate steps to delete it.

13) Automated decision-making & AI

Some features may use algorithms or machine learning to provide recommendations, insights, or automation. We do notengage in solely automated decisions that produce legal or similarly significant effects without appropriate human review, transparency, and lawful basis. For enterprise customers, AI features can be configured or disabled according to contract.

14) Third-party links & services

The Services may link to third-party websites, SDKs, or integrations (e.g., identity providers, payment gateways, analytics). We are not responsible for their privacy practices. Review their policies before providing information.

15) How to exercise your rights or contact us

Submit a privacy request or ask a question:
Email: privacy@laflorsolutions.com
Mail: Privacy Officer, Laflor Solutions Inc., Edmonton, Alberta, Canada

For security, we may need to verify your identity and request additional information. Authorized agents may submit requests where allowed by law with valid authorization.

16) Data for business customers

Where Laflor acts as a processor/service provider on behalf of an enterprise customer, we process personal information under their instructions and contract. The enterprise (controller/business) is responsible for handling individual rights requests; we will assist as required by the agreement and applicable law.

17) CASL compliance (commercial messages in Canada)

We obtain appropriate consent before sending commercial electronic messages (CEMs) to Canadians, include sender identification, and provide a functional unsubscribe mechanism. You can opt-out at any time via the link in our messages or by contacting us. Canada Innovation and Investment Agency+1

18) Data breaches & notifications

We maintain incident response procedures. If we determine a breach creating a real risk of significant harm (or as otherwise required by law), we will notify affected individuals and regulators as required.

19) Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the Services or email. Your continued use of the Services after an update means you accept the revised policy.

20) Additional information for developers & telemetry

If you use our SDKs/APIs, we may collect anonymized/aggregated diagnostics (e.g., latency, error rates) to maintain reliability and security. You may disable certain telemetry where controls are provided, understanding that some telemetry is strictly necessary for security and abuse prevention.

21) Language & interpretation

This policy is intended to be clear and readable. If translated, the English version controls where permitted by law. Capitalized terms have the meanings given here.

Redefining outsourcing - where excellence and trust unite