# Privacy policy **Last updated:** April 29, 2026 **Legal entity:** Brickspace Lab Inc. (“**Brickspace Lab**”, “**we**”, “**us**”) **Contact (privacy inquiries):** This Privacy Policy describes how Brickspace Lab collects, uses, discloses, and retains personal information in connection with our websites (), our products (**Slab**, **Catalog**), and related support and sales activities (collectively, the “**Services**”). This policy is designed to align with Canada’s **Personal Information Protection and Electronic Documents Act** (**PIPEDA**) and applicable provincial requirements. If you are in the European Economic Area or UK, additional rights may apply under GDPR; see **Section 10**. *** ## 1. Who this policy applies to This policy applies to: * **Visitors** to our Site; * **Customers** who purchase or subscribe to our Services; and * **Authorized users** of accounts associated with our Services (for example, staff on a merchant’s team). If you do not agree with this policy, please do not use the Services. *** ## 2. Personal information we collect The personal information we collect depends on how you interact with us. It may include: | Category | Examples | | ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Identity and contact** | Name, email address, company name, role | | **Account and authentication** | Account identifiers, login metadata, session data | | **Billing and transaction** | Billing address, payment transaction IDs (payment card data is handled by our payment processors, not stored by us except as needed for receipts and accounting) | | **Support and communications** | Messages you send us, support tickets, call or chat logs | | **Usage and technical** | IP address, device/browser type, approximate location derived from IP, pages viewed, referring URLs, timestamps, diagnostics and error logs | | **Product-specific** | Store identifiers or Shopify-related IDs needed to deliver Slab/Catalog, configuration data, and usage tied to your subscription | We collect personal information **directly from you**, **automatically** when you use the Site or Services, and **from third parties** such as Shopify or payment processors where you connect accounts or complete purchases. *** ## 3. Purposes for collection and use We use personal information for purposes that include: * Providing, operating, securing, and improving the Services; * Creating and managing accounts; authenticating users; * Processing payments and fulfilling subscriptions or licenses; * Customer support and responding to inquiries; * Sending transactional messages (receipts, security notices, legal updates); * **Marketing**, where permitted—such as product updates or newsletters if you opt in or where soft opt-in applies under law; * Analytics and product analytics to understand usage and improve performance and UX; * Detecting and preventing fraud, abuse, and security incidents; * Complying with legal obligations and enforcing our terms; * Aggregating or de-identifying information so it no longer identifies you. We limit collection to what is reasonable for these purposes. *** ## 4. Legal bases (where GDPR applies) Where GDPR applies, we rely on one or more of: **performance of a contract**; **legitimate interests** (such as securing our Services and understanding aggregate usage), balanced against your rights; **consent** (where required—for example, certain marketing or non-essential cookies); and **legal obligation**. *** ## 5. Disclosure and subprocessors We may disclose personal information: * **Service providers** who assist us under contractual safeguards—including **Google LLC** (Google Analytics), **Meta Platforms, Inc.** (advertising and analytics pixels), **Shopify Inc.** (commerce platform, Shopify Payments, storefront hosting, analytics, and related services), **Intercom, Inc.** (customer messaging and support), **GitBook** (documentation hosting), **Vercel** (API infrastructure used for marketing forms), and other providers we use for hosting, email delivery, payment processing, analytics, customer support tooling, and error monitoring; * **Shopify** and ecosystem partners, as needed to deliver integrations you enable; * **Professional advisers** (lawyers, accountants) under confidentiality; * **Authorities** when required by law or to protect rights, safety, and security; and * **Business transfers** in a merger, financing, or sale of assets, subject to appropriate protections. We do not sell your personal information as a standalone commercial asset. We may use advertising or analytics tools that process personal data as described in their policies; see **Section 9 (Cookies)**. A current list of material subprocessors is available **on request**—email **** with “Subprocessors list” in the subject. We may publish an updated list on our website from time to time. *** ## 6. International transfers We may process or store information in **Canada**, the **United States**, or other countries where we or our service providers operate. Where required, we use appropriate safeguards (for example, contractual clauses) for cross-border transfers. *** ## 7. Retention We retain personal information only as long as necessary for the purposes above, including legal, accounting, and dispute-resolution needs. Factors include: * the duration of your account or contract; * statutory limitation periods; * security and fraud monitoring; and * anonymization where feasible. When retention ends, we delete or de-identify information subject to limited exceptions (for example, backups until overwritten). *** ## 8. Security We implement reasonable technical and organizational measures appropriate to the sensitivity of the information we handle. No method of transmission or storage is completely secure; we cannot guarantee absolute security. *** ## 9. Cookies and similar technologies We use cookies and similar technologies for essential functionality, preferences, analytics, and (if enabled) marketing. For details and choices, see our [**Cookie and consent guidance**](/legal/cookie-consent.md). Where PIPEDA or other law requires consent for non-essential cookies, we obtain consent through our banner or settings before loading those technologies. *** ## 10. Your rights (access, correction, deletion) **Under PIPEDA**, you have the right to request access to your personal information and to challenge its accuracy and completeness. You may request correction where information is inaccurate. You may also ask us to **delete** personal information we hold about you, subject to legal exceptions (for example, records we must retain for tax or dispute purposes). **Requests:** Email **** with “Privacy request” in the subject. We may verify your identity before responding. We will respond within **30 days** where PIPEDA applies, unless an extension is permitted. **Where GDPR applies**, you may also have rights to object, restrict processing, data portability, and to withdraw consent where processing is consent-based. You may lodge a complaint with a supervisory authority. *** ## 11. Children The Services are not directed to children under the age of majority. We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it. *** ## 12. Automated decision-making We do not use automated decision-making that produces legal or similarly significant effects solely based on automated processing. *** ## 13. Changes to this policy We may update this Privacy Policy from time to time. We will post the revised version on the Site and update the “Last updated” date. For material changes, we may provide additional notice (for example, email or in-product notice). *** ## 14. Contact and complaints **Brickspace Lab — Privacy**\ Email: ****\ Address: 121 Mississaga Street East\ Orillia, Ontario L3V 1V6\ Canada Tel. 705-259-7528 If you are not satisfied with our response, you may contact the **Office of the Privacy Commissioner of Canada** (OPC) at . --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.brickspacelab.com/legal/privacy-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.