Privacy Policy
Effective date: June 28, 2026. The authoritative current version and effective date are shown in the version stamp at the foot of this page.
This Privacy Policy applies to Joel & Nanz Inc. (“Joel & Nanz,” “we,” “us,” “our”) and to all Maple-branded products, websites, and services we own and operate (collectively, the “Services”). Joel & Nanz Inc. is a private corporation based in New Brunswick, Canada.
Compliance: This policy is designed to comply with Canada’s federal Personal Information Protection and Electronic Documents Act (PIPEDA) and with Quebec’s Law 25 (the Act to modernize legislative provisions as regards the protection of personal information, formerly Bill 64, also known as Loi 25), as well as substantially similar provincial privacy legislation. It reflects the ten PIPEDA fair information principles and the enhanced obligations introduced by Quebec Law 25.
1. Accountability and our Privacy Officer
Joel & Nanz Inc. is responsible for the personal information under its control. In accordance with PIPEDA Principle 1 (Accountability) and the Quebec Law 25 requirement to designate a person in charge of the protection of personal information, we have appointed a Privacy Officer:
- Privacy Officer: Joel Gathercole, Joel & Nanz Inc.
- Email: [email protected]
- Mail: Joel & Nanz Inc., New Brunswick, Canada
Our Privacy Officer oversees our privacy program, responds to access and correction requests, manages confidentiality incidents, and handles complaints. Where we transfer personal information to service providers, we remain accountable for it and use contractual and other safeguards to ensure a comparable level of protection.
2. Purposes for collecting personal information
In accordance with PIPEDA Principle 2 (Identifying Purposes) and Quebec Law 25, we identify the purposes for which personal information is collected at or before the time of collection. We collect, use, and disclose personal information for the following purposes:
- Creating and administering accounts and authenticating users;
- Providing, operating, maintaining, and improving the Services;
- Processing payments, billing, and subscription management;
- Providing customer support, troubleshooting, and communicating with you;
- Security, fraud prevention, abuse detection, and protecting our systems and users;
- Meeting legal, regulatory, tax, and accounting obligations; and
- With your consent, sending marketing or promotional communications (which you may decline at any time).
We will not use personal information for new purposes that are incompatible with those identified above without obtaining your further consent, except where permitted or required by law.
3. Consent
In accordance with PIPEDA Principle 3 (Consent) and Quebec Law 25, we obtain your consent to collect, use, or disclose your personal information, except where the law permits or requires us to act without consent. Consent may be express or implied depending on the sensitivity of the information and the circumstances.
- Express consent is obtained where required, including for the collection or use of sensitive personal information and for certain disclosures.
- Confidentiality by default: consistent with Quebec Law 25, the privacy settings of our Services that apply to the public are configured to provide the highest level of confidentiality by default, without any action required on your part.
- Withdrawal: you may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, by contacting our Privacy Officer. Withdrawing consent may limit or end our ability to provide certain Services.
4. Limiting collection
In accordance with PIPEDA Principle 4 (Limiting Collection) and the data-minimization expectations of Quebec Law 25, we limit the collection of personal information to what is necessary for the purposes identified above, and we collect it by fair and lawful means.
5. Information we collect
- Account data: contact information (such as name, email, phone, business details) and login credentials;
- Usage data: logs, device and browser information, IP address, and telemetry;
- Content you provide: uploads, support tickets, form inputs, call and message records where applicable;
- Payment information: billing details processed through our payment processors (see Section 7);
- Third-party integration data where you authorize a connection.
6. How we use and limit use, disclosure, and retention
In accordance with PIPEDA Principle 5, we use and disclose personal information only for the purposes for which it was collected (Section 2), except with your consent or as required by law, and we retain it only as long as necessary to fulfill those purposes (see “Data Retention” below).
7. Sharing and service providers (sub-processors)
We do not sell your personal information. We share it only as needed to operate the Services, and we describe our service providers by category to protect the confidentiality of our supply chain while remaining transparent about how your information is handled:
- Third-party cloud infrastructure providers (hosting, storage, networking, and communications) that operate our platform under contractual safeguards;
- Third-party AI service providers that process certain inputs and outputs to deliver AI-enabled features, under contractual confidentiality and security commitments;
- Payment processors that handle billing and transactions. Where relevant, these may include Stripe, Rotessa, and Interac, each of which processes payment information under its own terms and security standards;
- Professional advisors and legal/regulatory authorities where required or permitted by law; and
- A successor entity in connection with a merger, acquisition, or asset sale, with notice where required by law.
We require our service providers to protect personal information with safeguards comparable to our own and to use it only for the purposes of providing services to us.
8. Data transfers and processing outside Quebec and Canada
We are a Canadian company and host customer data in Canada. However, some of our service providers (including certain cloud infrastructure and AI service providers) may store or process personal information outside Quebec or outside Canada. In accordance with Quebec Law 25, before transferring personal information outside Quebec we assess whether it would receive adequate protection, taking into account the sensitivity of the information, the purposes, the safeguards in place, and the legal framework of the destination jurisdiction.
Where personal information is processed outside your province or country, it may be subject to the laws of those jurisdictions, including lawful access by courts, law enforcement, and government authorities. We use contractual, technical, and organizational safeguards designed to provide an adequate and comparable level of protection. You may contact our Privacy Officer for more information about cross-border transfers.
9. Automated decision-making and AI
Some Services use artificial intelligence and automation. In accordance with Quebec Law 25, where we use your personal information to render a decision based exclusively on automated processing, we will inform you of that fact and, on request, of: the personal information used to make the decision; the reasons and the principal factors that led to the decision; and your right to have the information corrected. You also have the right to submit observations to a member of our staff who is able to review the decision.
More generally, AI features may process your inputs and outputs through third-party AI service providers under contractual safeguards. Please do not submit regulated or highly sensitive data to AI features unless your plan and agreements explicitly permit it.
10. Cookies, tracking, and consent
We use cookies, logs, and similar technologies for authentication, session continuity, analytics, and product improvement. Where required by law, we obtain consent for non-essential cookies and tracking technologies. You can control cookies through your browser settings; disabling some cookies may limit certain features. Technologies that collect identifiers for purposes such as profiling or analytics are activated only in accordance with applicable consent requirements.
11. Accuracy
In accordance with PIPEDA Principle 6 (Accuracy), we keep personal information as accurate, complete, and up to date as is necessary for the purposes for which it is used. You can help us by keeping your account information current and by requesting corrections (see Section 14).
12. Safeguards and security
In accordance with PIPEDA Principle 7 (Safeguards) and Quebec Law 25, we implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including access controls, encryption in transit, and logging. No system is completely secure; you are responsible for safeguarding your credentials and configurations.
13. Openness
In accordance with PIPEDA Principle 8 (Openness), we make our privacy practices readily available. This policy, the identity and contact information of our Privacy Officer, and the means to exercise your rights are published here and kept current.
14. Your privacy rights
Subject to legal limits, and in accordance with PIPEDA Principle 9 (Individual Access) and Quebec Law 25, you have the right to:
- Access the personal information we hold about you and be informed of how it is used and disclosed;
- Correction of personal information that is inaccurate, incomplete, or out of date;
- Withdraw consent to the collection, use, or disclosure of your personal information;
- Data portability — to receive the computerized personal information you provided to us in a structured, commonly used technological format, where required by Quebec Law 25;
- De-indexing, deletion, or cessation of dissemination — to request that we stop disseminating your personal information or that hyperlinks to it be de-indexed where the conditions under Quebec Law 25 are met; and
- Object or complain regarding our handling of your personal information.
To exercise any of these rights, contact our Privacy Officer at [email protected]. We will respond to verified requests within the timeframes required by law (generally within 30 days). We may need to verify your identity before acting on a request.
15. Confidentiality incidents and breach notification
We maintain procedures to detect, contain, and respond to security and privacy incidents. In accordance with PIPEDA and Quebec Law 25, if a confidentiality incident (such as unauthorized access, use, disclosure, or loss of personal information) creates a risk of serious injury, we will take reasonable measures to reduce the risk, notify affected individuals, and notify the relevant regulator(s) — the Office of the Privacy Commissioner of Canada and/or Quebec’s Commission d’accès à l’information (CAI) — as required. We maintain a register of confidentiality incidents as required by Quebec Law 25.
16. Retention and destruction
In accordance with PIPEDA Principle 5 and Quebec Law 25, we retain personal information only as long as necessary to fulfill the purposes for which it was collected and to meet legal obligations, after which it is securely destroyed or anonymized. Specific retention windows are set out in the “Data Retention” section below; financial and legal-acceptance records are generally retained for seven (7) years to meet Canadian legal and tax obligations.
17. Challenging compliance and complaints
In accordance with PIPEDA Principle 10 (Challenging Compliance), you may direct any question or complaint about our handling of personal information to our Privacy Officer at [email protected]. If you are not satisfied with our response, you may contact:
- The Office of the Privacy Commissioner of Canada (OPC) — priv.gc.ca; and
- For Quebec residents, the Commission d’accès à l’information du Québec (CAI) — cai.gouv.qc.ca.
18. Children
The Services are not directed to children under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact our Privacy Officer and we will take appropriate steps to delete it.
19. Changes to this policy
We may update this Privacy Policy from time to time. We review it periodically and update the effective date and version stamp when changes are made. A formal external legal review is conducted periodically; this policy reflects our good-faith compliance efforts and is not a certification of compliance. Material changes will be communicated where required by law.
20. Contact
Privacy questions or requests: [email protected]. General support: [email protected].