DayAlign Website - Privacy Policy (Canada)

Privacy posture: This Policy aligns with Canada’s PIPEDA and substantially similar provincial laws (AB PIPA, BC PIPA) and notes requirements relevant to Québec (Law 25). We also describe CASL practices for website-driven email/SMS programs.

1) Personal information we collect on the Site

• Contact & inquiry data: name, business contact details, clinic/shop name, role, and the contents of your message.
• Demo/booking data: appointment preferences, availability, and related logistics (non-PHI).
• Marketing preferences: newsletter sign-ups, event registrations, consent timestamps and method.
• Technical data: IP address, device/browser, pages viewed, referral URLs, timestamps, and cookie/SDK identifiers.
• Support & community: comments, feedback, survey responses.
• Do not submit: PHI, government IDs, payment card data, or other sensitive information via general Site forms.

2) Purposes (Identifying purposes)

We use Site personal information to: (a) respond to inquiries and provide demos; (b) operate, secure, and improve the Site; (c) measure and analyze performance; (d) send administrative communications; (e) send marketing communications where permitted by CASL; (f) prevent fraud and abuse; and (g) comply with law.

3) CASL practices for website marketing

• Consent: We obtain express consent for marketing where required (separate from Terms acceptance); implied consent may apply for business inquiries for limited periods, subject to relevance.
• Identification & unsubscribe: Each CEM includes our business name, mailing address, and a contact method (or a conspicuous link), and a functional unsubscribe/STOP processed within required timelines and valid for at least 60 days.
• Record-keeping: We keep consent/unsubscribe logs (timestamp, method, source, disclosure text version) to support due diligence.

4) Cookies, analytics & similar technologies

We use necessary cookies for Site operation and may use optional analytics/advertising cookies or SDKs. Where required (e.g., Québec Law 25), we present choices for non-essential cookies. You can manage cookies via your browser and through our cookie banner/preferences center.

• Strictly necessary: security, load-balancing, session management.
• Analytics: usage measurement, error diagnostics.
• Advertising/retargeting (optional): only with your consent.

5) Do Not Track & Global Privacy Control

We honor browser-level signals where technologically feasible and treat them as opt-outs for non-essential tracking.

6) Sharing and transfers

We share Site personal information with: (a) vendors (hosting, analytics, email, CRM, forms, scheduling, anti-abuse); (b) professional advisors; and (c) authorities when legally required.

Cross-border processing: Personal information may be processed in Canada, the United States, or other countries. We use contractual and security measures to provide a comparable level of protection. For Québec, we disclose that data may be communicated outside Québec and perform transfer assessments where required.

Subprocessors/Vendors (categories & examples): Cloud hosting & CDN; email/SMS delivery; form capture; analytics; customer support; error monitoring. Feel free to request the Subprocessors list at hello@dayalign.com

7) Retention

• Inquiry & demo records: typically 24 months after last interaction, unless longer is needed for legal/compliance reasons.
• Marketing consent & unsubscribe logs: retained as necessary to demonstrate compliance (recommended ≥36 months after last CEM).
• Security logs: retained as needed for security and audit.
• When no longer needed, we delete or de-identify information.

8) Security

We maintain administrative, technical, and physical safeguards appropriate to the sensitivity of information, including encryption in transit, access controls, and monitoring. No method is 100% secure; please use discretion when submitting information online.

9) Breach records & notifications

We keep records of all security breach incidents for at least 24 months. If an incident presents a real risk of significant harm, we will notify affected organizations/individuals and the appropriate regulators, as required by law.

10) Your choices & rights

• Marketing: Unsubscribe using the link in emails or reply STOP for SMS. You can also contact us to adjust preferences.
• Access & correction: You may request access to or correction of your personal information. We may need to verify your identity.
• Cookies: Manage via your browser and our cookie banner/preferences center.
• Québec (Law 25): If we use decisions made exclusively by automated processing that have significant impact, we will provide information about the decision factors and a way to have it reviewed by a person.

11) Children

The Site is intended for business users and is not directed to children under 13. We do not knowingly collect personal information from children via the Site.

12) Changes to this Policy

We may update this Policy to reflect changes to our practices or legal requirements. We will post the updated version with a new effective date and, for material changes, provide notice on the Site.

13) Contact us (Privacy Officer)

Privacy Officer: Parth Patel

Email: hello@dayalign.com

Mail: 786 Paris Blvd. Waterloo Ontario Canada.

If your concern is not resolved, you may contact the Office of the Privacy Commissioner of Canada or your provincial privacy regulator (e.g., Commission d’accès à l’information in Québec).

14) Service-specific privacy

If you are a DayAlign customer or end-user of the Service, please see the Service Privacy Policy and the Service Terms mentioned in the Service Agreement Contract signed with DayAlign Customers (which address processor/agent roles, PHIPA support, CASL tooling, retention controls, and security commitments specific to the Service).