Ctrlk
Contact usContact ShopifyTry a theme
Edit

Privacy policy

Last updated: April 29, 2026

Legal entity: Brickspace Lab Inc. (“Brickspace Lab”, “we”, “us”)

Contact (privacy inquiries): [email protected]

This Privacy Policy describes how Brickspace Lab collects, uses, discloses, and retains personal information in connection with our websites (https://brickspacelab.com), our products (Slab, Catalog), and related support and sales activities (collectively, the “Services”).

This policy is designed to align with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial requirements. If you are in the European Economic Area or UK, additional rights may apply under GDPR; see Section 10.

1. Who this policy applies to

This policy applies to:

  • Visitors to our Site;

  • Customers who purchase or subscribe to our Services; and

  • Authorized users of accounts associated with our Services (for example, staff on a merchant’s team).

If you do not agree with this policy, please do not use the Services.

2. Personal information we collect

The personal information we collect depends on how you interact with us. It may include:

Category
Examples

Identity and contact

Name, email address, company name, role

Account and authentication

Account identifiers, login metadata, session data

Billing and transaction

Billing address, payment transaction IDs (payment card data is handled by our payment processors, not stored by us except as needed for receipts and accounting)

Support and communications

Messages you send us, support tickets, call or chat logs

Usage and technical

IP address, device/browser type, approximate location derived from IP, pages viewed, referring URLs, timestamps, diagnostics and error logs

Product-specific

Store identifiers or Shopify-related IDs needed to deliver Slab/Catalog, configuration data, and usage tied to your subscription

We collect personal information directly from you, automatically when you use the Site or Services, and from third parties such as Shopify or payment processors where you connect accounts or complete purchases.

3. Purposes for collection and use

We use personal information for purposes that include:

  • Providing, operating, securing, and improving the Services;

  • Creating and managing accounts; authenticating users;

  • Processing payments and fulfilling subscriptions or licenses;

  • Customer support and responding to inquiries;

  • Sending transactional messages (receipts, security notices, legal updates);

  • Marketing, where permitted—such as product updates or newsletters if you opt in or where soft opt-in applies under law;

  • Analytics and product analytics to understand usage and improve performance and UX;

  • Detecting and preventing fraud, abuse, and security incidents;

  • Complying with legal obligations and enforcing our terms;

  • Aggregating or de-identifying information so it no longer identifies you.

We limit collection to what is reasonable for these purposes.

4. Legal bases (where GDPR applies)

Where GDPR applies, we rely on one or more of: performance of a contract; legitimate interests (such as securing our Services and understanding aggregate usage), balanced against your rights; consent (where required—for example, certain marketing or non-essential cookies); and legal obligation.

5. Disclosure and subprocessors

We may disclose personal information:

  • Service providers who assist us under contractual safeguards—including Google LLC (Google Analytics), Meta Platforms, Inc. (advertising and analytics pixels), Shopify Inc. (commerce platform, Shopify Payments, storefront hosting, analytics, and related services), Intercom, Inc. (customer messaging and support), GitBook (documentation hosting), Vercel (API infrastructure used for marketing forms), and other providers we use for hosting, email delivery, payment processing, analytics, customer support tooling, and error monitoring;

  • Shopify and ecosystem partners, as needed to deliver integrations you enable;

  • Professional advisers (lawyers, accountants) under confidentiality;

  • Authorities when required by law or to protect rights, safety, and security; and

  • Business transfers in a merger, financing, or sale of assets, subject to appropriate protections.

We do not sell your personal information as a standalone commercial asset. We may use advertising or analytics tools that process personal data as described in their policies; see Section 9 (Cookies).

A current list of material subprocessors is available on request—email [email protected] with “Subprocessors list” in the subject. We may publish an updated list on our website from time to time.

6. International transfers

We may process or store information in Canada, the United States, or other countries where we or our service providers operate. Where required, we use appropriate safeguards (for example, contractual clauses) for cross-border transfers.

7. Retention

We retain personal information only as long as necessary for the purposes above, including legal, accounting, and dispute-resolution needs. Factors include:

  • the duration of your account or contract;

  • statutory limitation periods;

  • security and fraud monitoring; and

  • anonymization where feasible.

When retention ends, we delete or de-identify information subject to limited exceptions (for example, backups until overwritten).

8. Security

We implement reasonable technical and organizational measures appropriate to the sensitivity of the information we handle. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

9. Cookies and similar technologies

We use cookies and similar technologies for essential functionality, preferences, analytics, and (if enabled) marketing. For details and choices, see our Cookie and consent guidance.

Where PIPEDA or other law requires consent for non-essential cookies, we obtain consent through our banner or settings before loading those technologies.

10. Your rights (access, correction, deletion)

Under PIPEDA, you have the right to request access to your personal information and to challenge its accuracy and completeness. You may request correction where information is inaccurate.

You may also ask us to delete personal information we hold about you, subject to legal exceptions (for example, records we must retain for tax or dispute purposes).

Requests: Email [email protected] with “Privacy request” in the subject. We may verify your identity before responding. We will respond within 30 days where PIPEDA applies, unless an extension is permitted.

Where GDPR applies, you may also have rights to object, restrict processing, data portability, and to withdraw consent where processing is consent-based. You may lodge a complaint with a supervisory authority.

11. Children

The Services are not directed to children under the age of majority. We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.

12. Automated decision-making

We do not use automated decision-making that produces legal or similarly significant effects solely based on automated processing.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on the Site and update the “Last updated” date. For material changes, we may provide additional notice (for example, email or in-product notice).

14. Contact and complaints

Brickspace Lab — Privacy Email: [email protected] Address:

121 Mississaga Street East Orillia, Ontario L3V 1V6 Canada

Tel. 705-259-7528

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (OPC) at https://www.priv.gc.ca.

Last updated

Was this helpful?