Privacy Policy

Identity and Access

When you sign up for CompanyOn, we ask for your name, your phone, and email address. That’s just so you can personalize your new account, and we can send you invoices, updates, or other essential information. We will never sell your personal info to third parties, and we won’t use your name or company in marketing statements without your permission, either.

Billing Information

When you pay for CompanyOn, we ask for your credit card and billing address. That’s so we can charge you for service, calculate taxes due, and send you invoices. Your credit card is passed directly to our payment partner and we do not store any payment sensitive information in our servers. We store a record of the payment transaction, for account history, invoicing, and billing support. We store your billing address to print on your invoices, to calculate any sales tax due in Canada, and to detect fraudulent credit card transactions.

When we access or share your information

When you write CompanyOn with a question or to ask for help, we’ll keep that correspondence, and the email address, for future reference. When you browse our marketing pages, we’ll track that for statistical purposes (like conversion rates and to test new designs). We also store any information you volunteer, like surveys, for as long as it makes sense.

The only times we’ll ever share your info:

To provide products or services you’ve requested, with your permission. List of third-party services we use.

To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.

If CompanyOn is acquired by or merged with another company — we don’t plan on that, but if it happens — we’ll notify you well before any info about you is transferred and becomes subject to a different privacy policy.

Geolocation Data

We log all access to all accounts by full IP address so that we can always verify no unauthorized access has happened. We keep this login data for as long as your product account is active.

Web analytics data — described further in the Website Interactions section — are also tied temporarily to IP addresses to assist with troubleshooting cases.

Website Interaction

When you browse our marketing pages or applications, your browser automatically shares certain information such as which operating system and browser version you are using. We track that information, along with the pages you are visiting, page load timing, and which website referred you for statistical purposes like conversion rates and to test new designs. We sometimes track specific link clicks to help inform some design decisions. These web analytics data are tied to your IP address and user account if applicable and you are signed into our Services.

Cookies and Do not Track

We do use persistent first-party cookies to store certain preferences, make it easier for you to use our applications, and support some in-house analytics. A cookie is a piece of text stored by your browser to help it remember your login information, site preferences, and more. You can adjust cookie retention settings in your own browser. To learn more about cookies, including how to view which cookies have been set and how to manage and delete them, please visit: www.allaboutcookies.org.

Your Rights With Respect to Your Information

At CompanyOn, we apply the same data rights to all customers, regardless of their location. Currently some of the most privacy-forward regulations in place are in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA), the European Union’s General Data Protection Regulation (“GDPR”) and California Consumer Privacy Act (“CCPA”) in the US. CompanyOn recognizes all of the rights granted in these regulations, except as limited by applicable law. These rights include:

• Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
• Right to Correction. This is your right to request correction of your personal information.
• Right to Erasure. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession (also known as the “Right to be forgotten”). However, if applicable law requires us to comply with your request to delete your information, fulfillment of your request may prevent you from using CompanyOn’s services and may result in closing your account.
• Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed.
• Right to Complain. You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority.
• Right to Object. This is your right, in certain situations, to object to how or why your personal information is processed.
• Right to Portability. This is your right to receive the personal information we have about you and the right to transmit it to another party.
• Right to not be subject to Automated Decision-Making. This is your right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable European law, or is based on your explicit consent.

Freedom of Information and Protection of Privacy Act

Our customers are always in control of how they manage and access their content stored in CompanyOn. They can use our services in a manner that satisfies their obligations under these Privacy laws. But since CompanyOn does not have visibility into or knowledge of what customers are uploading onto its platform, including whether or not that data is deemed subject to FOIPPA, PIPA,PIPEDA or any other private law, it is the ultimate responsibility of our customers to ensure their compliance with these legislation.

Canada’s Federal Private Sector Privacy Legislation

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian federal law that applies to the collection, use, and disclosure of personal information in the course of commercial activities in all Canadian provinces as supplemented by substantially similar provincial privacy laws in Alberta, British Columbia and Québec. PIPEDA also applies to international and interprovincial transfers of personal information. Our customers are responsible for their own PIPEDA compliance.

Can our customers use CompanyOn and comply with PIPEDA laws?

Our customers have control over the data they access and store within our platform. CompanyOn provides the tools through our features, our servers and cloud security to assist our customers in achieving the security and compliance subject to the PIPEDA regulations.

For more information on using CompanyOn under PIPEDA we encourage you to reach out to your privacy counsel.

Processors We Use

As part of the services we provide, and only to the extent necessary, we may use certain third party processors to process some or all of your personal information. 

Credit card information, processing and security is implemented using our third party payment gateway’s security measures in all transactions. Credit card details are NOT stored within our servers, they are stored securely by our third party payment gateway used by the Service for payment processing. Please see Stripes’ terms of use to learn more.

Law Enforcement

Conceptualshift Inc. the parent Company of CompanyOn, won’t hand your data over to law enforcement unless a court order says we have to. We flat-out reject requests from local and federal law enforcement when they seek data without a court order. And unless we’re legally prevented from it, we’ll always inform you when such requests are made.

Security and Encryption

Deleted Data

When you cancel your account, we’ll ensure that nothing is stored on our servers past 30 days. Anything you delete on your account while it’s active will also be purged within 30 days (up until then it’s available as inactive, or as we call it in the trash can).

Location of Site and Data

This Site is operated in Canada. If you are located in the European Union or elsewhere outside of Canada, please be aware that any information you provide to us will be transferred to Canada. By using our Site, participating in any of our services and/or providing us with your information, you consent to this transfer.