Skip to content
Legal

Privacy Policy

Effective Date: May 13, 2026 Last Updated: May 13, 2026 Jurisdiction: Nova Scotia, Canada

1. Data Controller

TidalAI Technologies Inc., Halifax, Nova Scotia. Contact: hello@tidalai.net

2. Data We Collect

  • Account: Email address, phone number, organization name, role
  • Clients & leads you store: Contact info and notes you enter about your own customers — stored under your organization, never shared with other organizations
  • Job content: Job descriptions, photos uploaded by crew, customer signatures, quote/invoice amounts
  • Mobile push tokens: Expo / APNs / FCM tokens used to deliver job and inbox notifications to your devices
  • Technical info: Device ID, IP address, app version, OS version, crash logs
  • Location data: Approximate location only when crew taps "Start travel" on a job; never tracked in background
  • Payment information: Credit card details are entered directly into Stripe — TidalAI never sees raw card numbers

3. Why We Collect Data

  • Facilitate service delivery and payment processing
  • Configure and maintain AI automation workflows
  • Match businesses with appropriate service configurations
  • Send service update notifications
  • Improve platform functionality through analytics
  • Comply with PIPEDA obligations

4. Data Storage

  • All data stored on Canadian servers (Google Cloud Platform — Montreal region)
  • Encrypted in transit using TLS 1.3 and at rest using AES-256
  • Access logged and restricted to authorized personnel only
  • Regular security audits and penetration testing conducted

5. Sharing

Data shared only with:

  • Payment processor: Stripe (card data + transaction history)
  • Database & storage: Supabase (account, clients, job content, photos) — Canada/US regions
  • Push notifications: Expo Push, which forwards to Apple APNs and Google FCM
  • Email + SMS: Resend (transactional email), VAPI / Twilio (voice + SMS)
  • AI features: Anthropic Claude, OpenAI — only the prompt + lead/job context you initiate; no training on your data
  • Analytics: Plausible (aggregate web traffic only — no individual user tracking)
  • Regulators and law enforcement if legally required

6. Analytics Data Collection (Firebase Analytics)

Data Collected:

  • Usage events: page views, button clicks, feature usage patterns
  • Device information: model, OS version, browser version
  • Pseudonymous identifiers: Firebase installation ID
  • Geographic data: country and region (not precise location)
  • Session data: duration, visits, crashes and errors

Usage: Analyze performance, understand user behavior, monitor errors, generate aggregate statistics.

Your Control: Opt out via browser settings; limit tracking through browser privacy controls.

7. Payment Processing (Stripe)

Data Handled by Stripe:

  • Payment card information (entered into Stripe's hosted fields — never touches our servers)
  • Billing address for verification and fraud prevention
  • Transaction history (we receive only the transaction id + status, not card numbers)

Security: Stripe is a PCI DSS Level 1 certified payment processor. Card details are tokenized server-side; TidalAI stores only the resulting token, never raw card numbers.

8. Push Notifications (Expo Push → APNs & FCM)

Data Collected:

  • Expo push token (forwarded to Apple APNs or Google FCM)
  • Device platform (ios / android), app variant (admin / crew)
  • Per-event notification preferences (which categories you've muted)

Types: New leads, quote/invoice updates, job assignments, missed calls, AI-pending actions, completion confirmations.

Your Control: Disable per-category in Profile → Notifications; disable entirely in iOS/Android settings; tokens deleted at logout and on account deletion.

9. Data Retention Periods

Data Type Retention Period
Account informationUntil deletion + 30 days
Transaction/payment records7 years (tax/legal)
Analytics data14 months
Audit/security logs2 years
FCM tokensUntil logout/uninstall

After retention periods, data is securely deleted or anonymized.

10. Your Rights

Under Canadian privacy law (PIPEDA):

Right to Access

Request copies of all personal data within 30 days; receive in machine-readable format.

Right to Correction

Request correction of inaccurate data; update through your account or contact us.

Right to Deletion

Delete your account directly inside the mobile app (Profile → Account → Delete Account) or by emailing hello@tidalai.net. Account-level data is purged within 30 days; transaction records retained 7 years for tax/legal obligations.

Right to Data Portability

Receive data in JSON or CSV format; transfer to another provider where feasible.

Right to Withdraw Consent

Withdraw optional data processing consent anytime.

How to Exercise Rights:

Response timeline: 30 days. File complaints with the Office of the Privacy Commissioner of Canada or Nova Scotia Privacy Commissioner.

11. Breach Notification

  • Affected users notified within 72 hours of discovery
  • Office of the Privacy Commissioner notified as required
  • Clear information provided about affected data and protective steps

12. Changes to This Policy

Updates communicated via email, in-app notification, and date updates. Continued use constitutes acceptance.

13. Contact Us

Email: hello@tidalai.net

Address: TidalAI Technologies Inc., Halifax, Nova Scotia, Canada