Privacy Policy

Learn About Your Privacy Rights

This Privacy Policy describes how the operator of the website https://authz.ca (“we,” “us,” or “our”) collects, uses, and discloses your information when you use our website (the “Site”).

The Site is currently operated by the founding team as a pre-registration project. Our operational base is in New Westminster, British Columbia, Canada. Upon the formal incorporation of our business, the legal entity will be updated here and will assume responsibility for this policy.

1. Information We Collect

We collect information in the following ways:

• Information You Provide Directly:

  • Contact Inquiries: When you use our contact form, we collect your email address and the content of your message. We use this information solely to respond to your inquiry. We retain this communication for as long as necessary to address your concerns and for our records, but will not use your email address for marketing purposes without your explicit consent.

• Information Collected Automatically:

  • Server Logs: For essential operation, security, and troubleshooting, our hosting provider (Netlify) automatically collects and temporarily logs data from your visit. This data may include your IP address, browser type, operating system, referring pages, and timestamps. These logs are retained for a maximum of 30 days and are not used for profiling or marketing.
  • Analytics Data (With Consent): If you provide consent via our cookie banner, we use Google Analytics to collect anonymized data about your interaction with the Site. This helps us understand usage trends and improve our content and performance. See Section 3 for full details.

2. Legal Basis for Processing (GDPR & PIPA Compliance)

We process your personal information based on the following legal grounds:

• Performance of a Contract: Processing your contact inquiry is necessary to respond to your request.
• Legitimate Interests: Operating, securing, and improving our Site (e.g., using server logs) constitutes our legitimate interest, always balanced against your rights.
• Consent: We rely on your explicit consent for the use of non-essential analytics cookies via Google Analytics. You can withdraw this consent at any time.

3. Google Analytics (Only After Consent)

We use Google Analytics (GA) only if you opt in. Our implementation is configured to minimize data and respect your privacy and sustainability expectations.

How Consent Works

• No GA script is loaded until you click “Accept” on our cookie banner. Declining sets a denial value and suppresses all GA network requests.
• When you accept, we dynamically load the GA library and begin sending anonymized events going forward (no retroactive tracking of past page views).

Privacy Safeguards We Apply

• IP anonymization is enabled (anonymize_ip: true).
• Advertising / cross-site remarketing features are disabled (ad_storage: denied).
• We do not enable Google signals or demographic / interest reporting.
• We do not stitch data with other first-party identifiers.

Data Collected (After Consent) High-level, aggregated usage metrics: page paths, referrers, approximate geography (city/country), device/browser type, session duration, and basic engagement events. We do not collect form contents, exact IP, or any special category data.

Legal Relationship We and Google act as independent controllers for GA data under Google’s Measurement Controller–Controller Data Protection Terms.

Retention We configure GA’s retention setting to the shortest useful period (e.g., 14 months or less) and rely on automatic expiry for older, non-aggregated event data.

Withdrawing Consent

• Delete the analytics_consent cookie in your browser (Developer Tools > Application > Cookies) and reload, OR
• Clear site data, OR
• Use the forthcoming “Cookie Settings” control (when added) to revoke. Upon withdrawal, no further GA requests are made; previously collected aggregated data remains until routine expiry.

Additional Opt-Out Option You can also install the global Google Analytics Opt-out Browser Add-on, which blocks GA across all sites.

4. How We Use Your Information

We use the information we collect to:

• Respond to your inquiries and provide support.
• Ensure the secure and reliable operation of the Site.
• Analyze Site performance and improve user experience.
• Optimize our digital footprint and reduce energy consumption (sustainability).
• Fulfill any legal or regulatory obligations.

We do not use your personal data for automated decision-making, profiling, or targeted advertising.

5. How We Share Your Information

We do not sell, trade, or rent your personal information. We may share it in the following limited circumstances:

• Service Providers: With trusted third parties who provide services on our behalf, such as:
  • Netlify: Our hosting provider, which uses a global CDN designed for efficiency and commits to carbon-conscious operations.
  • Google: For analytics, as described above. These providers are contractually obligated to handle your data securely and only for the purposes we specify.
• Legal Compliance: Where required by law, such as to comply with a subpoena or similar legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets.

6. Data Retention

We retain your information only for as long as necessary to fulfill the purposes outlined in this policy.

• Server Logs: Retained for up to 30 days.
• Contact Form Submissions: Retained for the time needed to resolve your inquiry and for a reasonable period thereafter for record-keeping.
• Google Analytics Data: As per Google’s data retention settings (which you can configure in your Analytics account to automatically delete data after a set period).

7. Your Privacy Rights

Depending on your location, you may have rights under laws like BC’s Personal Information Protection Act (PIPA) and the EU’s General Data Protection Regulation (GDPR), including the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete data.
• Request erasure of your personal information (“the right to be forgotten”).
• Object to or restrict our processing of your data.
• Withdraw your consent at any time (where processing is based on consent).
• Data portability (to receive your data in a structured, machine-readable format).

To exercise any of these rights, please contact us using the details in Section 10.

8. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• HTTPS encryption (via Let’s Encrypt) for all data in transit.
• Secure hosting infrastructure provided by Netlify.
• Minimal data retention policies.
• Internal data access controls.

9. International Data Transfers

Our service providers, like Netlify and Google, operate data centers globally. As a Canadian company, when data is transferred to other countries (including the United States), we ensure it is protected by appropriate safeguards, such as contractual clauses (e.g., Standard Contractual Clauses for GDPR) and the providers’ adherence to privacy frameworks.

10. Children’s Privacy

Our Site is not intended for children under the age of 13. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or the law. We will post any changes on this page and update the “Last Updated” date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us via our Contact page.

Last Updated: September 24, 2025