App Privacy Policy

2.2 Location Data

We collect location information when you use the App, subject to your device permissions:

• Precise Location Data: With your explicit consent, we may collect precise geolocation data from your iOS device using GPS, WiFi, cellular data, and other location technologies.
• Approximate Location Data: We may derive approximate location information from your IP address or other technical information.

You can control location permissions through your iOS device settings. Disabling location services may affect certain features of the App that depend on location information.

2.3 Automatically Collected Information

When you access and use the App, we and our third-party service providers may automatically collect certain technical and usage information, including:

• Device information (device type, operating system, unique device identifiers)
• App usage data (features accessed, time spent, interaction patterns)
• Log data (access times, pages viewed, crashes, and system activity)
• Network information (IP address, mobile carrier, connection type)
• Performance data (app performance metrics, error reports)

2.4 Information from Third-Party Services

We use Firebase, a third-party service provided by Google LLC, to support various App functionalities. Firebase may collect and process information on our behalf as described in Section 6 of this Privacy Policy.

 

3. How We Use Your Information

We collect and use your personal information only for identified purposes and with your consent, as required by PIPEDA. We use the information we collect for the following purposes:

3.1 To Provide and Maintain the App

• Create and manage your user account
• Authenticate your identity and verify your credentials
• Enable access to App features and functionality
• Process and respond to your requests and inquiries
• Provide customer support and technical assistance
• Maintain the security and integrity of the App

3.2 To Improve and Personalize Your Experience

• Analyze usage patterns and trends to improve App performance
• Customize content and features based on your preferences
• Develop new features, products, and services
• Conduct research and analytics to enhance user experience
• Optimize App functionality based on location data

3.3 To Communicate with You

• Send you administrative messages, updates, and notifications
• Respond to your comments, questions, and support requests
• Provide important notices about changes to the App or our policies
• Send you technical alerts and security notifications

3.4 For Security and Legal Purposes

• Detect, prevent, and address technical issues, fraud, and security threats
• Monitor and analyze security incidents and vulnerabilities
• Enforce our Terms of Service and other legal agreements
• Comply with legal obligations and respond to lawful requests
• Protect the rights, property, and safety of EN3, our users, and others
• Investigate and prevent prohibited or illegal activities

3.5 For Business Operations

• Maintain business records and conduct internal audits
• Perform data analysis, testing, and quality assurance
• Conduct business planning and forecasting
• Manage and improve our business operations

We limit our collection, use, and disclosure of personal information to what is necessary to fulfill these identified purposes. If we wish to use your personal information for a new purpose not originally identified, we will seek your consent before doing so, unless the new use is required or permitted by law.

 

4. Legal Bases for Processing (Consent and Exceptions)

Under PIPEDA, we generally obtain your consent before collecting, using, or disclosing your personal information. Your consent may be express or implied depending on the sensitivity of the information and the reasonable expectations in the circumstances.

4.1 Express Consent

We obtain express consent for:

• Collection and use of location data
• Collection of personal information during account registration
• Sharing personal information with third-party service providers
• Any uses beyond those necessary to provide the core App services

4.2 Implied Consent

In certain circumstances where you would reasonably expect us to collect, use, or disclose your personal information, we may rely on implied consent, such as:

• Using your email address to respond to your inquiry
• Collecting technical data necessary for App functionality
• Using your information to provide services you have requested

4.3 Exceptions to Consent Requirements

PIPEDA permits collection, use, or disclosure of personal information without consent in specific circumstances, including when:

• It is clearly in your interest and consent cannot be obtained in a timely way
• It is reasonable to expect that obtaining consent would compromise an investigation or proceeding
• The information is publicly available as specified in regulations
• It is required or authorized by law
• It is necessary for fraud prevention or security purposes
• Emergency situations exist that threaten life, health, or security

4.4 Withdrawing Consent

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. To withdraw consent, please contact us using the contact information in Section 1. We will inform you of the implications of withdrawing consent, which may include our inability to provide certain services or features that depend on that information.

 

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances and in accordance with PIPEDA requirements:

5.1 Service Providers

We engage trusted third-party service providers to perform functions and provide services on our behalf. These service providers have access to personal information only as needed to perform their functions and are contractually obligated to:

• Use personal information only for the purposes for which it was disclosed
• Maintain appropriate security safeguards
• Not disclose the information to unauthorized parties
• Comply with applicable privacy laws

Our service providers include Firebase (Google LLC) for analytics, authentication, database, and hosting services as detailed in Section 6.

5.2 Business Transfers

If EN3 is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your personal information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy. The acquiring organization will be required to handle your personal information in accordance with this Privacy Policy unless you consent to a new privacy policy.

5.3 Legal Requirements and Protection of Rights

We may disclose your personal information if required or permitted by law, including to:

• Comply with legal obligations, court orders, or lawful requests from government authorities
• Enforce or apply our Terms of Service and other agreements
• Protect the rights, property, or safety of EN3, our users, or others
• Detect, prevent, or address fraud, security, or technical issues
• Respond to claims that content violates the rights of third parties
• Investigate potential violations of law or our policies

5.4 With Your Consent

We may share your personal information with third parties when we have your express consent to do so.

5.5 Aggregated and De-Identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This information is not considered personal information under PIPEDA and may be shared without restriction for analytics, research, or other purposes.

 

6. Third-Party Services

The App integrates Firebase services provided by Google LLC, a company located in the United States. Firebase provides various backend services including analytics, authentication, cloud storage, and hosting infrastructure.

6.1 Firebase Services

Firebase may collect and process the following information on our behalf:

• Device identifiers and hardware information
• Operating system and version information
• App usage statistics and analytics data
• Crash reports and performance data
• Authentication credentials and user identifiers
• Data you input into the App that is stored in Firebase databases

6.2 Data Processing and Transfer

Firebase processes data in accordance with Google’s privacy policies and practices. By using the App, you acknowledge and consent to the transfer of your personal information to Firebase servers, which may be located outside of Canada, including in the United States. When your information is transferred outside Canada, it is subject to the laws of the foreign jurisdiction and may be accessible to law enforcement and national security authorities in that jurisdiction.

We have taken steps to ensure that Firebase provides an adequate level of protection for your personal information, including:

• Reviewing Firebase’s security and privacy practices
• Entering into data processing agreements that require appropriate safeguards
• Ensuring Firebase complies with applicable privacy principles
• Limiting data transfers to what is necessary for the identified purposes

6.3 Third-Party Privacy Policies

Firebase’s data practices are governed by Google’s Privacy Policy, available at https://policies.google.com/privacy. We encourage you to review Google’s privacy practices. While we select service providers carefully and require them to protect your information, we are not responsible for the privacy practices of third-party services.

6.4 Firebase Analytics

Firebase Analytics collects usage and behavior data to help us understand how users interact with the App. You can opt out of Firebase Analytics through your device settings or by contacting us to disable analytics for your account.

 

7. Data Security

We implement and maintain appropriate technical, physical, and organizational security measures to protect your personal information against unauthorized access, collection, use, disclosure, copying, modification, disposal, loss, theft, and other security threats. Our security safeguards are proportionate to the sensitivity of the information and include:

7.1 Technical Safeguards

• Encryption of data in transit using industry-standard protocols (TLS/SSL)
• Encryption of sensitive data at rest
• Secure authentication mechanisms and access controls
• Regular security assessments and vulnerability testing
• Firewalls and intrusion detection systems
• Secure software development practices
• Regular security updates and patches

7.2 Physical Safeguards

• Restricted access to facilities where personal information is stored
• Secure disposal of physical records containing personal information
• Environmental controls to protect equipment and data

7.3 Organizational Safeguards

• Confidentiality agreements with employees and contractors
• Access to personal information limited to authorized personnel on a need-to-know basis
• Privacy and security training for staff who handle personal information
• Clear policies and procedures for handling personal information
• Incident response plans for data breaches and security incidents
• Regular audits and monitoring of security practices

7.4 Third-Party Security

We require our service providers, including Firebase, to implement appropriate security measures to protect your personal information. We use contractual and other means to ensure third parties provide a comparable level of protection.

7.5 Limitations of Security

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account. Please notify us immediately of any unauthorized use of your account.

7.6 Security Breach Notification

In the event of a data breach involving personal information that poses a real risk of significant harm to individuals, we will:

• Notify affected individuals as soon as feasible
• Report the breach to the Privacy Commissioner of Canada as required by law
• Provide information about the breach, the risks, and steps you can take to mitigate harm
• Maintain records of all breaches involving personal information

 

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by law. Our retention practices are guided by the following principles:

8.1 Retention Periods

• Account Information: We retain your name, email address, and phone number for as long as your account is active and for a reasonable period thereafter to facilitate account reactivation or to comply with legal obligations.
• Location Data: Location data is retained for the duration necessary to provide location-based services and may be aggregated or anonymized for analytical purposes.
• Usage and Technical Data: Automatically collected technical and usage data is typically retained for up to 24 months or as needed for analytics and service improvement.
• Communication Records: Records of communications with you (such as support inquiries) are retained for up to 3 years or as necessary to resolve issues and improve service.
• Legal and Compliance Data: Information necessary for legal, accounting, or compliance purposes is retained for the period required by applicable laws and regulations, typically 7 years.

8.2 Factors Affecting Retention

The specific retention period for your personal information may vary based on:

• The nature and sensitivity of the information
• The purposes for which it was collected
• Legal, regulatory, or contractual requirements
• The potential risk of harm from unauthorized use or disclosure
• Whether we can achieve the purposes through other means
• The cost and complexity of deletion

8.3 Secure Disposal

When personal information is no longer needed for the identified purposes or required retention periods, we securely delete or destroy it in a manner that prevents unauthorized access, collection, use, or disclosure. This includes:

• Overwriting or degaussing electronic media
• Permanently deleting electronic records
• Shredding or incinerating physical documents
• Requiring third-party service providers to delete data

8.4 Account Deletion

If you request deletion of your account, we will delete or anonymize your personal information within 30 days, except where retention is required or permitted by law. Some information may remain in backup systems for a limited time before being permanently deleted.

 

9. Your Privacy Rights

Under PIPEDA and applicable Canadian privacy laws, you have certain rights regarding your personal information. We are committed to facilitating the exercise of these rights.

9.1 Right of Access

You have the right to request access to the personal information we hold about you. Upon request, we will provide you with:

• Information about the existence, use, and disclosure of your personal information
• A copy of your personal information in a comprehensible format
• Information about the sources of your personal information
• An account of third parties to whom we have disclosed your information

We will respond to access requests within 30 days. If we cannot meet this deadline, we will notify you of the extension and the reasons for it. Access may be subject to limited exceptions permitted by law.

9.2 Right to Correction

You have the right to request correction of inaccurate or incomplete personal information. If you believe your personal information is inaccurate or incomplete, please contact us with the specific corrections. We will:

• Correct the information if we agree it is inaccurate or incomplete
• Note your disagreement if we do not agree to make the correction
• Notify third parties to whom we disclosed the information of any corrections
• Provide you with confirmation of corrections made

9.3 Right to Withdraw Consent

You may withdraw your consent to our collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice. We will inform you of the implications of withdrawal, which may include:

• Inability to provide certain services or App features
• Termination of your account
• Limited functionality of the App

9.4 Right to Object and Restrict Processing

You may object to or request restriction of certain processing activities, such as:

• Marketing communications (you can opt out at any time)
• Automated decision-making or profiling
• Collection of location data (through device settings)
• Sharing with specific third parties

9.5 Right to Data Portability

Upon request, we will provide you with your personal information in a structured, commonly used, and machine-readable format, where technically feasible, to facilitate transfer to another service provider.

9.6 Right to Complain

If you are not satisfied with how we handle your personal information or respond to your privacy rights requests, you have the right to file a complaint with the Privacy Commissioner of Canada:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Phone: 819-994-5444
Website: https://www.priv.gc.ca/

9.7 Exercising Your Rights

To exercise any of these rights, please contact us using the information in Section 1. We may require verification of your identity before processing your request. We will respond to requests without undue delay and within the timeframes required by law. We do not charge a fee for access requests unless permitted by law (such as for repetitive or manifestly unfounded requests).

 

10. Children’s Privacy

The App is not intended for use by children under the age of 13, or the applicable age of majority in their jurisdiction. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

10.1 No Collection from Children

We do not knowingly solicit or collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as soon as possible.

10.2 Parental Rights

Parents or legal guardians who believe their child has provided personal information to us may contact us to:

• Review the personal information collected from their child
• Request deletion of their child’s personal information
• Refuse to permit further collection or use of their child’s information

10.3 Age Verification

We may implement age verification mechanisms to prevent children from using the App. Users who register for the App may be required to confirm they meet the minimum age requirement.

10.4 Reporting Concerns

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at support@en3.ca.

 

11. International Data Transfers

Your personal information may be transferred to, stored, and processed in countries outside of Canada, including the United States, where our third-party service providers (such as Firebase) operate data centers and processing facilities.

11.1 Cross-Border Transfers

When we transfer personal information outside Canada, we ensure that:

• You are informed about the transfer and the potential risks
• Appropriate safeguards are in place to protect your information
• The receiving parties provide a comparable level of protection
• Contractual obligations require compliance with privacy principles

11.2 Foreign Legal Access

Personal information transferred outside Canada is subject to the laws of the foreign jurisdiction, including laws that may permit government authorities, law enforcement, regulatory agencies, or security authorities in those jurisdictions to access your personal information without your knowledge or consent. The legal protections available in foreign jurisdictions may differ from those in Canada.

11.3 Consent to Transfer

By using the App, you acknowledge and consent to the transfer of your personal information outside Canada for the purposes described in this Privacy Policy. If you do not consent to such transfers, you should not use the App.

11.4 Information About Transfers

For information about the countries or jurisdictions where your personal information may be processed, or to request information about our safeguards for international transfers, please contact us at support@en3.ca.

 

12. Location Data and Permissions

The App collects and uses location data to provide location-based features and services. Your location information is collected only with your explicit consent through iOS device permissions.

12.1 Types of Location Data

We may collect the following types of location information:

• Precise Location: GPS coordinates, WiFi access points, and cell tower information that provide your exact geographic location with high accuracy.
• Approximate Location: General geographic area derived from IP address or less precise location technologies.

12.2 How We Use Location Data

Location data is used to:

• Provide location-based App features and functionality
• Customize content and services based on your geographic location
• Improve App performance and user experience
• Analyze usage patterns and trends in different geographic areas
• Ensure security and prevent fraudulent activity

12.3 Location Permissions and Controls

You have full control over location data collection:

• iOS Permissions: When you first use location features, iOS will request your permission to access location data. You can choose “Allow Once,” “Allow While Using App,” or “Don’t Allow.”
• Changing Permissions: You can modify location permissions at any time through iOS Settings > Privacy & Security > Location Services > Bitts Intranet App.
• Effect of Denying Permission: If you deny location permission, certain features that depend on location data may not function properly.

12.4 Background Location Collection

The App may collect location data when running in the background only if you have granted “Always Allow” permission and if necessary for specific features. We will clearly explain why background location access is needed before requesting this permission.

12.5 Location Data Sharing

Location data may be shared with Firebase for analytics and service provision as described in Section 6. We do not sell location data to third parties or use it for advertising purposes without your explicit consent.

12.6 Retention of Location Data

Location data is retained only as long as necessary for the purposes described in this Privacy Policy. Precise location data may be aggregated or anonymized for analytical purposes after the retention period.

 

13. iOS-Specific Privacy Practices

As an iOS application, the App complies with Apple’s App Store Guidelines and utilizes iOS privacy features to protect your information.

13.1 iOS Permissions

The App requests the following iOS permissions:

• Location Services: To provide location-based features, as described in Section 12.
• Notifications: To send you alerts, updates, and important information about the App.
• Network Access: To communicate with our servers and third-party services.

You can manage these permissions through your iOS device settings at any time.

13.2 Apple Privacy Labels

In accordance with Apple’s requirements, we provide privacy information on the App Store that describes our data collection practices. This Privacy Policy provides more detailed information about those practices.

13.3 iOS Security Features

The App leverages iOS security features including:

• Keychain for secure storage of authentication credentials
• App Transport Security (ATS) for secure network communications
• Sandboxing to isolate App data from other applications
• Biometric authentication (Face ID/Touch ID) where supported

13.4 Data Collection Practices

We do not access information stored in other apps on your iOS device unless you explicitly authorize such access. The App operates within the iOS sandbox environment and respects iOS privacy protections.

13.5 Apple Services

If you use Apple services to authenticate or sign in to the App (such as Sign in with Apple), your use of those services is governed by Apple’s Privacy Policy in addition to this Privacy Policy. We receive only the information you authorize Apple to share with us.

13.6 iOS Updates

We recommend keeping your iOS device updated to the latest version to ensure you benefit from the most recent security and privacy enhancements.

 

14. Analytics and Performance Monitoring

We use analytics and performance monitoring tools to understand how users interact with the App and to improve its functionality, performance, and user experience.

14.1 Firebase Analytics

Firebase Analytics collects information about your use of the App, including:

• App opens, session duration, and screen views
• Device model, operating system version, and language settings
• User demographics (where provided) such as age range and interests
• In-app actions and events
• App crashes and performance issues

14.2 Purpose of Analytics

Analytics data helps us:

• Understand which features are most popular and useful
• Identify technical issues and performance problems
• Improve App design, functionality, and user experience
• Make data-driven decisions about feature development
• Optimize App performance across different devices and OS versions

14.3 Aggregated and Anonymized Data

Analytics data is typically aggregated and anonymized, meaning it cannot be used to identify you personally. We use this information to understand general usage patterns and trends.

14.4 Opting Out of Analytics

You can opt out of analytics tracking by:

• Enabling “Limit Ad Tracking” on your iOS device (Settings > Privacy > Advertising)
• Contacting us to request that analytics be disabled for your account
• Disabling certain analytics features through in-app settings if available

Opting out of analytics will not affect your ability to use core App features but may limit our ability to provide personalized experiences or diagnose technical issues you encounter.

 

15. Cookies and Tracking Technologies

The App and our service providers may use cookies and similar tracking technologies to collect and store information about your preferences and usage.

15.1 Types of Technologies Used

• Cookies: Small data files stored on your device that help us recognize you and remember your preferences.
• Local Storage: Technologies that allow us to store data locally on your iOS device.
• SDKs and APIs: Software development kits and application programming interfaces provided by third-party services like Firebase.
• Device Identifiers: Unique identifiers assigned to your device, such as the IDFA (Identifier for Advertisers) on iOS.
• Session