top of page

HazTrack Inc. Privacy Policy

Version: 2.0 

Effective Date: April 2026 

Last Updated: April 2026 

Privacy Officer: Cauani Castro, Co-Founder & CTO

Continue below for important information...

1. Introduction 

HazTrack Inc. ("HazTrack," "we," "us," or "our") is committed to protecting the privacy and security of your information. This Privacy Policy governs the collection, use, disclosure, and retention of data when you access or use our website (www.haztrack.ca), the Software Dashboard, our installation mobile applications, and related Services (collectively, the "HazTrack System"). 

HazTrack is headquartered in Calgary, Alberta, Canada, and operates in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Act respecting the protection of personal information in the private sector (Law 25 / Bill 64), and other applicable privacy legislation in the jurisdictions in which we operate. 

By using our Services, you agree to the collection and use of information in accordance with this policy. 

2. Information We Collect

We collect information necessary to provide our tank monitoring and logistics services. This includes: 

 

2.1 Customer Data 

We collect "Customer Data" in the course of providing our Services, which includes: 

  • Operational Data: Tank fill levels, sensor readings, and geolocation data transmitted by Deployed Sensors. 

  • Site Information: Locations, addresses, and specific details regarding Installation Sites. 

  • Contact Information: Names, email addresses, and phone numbers of authorised users designated by the Customer. 

 

2.2 Usage and Device Information 

When you use our Software Dashboard or installation app, we may automatically collect: 

  • Log Data: IP addresses, browser type, and access times. 

  • Device Telemetry: Device metadata on health, performance, and other metrics. 

  • App Analytics: Crash reports and performance data to improve the stability of our installation tools. 

3. How We Use Your Information

We use the collected information for the following purposes: 

  • Provision of Services: To visualise tank levels on the Software Dashboard, send alerts, and manage the connectivity of Deployed Hardware. 

  • Support and Maintenance: To diagnose technical issues, provide virtual support, and facilitate the replacement of hardware. 

  • Billing: To calculate Monthly Service Fees based on Service Tiers and Deployed Sensor counts. 

  • Communication: To send service notifications, updates, and installation guides. 

  • Aggregated Analytics: We may use Customer Data in an aggregated and anonymized format, removing all personal and Customer identifiers, to improve our algorithms, enhance the Services, and for industry reporting. No individual customer or site can be identified from this aggregated data. 

4. Data Sharing and Disclosure 

We do not sell your personal information or Customer Data. We may share information only in the following circumstances: 

  • Service Providers: We engage trusted third-party vendors (e.g., cloud hosting providers, cellular connectivity partners) to assist in delivering the Services. These providers are bound by confidentiality obligations no less protective than those in this policy. 

  • Legal Requirements: We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency). 

  • Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, Customer Data may be transferred as part of that transaction, subject to the terms of this policy. 

HazTrack will not share Customer Data with any third party for marketing or commercial purposes without the prior written consent of the Customer. 

5. Data Security 

We implement and maintain commercially reasonable administrative, physical, and technical safeguards to protect the security, confidentiality, and integrity of your data. These include: 

  • Encryption of data in transit; encryption of data at rest

  • Role-based access controls and least-privilege access policies 

  • Continuous infrastructure monitoring and intrusion detection 

  • Regular vulnerability scanning and timely patching of identified vulnerabilities 

While we strive to use commercially acceptable means to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. In the event of a confirmed data breach affecting your personal information, HazTrack will notify affected customers and relevant regulatory authorities in accordance with our applicable policies and applicable law. 

6. Data Retention 

HazTrack retains different categories of data for defined periods based on operational necessity, legal obligations, and customer contract terms. The following retention schedule applies:

  • Sensor & operational data (tank readings, fill levels, geolocation): 24 months rolling retention. Trigger: Automated deletion beyond 24 months; full deletion within 30 days of account termination.

  • Customer personal data (names, emails, contact information): Duration of active account. Trigger: Deleted within 30 days of account termination upon written request.

  • Security & audit logs (access logs, CloudTrail, incident records): 12 months retention. Trigger: Automated deletion at 12 months unless a legal hold applies.

  • Backup data: 90 days retention. Trigger: Automated rotation per backup schedule.

  • Incident records: 12 months post-closure. Trigger: Manual review before deletion; extended if required by law or legal proceedings.

Upon termination of the Service, HazTrack will, within a commercially reasonable timeframe, allow Customer to export its Customer Data from the Software Dashboard or, if export is not feasible, return or securely delete all Customer Data in its possession, subject to legal or regulatory retention requirements.

7. Data Residency & International Transfers

HazTrack is headquartered in Calgary, Alberta, Canada. Customer Data is primarily stored on AWS infrastructure located in the United States, with redundancy and backups maintained in Canadian regions.

Where Customer Data is transferred outside of Canada, HazTrack ensures compliance with PIPEDA, Quebec's Law 25, and other applicable privacy legislation. This includes conducting Privacy Impact Assessments (PIAs) for cross-border transfers where required and implementing appropriate safeguards, such as Standard Contractual Clauses or equivalent legal mechanisms. HazTrack does not transfer Customer Data to jurisdictions that fail to provide a comparable level of protection without these additional protections in place.

We recognize that some organizations have strict data sovereignty needs. Customers can request specific tenancy or dedicated hosting arrangements; please contact us to discuss available data residency options.

8. Breach Notification

In the event of a confirmed data breach that poses a real risk of significant harm to individuals, HazTrack will:

  • Notify affected customers within 72 hours of confirming the breach.

  • Report the breach to the Office of the Privacy Commissioner of Canada (OPC) under PIPEDA as soon as feasible.

  • Report the breach to the Commission d'accès à l'information du Québec (CAI) within 72 hours under Law 25, where applicable.

  • Notify any other applicable regulatory authorities within the timeframes required by their respective jurisdictions.

Breach notifications to customers will include a description of what occurred, what data was affected, what steps HazTrack has taken in response, and what customers can do to protect themselves. Full details of HazTrack's breach notification process are set out in our policies.

9. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information held by HazTrack:

  • Right of access: Request a copy of the personal information we hold about you.

  • Right to correction: Request that we correct inaccurate or incomplete personal information.

  • Right to deletion: Request that we delete your personal information, subject to legal retention requirements.

  • Right to withdraw consent: Withdraw consent to the collection or use of your personal information at any time, where processing is based on consent.

  • Right to complain: Lodge a complaint with the applicable privacy regulator in your jurisdiction.

To exercise any of these rights, please contact our Privacy Officer using the information in Section 10 below. We will respond to all requests within 30 days, or within the timeframe required by applicable law. Customers located in Quebec have additional rights under Law 25, including the right to data portability and the right to be informed of automated decision-making processes that affect them. HazTrack does not use automated decision-making in a manner that produces legal or similarly significant effects on individuals.

10. Regulatory Compliance

HazTrack operates in compliance with the following applicable privacy legislation and frameworks:

  • PIPEDA (Personal Information Protection and Electronic Documents Act): Jurisdiction: Canada (Federal). Position: Fully applicable - HazTrack is a Canadian company processing personal information in the course of commercial activity.

  • Law 25 / Bill 64 (Act respecting the protection of personal information in the private sector): Jurisdiction: Quebec, Canada. Position: Applicable - HazTrack processes personal information of Quebec residents and operates with Quebec-based enterprise customers.

  • GDPR (General Data Protection Regulation): Jurisdiction: European Union. Position: Monitored - not directly applicable to current operations, which are Canada/US focused. HazTrack maintains awareness and will implement required controls if EU data subjects are onboarded.

  • CCPA (California Consumer Privacy Act): Jurisdiction: California, USA. Position: Monitored - applicable if California residents' personal information is processed. HazTrack's US operations are reviewed for CCPA applicability on an ongoing basis.

11. Policy Maintenance & Review

This Privacy Policy is reviewed annually by the Privacy Officer, or immediately following any material change to HazTrack's data practices, applicable law, or regulatory guidance. We will notify customers of material changes to this policy by posting the updated version on our website and, where appropriate, by direct communication.

Revision History:

  • Version 1.0 (June 2025): Initial Privacy Policy published. Owner: HazTrack Inc.

  • Version 2.0 (April 2026): Added explicit PIPEDA and Law 25 references, defined data retention schedule, added breach notification section, named Privacy Officer, added regulatory compliance table, added data residency section.

12. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or HazTrack's handling of your personal information, please contact our Privacy Officer:

bottom of page