Privacy Policy

At Blue Crane Works ("Blue Crane", "we", "us", or "our"), we are committed to protecting your privacy and ensuring the security of your personal and business compliance information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you use our web application and services.

This policy complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian provincial privacy laws.

1. Information We Collect

We collect information that you provide directly to us when using the Blue Crane Compliance Vault:

• Account Information: Your name, business name, email address, and phone number provided during account creation.
• Compliance Data: Documents, images, certificates, licenses, and receipts that you upload to the platform for processing and storage.
• Usage Data: Information about how you interact with our platform, including access times, device information, and IP addresses, collected automatically for security and diagnostic purposes.

2. How We Use Your Information

We use the collected information exclusively to provide and improve our core services:

• To extract structured data from your uploaded documents using secure AI parsing algorithms.
• To safely store your compliance ledger and provide real-time status and expiry tracking.
• To send automated notifications (email, SMS, push) regarding document renewals and expirations.
• To authenticate your identity and protect against unauthorized access.
• To provide read-only "Inspector Handoff" views when you explicitly request them.

3. AI Processing & Third-Party Services

Blue Crane utilizes enterprise-grade AI models (Google Cloud Vertex AI / Gemini) to extract structured data from your document uploads. Your data is NOT used to train public AI models. All processing occurs within secure, compliance-certified boundaries.

We rely on trusted infrastructure partners, including Google Cloud Platform (GCP) and Firebase, which are SOC 2 and ISO 27001 certified. Payment processing (if applicable) is handled securely by Stripe.

4. Data Security & Storage

Your trust is our priority. We implement robust security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS 1.2+) and at rest using AES-256 bank-level encryption.
• Access Control: Strict Firestore Security Rules ensure your data is isolated and only accessible by authorized users within your business vault.
• Canadian Operations: While we leverage global cloud infrastructure, we configure our data processing with Canadian compliance in mind.

5. Data Retention & Deletion

We retain your compliance data only as long as your account is active or as needed to provide you services. If you wish to close your account, you have the right to request the complete deletion of your data. Upon request, we will securely purge all uploaded documents and personal information from our active databases within 30 days.

6. Your Rights

Under PIPEDA, you have the right to:

• Request access to the personal information we hold about you.
• Request corrections to any inaccurate or incomplete data.
• Withdraw consent for data processing (which may impact our ability to provide services).
• Request the deletion of your account and associated data.

7. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Officer at:

Email: admin@bluecraneworks.ca
Location: Ontario, Canada