Privacy Policy
Privacy Policy
Effective 2026-05-26
This Privacy Policy describes how BrinkOps Service ("BrinkOps", "we", "us", "our") collects, uses, and protects personal information. We are an Alberta-based business and comply with the Personal Information Protection and Electronic Documents Act (PIPEDA).
1. Information We Collect
From you (the business owner)
- Account information: name, email, password (hashed), business name, business type, phone number.
- Payment information: handled by Stripe; we store only a Stripe customer ID, not your card details.
- Usage information: pages visited, features used, IP address, browser type, device information.
- Photos you capture or upload to attach to jobs, quotes, and invoices.
- Push notification device tokens, if you enable notifications in the mobile app.
- Communications: support emails, in-app messages, customer-service interactions.
From your customers (people you contact through BrinkOps)
When you use BrinkOps to manage your own customers, you upload their personal information (name, phone, email, address, job history, etc.). You are the data controller for that information; BrinkOps acts as a data processor. You are responsible for obtaining the consents required by law (PIPEDA, CASL, TCPA, GDPR, etc.) before uploading your customers' data or contacting them.
2. How We Use Information
- To provide, operate, maintain, and improve the Service;
- To process payments through Stripe;
- To send transactional emails (account verification, billing, security);
- To send service announcements and, with your consent, marketing updates;
- To respond to support requests;
- To detect, prevent, and address fraud, abuse, or technical issues;
- To comply with legal obligations.
3. How We Share Information
We do not sell personal information. We share it only with the following categories of recipients, and only as necessary to operate the Service:
- Supabase — hosts our database and authentication (servers in the United States and other regions);
- Vercel — hosts our web application (global edge);
- Stripe — payment processing (United States and other regions);
- Resend — transactional email delivery (United States);
- Telnyx — SMS messaging and voice call routing (United States and other regions);
- OpenAI — AI-generated message drafts (where AI features are used);
- Service-area and tax-rate APIs — used for onboarding helpers.
We may also disclose information when required by law, court order, or government request, or to protect our rights, property, or safety (or those of our users or the public).
4. International Data Transfers
Some of our subprocessors are located outside Canada (primarily in the United States). When personal information is transferred outside Canada, it may be subject to the laws of the destination country, including lawful access by foreign government authorities. By using BrinkOps, you consent to these transfers.
5. Data Retention
We retain personal information for as long as your account is active or as needed to provide the Service. After account closure, we retain Customer Data for approximately 90 days in case of restoration requests, then delete it, except where longer retention is required by law (e.g. financial records).
6. Your Rights
Under PIPEDA and other applicable privacy laws, you have the right to:
- Access the personal information we hold about you;
- Request correction of inaccurate or incomplete information;
- Withdraw consent for processing (where consent is the legal basis);
- Request deletion of your personal information (subject to legal retention requirements);
- Lodge a complaint with the Office of the Privacy Commissioner of Canada or your provincial privacy commissioner.
To exercise any of these rights, email cole@brinkops.io.
7. Security
We use industry-standard security measures including encryption in transit (TLS), encryption at rest for sensitive fields, password hashing (bcrypt), and role-based access controls. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
8. Cookies & Tracking
We use essential cookies (for authentication and session management). We do not use third-party analytics or advertising cookies. You can disable cookies in your browser settings, but doing so may break parts of the Service.
9. Children
BrinkOps is not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact cole@brinkops.ioand we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email and/or in-app notice. The "Effective" date at the top indicates when this version took effect.
11. Contact
Privacy questions or requests? Email cole@brinkops.io.