Privacy Policy
Effective Date: May 11, 2026
PLEASE READ THIS PRIVACY POLICY CAREFULLY. YOUR USE OF THE SERVICE CONSTITUTES YOUR CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED IN THIS POLICY.
1. Introduction and Identity of the Controller
This Privacy Policy ("Policy") is issued by Tactics Digital YYC, a sole proprietorship registered in the Province of Alberta, Canada ("Company," "we," "us," or "our"), and applies to all personal information collected, used, and disclosed in connection with your access to and use of the Lintry website quality assurance and monitoring platform (the "Service"). This Policy is incorporated into and forms part of our Terms of Service. In the event of any conflict between this Policy and the Terms of Service with respect to matters of privacy, this Policy shall govern. We are committed to protecting your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), SC 2000, c 5, and applicable provincial privacy legislation.
2. Personal Information We Collect
We collect only the minimum personal information necessary to provide and operate the Service. The categories of personal information we collect are as follows: (a) Account Information. When you register for the Service, we collect your email address and a password of your choosing. Passwords are stored exclusively in hashed form using bcrypt and are never stored in plain text. We do not collect your name, address, telephone number, or other identifying information unless voluntarily provided in the context of a support request. (b) Scan Data. We collect the URLs and web property addresses you submit to the Service and the resulting scan reports generated therefrom. This data is associated with your account and is not accessible to other users except where you expressly elect to share a report via a public report link. (c) Billing and Payment Information. We collect limited transaction data necessary to administer your subscription, including your plan type and billing history. All payment processing is conducted directly by Stripe, Inc. The Company does not collect, receive, store, or have access to your full credit card number, CVV code, expiry date, or other sensitive payment credentials. For information on Stripe's data practices, please refer to Stripe's Privacy Policy. (d) Usage Data. We collect your plan type and monthly scan count for the purpose of enforcing plan limits and calculating applicable charges. (e) Server Log Data. Our servers automatically record certain technical information in connection with your use of the Service, including your IP address, browser type, referring URL, pages accessed, and the date and time of your requests. Server logs are retained for a maximum period of thirty (30) days and are then permanently deleted. This data is used solely for security monitoring and debugging purposes and is not associated with your account or used to build behavioral profiles. (f) AI Processing Data. The Service includes optional AI-powered features, such as AI-generated explanations of scan findings. Where you use these features, the relevant scan data (such as issue descriptions and URLs) is transmitted in real-time to Anthropic, PBC for processing through the Claude API. Per Anthropic's API terms, data submitted through the API is not retained beyond the immediate request and is not used to train AI models. You can opt out of AI-powered features at any time within your account settings.
3. Information We Do Not Collect
The Company expressly does not collect, use, or process the following categories of information: (a) third-party analytics data (including data collected through Google Analytics, Plausible, Mixpanel, Hotjar, or comparable services); (b) advertising, marketing, or retargeting pixels or tags (including the Facebook Pixel, LinkedIn Insight Tag, Google Ads conversion tags, or comparable technologies); (c) behavioral tracking data, including session replay recordings, heatmaps, scroll tracking, or mouse movement data; (d) cross-site tracking identifiers or third-party cookies; or (e) demographic, interest, or profile data sourced from third-party data brokers or enrichment services.
4. Purposes for Which Personal Information Is Used
Your personal information is used exclusively for the following purposes: (a) to create and maintain your account and authenticate your identity; (b) to provide, operate, and improve the Service; (c) to enforce plan limits and process subscription billing and payments; (d) to deliver transactional communications, including scan alert notifications, billing receipts, account-related notices, and service announcements you have configured or that are necessary to administer your account; (e) to respond to support inquiries and resolve technical issues; and (f) to comply with applicable legal obligations, respond to lawful requests from governmental authorities, and enforce our Terms of Service. We do not send promotional or marketing communications without your express opt-in consent.
5. Cookies and Tracking Technologies
We use only strictly necessary cookies required for the technical operation of the Service. These are: (a) an authentication session cookie issued by Supabase, which maintains your authenticated session while you are logged into the Service; (b) a cross-site request forgery (CSRF) protection token, which defends against unauthorized cross-site request attacks; and (c) a Stripe checkout session cookie, which is used solely during active billing transactions. We do not use advertising cookies, analytics cookies, session replay cookies, or any third-party tracking cookies. Pursuant to the requirements of PIPEDA and the General Data Protection Regulation (EU) 2016/679 ("GDPR"), no cookie consent notice is required for cookies that are strictly necessary for the provision of a service expressly requested by the user. Accordingly, no cookie consent banner is displayed on the Service.
6. Disclosure of Personal Information
We do not sell, rent, trade, or otherwise disclose your personal information to third parties for their own marketing or commercial purposes. We may disclose personal information only in the following limited circumstances: (a) Service Providers. We disclose personal information to the following categories of trusted third-party service providers who process data on our behalf and under our instructions, solely as necessary to deliver the Service: • Database and authentication services (Supabase, Inc.) • Authentication email delivery (delivered through Supabase's infrastructure) • Backend application hosting (Railway Corp.) • Frontend application hosting (Vercel, Inc.) • Payment processing (Stripe, Inc.) • Transactional email delivery (Resend, Inc.) • Bot protection (Cloudflare, Inc. — Turnstile) • AI-powered issue explanations (Anthropic, PBC — Claude API) • URL security evaluation (Google LLC — Safe Browsing API) • URL performance analysis (Google LLC — PageSpeed Insights API) Each service provider is subject to appropriate contractual data protection obligations. (b) Legal Requirements. We may disclose personal information without prior notice where required by applicable law, court order, subpoena, or lawful request by a governmental or regulatory authority, or where disclosure is reasonably necessary to protect the rights, property, or safety of the Company, its users, or the public. (c) Business Transfers. In the event of a merger, acquisition, amalgamation, sale of all or substantially all of the Company's assets, or other corporate transaction, your personal information may be transferred to the successor entity as part of that transaction. Any such transfer will be subject to the terms of this Policy.
7. Data Retention
We retain your account information, project data, and scan history for as long as your account remains active. You may delete individual projects and associated scan reports at any time from within the Service. Server logs are permanently deleted within thirty (30) days of generation. Notwithstanding the foregoing, billing records (including invoices, payment receipts, and transaction history) are retained for a minimum of seven (7) years following the conclusion of the applicable transaction, as required by Canadian tax legislation (Income Tax Act and Excise Tax Act) and applicable foreign tax laws. Such records are retained in pseudonymized form where possible. If your account has not been accessed for twelve (12) or more consecutive months, the Company may classify your account as inactive and permanently delete your account and all data associated therewith, subject to the billing records retention requirement above. The Company will make reasonable efforts to provide advance written notice to the email address on file before any such deletion. To request full account deletion, submit a written request to lintryio@gmail.com. We will permanently delete your account and all associated personal information within thirty (30) days of receiving your request, subject to billing records retention requirements and any other retention obligations required by applicable law.
8. Data Security
We implement commercially reasonable technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures include: (a) Transport Layer Security (TLS) encryption for all data transmitted between your device and the Service; (b) Row-level security enforced at the database layer, ensuring each user can access only their own data; (c) Bcrypt hashing of all user passwords; (d) Secure token-based session authentication; and (e) Bot protection via Cloudflare Turnstile on account registration forms. You acknowledge that no security measure or method of electronic transmission over the Internet is completely secure. The Company cannot guarantee the absolute security of your personal information, and any transmission of personal information is at your own risk.
9. Your Rights
Subject to applicable law, you have the following rights with respect to your personal information: (a) Right of Access. You have the right to request confirmation of whether we hold personal information about you, and to request access to that information. (b) Right of Rectification. You have the right to request that we correct any personal information that is inaccurate or incomplete. (c) Right of Erasure. You have the right to request the deletion of your personal information, subject to any legal retention obligations (including the seven-year billing records retention described in Section 7). (d) Right to Data Portability. You have the right to request a copy of your scan data in a portable format. (e) Right to Withdraw Consent. You may withdraw your consent to our collection and use of your personal information at any time by closing your account. (f) Right to Lodge a Complaint. You have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada or the applicable data protection authority in your jurisdiction. To exercise any of the above rights, submit a written request to lintryio@gmail.com. We will respond within thirty (30) days of receiving your request. We do not sell personal information. There is no "Do Not Sell" opt-out to exercise, but you are welcome to confirm this in writing.
10. International Transfers of Personal Information
The Service is operated from Canada. Some of our infrastructure and service providers process data in Canada, the United States, or the European Union. By using the Service, you consent to the transfer and processing of your personal information in these jurisdictions, which may have data protection laws that differ from those in your jurisdiction of residence. We take reasonable steps to ensure that any cross-border transfers of personal information are made in compliance with applicable privacy law.
11. Children
The Service is not directed at individuals under the age of eighteen (18). We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal information to the Service, we will take prompt steps to delete such information. If you believe that a minor has submitted personal information through the Service, please contact us immediately at lintryio@gmail.com.
12. Accessibility
Individuals with disabilities who are unable to access this Privacy Policy in its current format may contact us at lintryio@gmail.com to request the Policy in an alternative, accessible format.
13. Amendments to This Policy
The Company reserves the right to amend this Privacy Policy at any time. Where a proposed amendment would constitute a material change to the manner in which we collect, use, or disclose personal information, we will notify registered Users by email to the address on file or by a prominent notice within the Service prior to the effective date of the change. Continued use of the Service following the effective date of any amendment constitutes your acceptance of the revised Policy. Prior versions of this Policy are available upon written request.
14. Contact and Privacy Inquiries
For all privacy inquiries, requests to exercise your rights, or concerns regarding our data practices, please contact: lintryio@gmail.com. Tactics Digital YYC — Calgary, Alberta, Canada.