ActiveSF

Legal

Privacy Policy

ActiveSF Ltd.

Last updated: April 28, 2026

ActiveSF Ltd. (“ActiveSF”, “we”, “us”, or “our”) respects your privacy and is committed to protecting personal data in accordance with applicable privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), the EU General Data Protection Regulation (GDPR), and the UK GDPR.

This Privacy Policy explains how we collect, use, store, and protect personal information when you use our websites, forms, and services.

1. Who We Are

ActiveSF Ltd. is a corporation incorporated in Nova Scotia, Canada.

For the purposes of GDPR and UK GDPR, ActiveSF acts as:

  • Data Controller for account, authentication, and platform usage data
  • Data Processor where users upload or input business data into our system

2. Information We Collect

We collect the following categories of information:

2.1 Website and Lead Capture Information

When you contact us, request a demo, join a waitlist, request access, or submit a feature request, we may collect information such as:

  • Name
  • Email address
  • Phone number
  • Company or organisation name
  • Message contents or details of your request
  • Submission metadata such as submission type and IP address

2.2 Account Information (via Kinde)

We use Kinde for authentication and account management. Through this we collect:

  • Name
  • Email address
  • Account credentials (securely managed by Kinde)
  • Organisation name (if provided)
  • Role/permission data within an organisation

Kinde may also process authentication-related metadata such as login timestamps for security purposes.

2.3 Technical Information

We automatically collect limited technical data, including:

  • IP address
  • Device type and browser information
  • Approximate location data (derived from IP)
  • System and security logs

This data is used for security, fraud prevention, abuse prevention, troubleshooting, and service reliability.

2.4 Usage Data

We use Umami (cookieless analytics) to collect anonymised usage information, such as:

  • Page views
  • Feature usage trends
  • Navigation patterns

This data is not used to identify individuals.

2.5 User-Provided Data

Users may upload or input data into the platform, including:

  • Checklists and checklist responses
  • Documents and business files
  • Business process data
  • Client or customer information (which may include email addresses, IP addresses, or location data)

This data is stored on behalf of the user and processed only to provide the service.

3. How We Use Your Information

We use personal data to:

  • Respond to enquiries, demo requests, waitlist submissions, and feature requests
  • Communicate with prospective customers and business contacts
  • Provide and operate our SaaS platform
  • Authenticate and secure user accounts
  • Manage user roles and organisation access
  • Store and display user-created content
  • Improve system reliability and performance
  • Comply with legal obligations

4. Legal Basis for Processing and Consent

We process personal data under the following lawful bases:

  • Contract – to provide the services you request
  • Legitimate Interests – for security, fraud prevention, and system improvement
  • Legal Obligation – where required by applicable law

Under PIPEDA, we collect, use, and disclose personal information with your knowledge and consent, except where otherwise permitted or required by law. Depending on the circumstances and sensitivity of the information, consent may be express or implied. For example, when you submit a contact, demo, or waitlist form, we use that information to respond to your request.

You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. If you withdraw consent, we may be unable to provide certain services or respond to certain requests.

Where special category data is unintentionally included in user uploads, it is processed strictly as part of providing the service at the direction of the user.

5. Data Sharing and Third Parties

We do not sell personal data.

We share data only with trusted service providers necessary to operate our platform:

  • Kinde – authentication and user management
  • Hetzner Cloud (EU, Germany) – infrastructure and hosting
  • Umami – privacy-preserving analytics

Each provider is contractually expected to process data securely and in compliance with applicable data protection laws.

6. International Data Transfers

Although ActiveSF is based in Canada, our infrastructure is hosted within the European Union (Germany).

Where data is transferred internationally, we rely on appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Data processing agreements with vendors

7. Data Retention

We retain personal data only as long as necessary to provide the service.

  • Active accounts: retained for the duration of the account
  • Deleted accounts: deleted or anonymised from active systems within a reasonable operational period
  • Contact, demo, waitlist, and similar lead-capture submissions: retained for up to 12 months
  • Backups: retained for up to 12 months for disaster recovery purposes.

8. Data Security

We implement appropriate technical and organisational measures to protect data, including:

  • Encrypted communication (HTTPS/TLS)
  • Secure authentication via Kinde
  • Access controls and role-based permissions
  • Infrastructure hosted in secure EU data centres

9. Your Rights (GDPR / PIPEDA)

Depending on your jurisdiction, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Request export of your data (data portability)
  • Object to certain types of processing

Requests can be made by contacting us (see Section 13). We handle requests manually where necessary.

If you are in Canada and have a concern about our privacy practices, you may contact us first so we can investigate and respond. If your concern remains unresolved, you may also contact the Office of the Privacy Commissioner of Canada.

10. Data Deletion

You may request deletion of your account and associated data at any time.

Upon deletion:

  • Active data is deleted or anonymised from production systems within a reasonable operational period
  • Backup copies remain for up to 12 months (disaster recovery only)

11. Cookies and Tracking

We use only strictly necessary cookies for authentication and security purposes via Kinde.

We do not use:

  • advertising cookies
  • tracking cookies
  • behavioural profiling cookies

We use Umami for cookieless analytics.

If you disable strictly necessary cookies in your browser, some parts of the service, including sign-in and secure account access, may not function correctly.

12. Children’s Data

Our services are intended for business users only and are not directed at individuals under 18.

We do not knowingly collect data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised “Last updated” date.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, contact:

ActiveSF Ltd.

Privacy Contact

legal@activesf.com

Address

ActiveSF Ltd., 50 Nightingale Drive, Halifax, NS, B3M 1V4, Canada