SafetySphere · Legal

Privacy Policy

How SafetySphere handles personal information.

Effective Date: 2026-05-08 Last Updated: 2026-05-08

Stoney Technologies Ltd ("we", "us", "our") respects your privacy. This Privacy Policy explains what personal information we collect, how we use and share it, and the rights you have. It applies to SafetySphere and our website at https://safetysphere.io (together, the "Service").

We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws, including Alberta's Personal Information Protection Act (PIPA), Quebec's Act respecting the protection of personal information in the private sector (Law 25), and applicable US state privacy laws (including the California Consumer Privacy Act / California Privacy Rights Act ("CCPA/CPRA"), the Virginia Consumer Data Protection Act, and similar laws).


1. Who is the controller of your information?

SafetySphere is a B2B service. There are two distinct relationships:

  • When you use the Service as part of a customer organization (e.g., your employer is our customer): the customer organization is the controller of personal information processed within their account, including Customer Data such as employee records, incident reports, and training records. We act as their service provider / processor under our Data Processing Agreement.
  • When we collect information directly — such as when you contact us, visit our website, or your employer designates you as the account administrator — we act as the controller of that information.

This Privacy Policy describes the second category and our overall practices. If you have questions about how a customer organization handles your information within their account, please contact that organization directly.

2. Information we collect

2.1 Information you provide

  • Account information: name, work email, job title, company name, phone (optional), and password (stored hashed).
  • Billing information: billing contact, billing address, tax ID, and payment method (handled by our payment processor; we do not store full card numbers).
  • Communications: content of emails, support tickets, surveys, and feedback you send us.
  • Content uploaded by Customer organizations: This is "Customer Data" and is processed under our DPA. It may include personal information about employees or contractors of the customer (e.g., names, employee IDs, training records, incident details).

2.2 Information we collect automatically

  • Usage data: pages visited, features used, clicks, time spent, referring URLs, and similar interaction data.
  • Device and connection data: IP address, browser type and version, operating system, device identifiers, and approximate geolocation derived from IP.
  • Cookies and similar technologies: see our Cookie Policy for detail.

2.3 Information from third parties

  • Sign-in providers (if you use SSO, Google, Microsoft, etc.): the basic profile information they share with us per your authorization.
  • Business contacts: name and work email obtained from publicly available business sources or referrals, used for prospecting in accordance with anti-spam law.

We do not intentionally collect sensitive categories such as health information, biometric data, or government IDs through our website. If a customer uploads such data into the Service, that processing is governed by the DPA and the customer's instructions.

3. How we use information

We use personal information for the following purposes:

PurposeExamplesLegal basis (where required)
Provide the ServiceAuthenticating users; processing requests; providing supportPerformance of contract; legitimate interest
Billing and account administrationInvoicing; collections; tax complianceContract; legal obligation
Improve and develop the ServiceAnalytics; debugging; product researchLegitimate interest
Security and fraud preventionDetecting unauthorized access; investigating abuseLegitimate interest; legal obligation
CommunicationsService notices, updates, and (with consent or legitimate interest) marketingConsent / legitimate interest
Comply with lawTax, regulatory, and legal requestsLegal obligation
Corporate transactionsDiligence in connection with a merger, financing, or saleLegitimate interest

We do not sell personal information, and we do not use Customer Data to train AI models for general use. We may use de-identified or aggregated data (data that cannot reasonably identify any individual) for analytics, benchmarking, and product improvement.

4. How we share information

We share personal information in the following circumstances:

  • Sub-processors and service providers. Hosting (cloud infrastructure), email delivery, customer support tooling, analytics, and similar vendors who process information on our behalf under contractual safeguards. A current list of material sub-processors is available on request and in the DPA.
  • Within the customer organization. Customer Data is accessible to authorized users designated by the customer.
  • Legal and safety. When required by law, subpoena, court order, or to protect rights, safety, or property.
  • Corporate transactions. In connection with a merger, acquisition, financing, or sale of all or part of our business, subject to confidentiality obligations.
  • With your consent. For any purpose disclosed at the time of collection.

We do not share personal information with third parties for their own marketing purposes.

5. International transfers and storage

We are based in the Province of Alberta and the federal laws of Canada applicable therein. We and our sub-processors may store and process information in Canada and the United States. When personal information is transferred across borders, we use contractual safeguards (such as standard contractual clauses where applicable) and rely on legal mechanisms permitted under PIPEDA and provincial law.

If you are located outside Canada, you understand that your information will be subject to the laws of the jurisdictions in which it is processed, including lawful access requests by foreign authorities.

6. Retention

We retain personal information only as long as necessary for the purposes set out in this policy, to provide the Service, to meet legal, accounting, or reporting requirements, or to resolve disputes.

  • Account information: retained for the duration of the customer's subscription plus a reasonable period (typically 90 days post-termination, then deleted or anonymized).
  • Customer Data: retained per the customer's instructions and the DPA. Customers can export Customer Data for 30 days following termination.
  • Billing records: retained for the period required by tax and accounting law (typically 6–7 years).
  • Backup copies: may persist for up to 90 days in encrypted backups before being overwritten.

7. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS) and at rest, access controls, logging, and regular reviews. No security measure is perfect; if you believe your account has been compromised, contact info@stoneytechnologies.com immediately.

8. Your rights

8.1 Rights under Canadian law

You have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Withdraw consent to processing (subject to legal or contractual restrictions).
  • Complain to the Office of the Privacy Commissioner of Canada (www.priv.gc.ca) or your provincial regulator (e.g., Alberta's Office of the Information and Privacy Commissioner, the Commission d'accès à l'information du Québec).

8.2 Rights under US state laws

Depending on the US state where you reside, you may have rights to:

  • Know what personal information we collect, use, and disclose.
  • Access and delete personal information.
  • Correct inaccurate information.
  • Opt out of "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioural advertising).
  • Limit use of sensitive personal information.
  • Non-discrimination for exercising your rights.

8.3 California-specific notice

  • Categories of personal information collected in the past 12 months: identifiers (name, email, IP), commercial information (transaction data), internet activity (usage), professional information (job title, employer), and inferences derived from the foregoing.
  • Sources, purposes, and recipients are described in Sections 2–4 above.
  • No sale or sharing. We do not sell personal information and do not share it for cross-context behavioural advertising as defined under CCPA/CPRA.
  • Authorized agents. You may designate an authorized agent to make a request on your behalf.
  • Shine the Light. California residents may request information about disclosures to third parties for their direct marketing purposes; we do not make such disclosures.

8.4 How to exercise your rights

Email info@stoneytechnologies.com or use the in-app privacy controls. We will verify your identity (typically by confirming control of the email associated with your account) and respond within the timeframes required by applicable law (generally 30–45 days).

If you are an employee or contractor of one of our customers and your request relates to Customer Data, please contact your employer first; we will assist them in fulfilling the request.

9. Marketing communications

We send marketing emails only where permitted by law. You can unsubscribe at any time using the link in any marketing email or by contacting info@stoneytechnologies.com. Service-related communications (e.g., billing, security notices) are not promotional and continue regardless of marketing preferences.

In compliance with Canada's Anti-Spam Legislation (CASL), we obtain express or implied consent before sending commercial electronic messages and provide a clear unsubscribe mechanism in every message.

10. Cookies

See our separate Cookie Policy for detailed information about the cookies and similar technologies we use, and how you can manage them.

11. Children's privacy

The Service is intended for use by businesses and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact info@stoneytechnologies.com.

12. Automated decision-making

We do not use the Service to make decisions about individuals that produce legal or similarly significant effects on them based solely on automated processing. Customers using the Service are responsible for ensuring that any automated decisions they make using outputs from the Service comply with applicable law.

13. Changes to this Policy

We may update this Privacy Policy from time to time. For material changes, we will provide notice (by email or in-product) at least 30 days before the change takes effect. The "Last Updated" date at the top reflects the latest version.

14. Contact and Privacy Inquiries

For privacy questions, requests, or concerns about our privacy practices, contact us at:

Email: info@stoneytechnologies.com Mail: Stoney Technologies Ltd, 2044 South Creek Drive, Stony Plain, Alberta

If you are not satisfied with our response, you may complain to:

  • Office of the Privacy Commissioner of Canadawww.priv.gc.ca
  • Your provincial privacy commissioner (in Alberta, BC, or Quebec)
  • The relevant US state Attorney General or privacy agency (e.g., the California Privacy Protection Agency)

Version: 1.0 — 2026-05-08