Privacy Policy

Effective May 18, 2026 (v2026-05-18)

Solutions ArdanGeo Inc. ("ArdanGeo", "we", "us") operates the ArdanGeo platform at ardangeo.com. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and what rights you have over it.

We are a data controller within the meaning of Quebec Law 25 (the Act respecting the protection of personal information in the private sector) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Who we are and how to reach us

Solutions ArdanGeo Inc., Quebec, Canada.

The Person Responsible for the Protection of Personal Information (within the meaning of Quebec Law 25, §3.1) can be reached at [email protected] or by post at: Solutions ArdanGeo Inc., Quebec, Canada.

2. What information we collect

2.1 Account information (via Clerk)

  • Email address
  • Name (if you provide it during signup)
  • Authentication state (login timestamps, IP address used at login)
  • Subscription tier and access metadata (currently: free or beta)

Authentication is handled by Clerk Inc. (United States). See Clerk's privacy policy.

2.2 Usage information

  • Hexes and locations you query in the explorer
  • Feedback you submit through the in-app widget
  • Browser type, language, and device class (technical telemetry)
  • IP address (used for abuse prevention; truncated after 30 days)
  • Product-analytics events: page views, in-app navigation, click events (via PostHog autocapture), report generation outcomes, sign-in events. Each event is tagged with your Clerk user identifier (an opaque string) — not your email or name. See §7 for the full scope and how to opt out.
  • Session recordings: PostHog records your interactions with the application (mouse movements, clicks, page transitions) to help us identify and fix usability problems. All input fields, including passwords, email fields, and free-text inputs, are masked at the source and are never transmitted in plaintext. Retention 30 days. See §7 to opt out.
  • Approximate geographic information: PostHog derives an approximate location (country, region, city, three-character postal prefix, timezone) from your IP address at the time of each event. We do not request precise device geolocation. This approximate-location data is stored alongside your other analytics events.

2.3 What we do NOT collect

  • Payment information (no paid tiers active during beta)
  • Precise location from your device. We do not call the browser geolocation API. Approximate IP-derived location is collected for product analytics — see §2.2.
  • Third-party advertising identifiers
  • Sensitive personal information (race, health, religion, biometrics, etc.)
  • Your email address, name, phone number, or postal address in our product-analytics system. A property denylist enforced in client-side code strips these fields before any event is transmitted to PostHog. Your contact information stays with Clerk (the authentication provider).

3. Why we collect it (legal basis)

  • Contractual necessity — to provide the screening service you signed up for
  • Legitimate interest — to prevent abuse, debug errors, and improve the service
  • Legal obligation — to comply with applicable law (anti-spam, accounting, regulatory requests)
  • Consent — for any optional features that explicitly ask for it (e.g., feedback survey participation)

4. Where your information is stored and processed

Your data is processed in:

  • Canada — Solutions ArdanGeo Inc. operations and audit logs
  • United StatesRailway Corp. (backend hosting and the persistent /data volume on which our databases live), Clerk Inc. (authentication and subscription management), Mapbox Inc. (map tiles), Backblaze Inc. (encrypted off-site backups of customer projects, points of interest, generated reports, and usage logs; retention 30 days), Google LLC (Google Workspace mailboxes for privacy@, legal@, contact@, sales@, and hello@; Google Fonts CDN)
  • SwitzerlandOpen-Meteo (digital-elevation lookups: a hexagon centroid coordinate is sent per query; no account information is sent)
  • Cloudflare global edge — DNS, TLS termination, DDoS protection, and bot mitigation; no personal information is cached at the edge
  • European Union PostHog Inc. EU region (eu.i.posthog.com), for product analytics, session replay, and user-experience research. All analytics data stays in the EU; no transit through PostHog's US data centres. Copernicus / ECMWF (ERA5 climate reanalysis; used in our offline data-preparation pipeline only — your personal information is not transmitted).

A Privacy Impact Assessment (Évaluation des facteurs relatifs à la vie privée — EFVP) has been conducted under Quebec Law 25 §3.3 for each of the cross-border transfers above. The assessment is on file and available to the Commission d'accès à l'information du Québec (CAI) on request, and to you on request to the Person Responsible. Cross-border transfers from Quebec rely on (a) the EFVP confirming protection equivalent to Quebec standards, and (b) standard contractual clauses with each recipient, in accordance with Quebec Law 25 §17.

5. How long we keep it

  • Account information: while your account is active. On account deletion (Loi 25 §28 erasure), all rows tied to your Clerk user identifier are deleted from our application database within 24 hours. An erasure log entry recording that a deletion occurred (but not its contents) is retained as evidence of compliance.
  • Hex query history: 12-month rolling window. Rows older than 12 months are purged daily by an automated job.
  • Feedback submissions: 24 months tied to your identifier, after which the user identifier is replaced with an irreversible hash so the message text remains usable for product improvement without identifying you.
  • IP addresses: we do not store IP addresses in our application database. IP addresses appear only in transient hosting/CDN access logs (Railway, Cloudflare) and in Clerk's authentication logs, each subject to those providers' own retention policies (typically 30 days or less).
  • Generated reports: while your account is active, plus 6 months. PDF files are deleted from disk in the same erasure transaction as the database row.
  • Backups: encrypted off-site backups (Backblaze B2, retention 30 rolling days). An erasure request is propagated to backups on the next backup cycle, so your data may persist in encrypted backups for up to 30 days after deletion.
  • Product-analytics events (PostHog): 12 months tied to your Clerk identifier, after which the identifier is replaced with an irreversible hash so aggregate trends remain available without identifying you.
  • Session recordings (PostHog): 30 days from the date of the session, after which the recording is permanently deleted by PostHog.

6. Your rights

Under Quebec Law 25 (and GDPR where applicable), you have the right to:

  • Access the personal information we hold about you (Loi 25 §27)
  • Correct inaccurate information (Loi 25 §28)
  • Request the cessation of dissemination, de-indexation, or re-indexation of personal information that causes you serious injury (Loi 25 §28.1 — sometimes called the "right to be forgotten")
  • Delete your account and associated personal information (Loi 25 §28)
  • Receive a portable copy of your data in a structured, commonly-used technological format (Loi 25 §27 ¶3)
  • Withdraw consent for any optional processing (Loi 25 §14)
  • Opt out of product analytics and session recording at any time via the in-app toggle at /workspace/settings/privacy, or by writing to [email protected]. During the beta period, product analytics and session recording are enabled by default when you accept the Terms of Service at signup; you may opt out at any time without losing access to the service. Opting out stops new event capture and new session recordings; previously collected data remains until the retention period expires unless you also request erasure.
  • Opt out of personalized communications derived from product-analytics cohorts (see §7.1). Operational messages (security alerts, billing, service status) cannot be opted out of.
  • Be informed before any decision based exclusively on automated processing of your information, and obtain the principal personal information used and the principal factors that led to the decision (Loi 25 §12.1). Our automated cohort scoring (see §7.1) is not used to make decisions about you that have legal or similarly significant effects.
  • Lodge a complaint with the Commission d'accès à l'information du Québec or, if you are in the EU, your local Data Protection Authority

Send any rights request to [email protected]. We will respond within 30 days as required by Quebec Law 25 §29.

7. Cookies, analytics, and similar technologies

  • Strictly necessary: Clerk session cookie (required to stay logged in)
  • Functional: locale preference (en/fr), theme preference, analytics opt-out preference (when set)
  • First-party analytics: we record application events (signups, hex queries, report generation, errors) keyed by the Clerk user identifier in our own database to measure product quality and reliability. Retention 24 months, after which the user identifier is replaced with an irreversible hash.
  • Third-party product analytics: we use PostHog Inc. EU region (eu.i.posthog.com) for product analytics, session replay, and user-experience research. PostHog is configured in identified-only mode — anonymous visitors are not profiled. The following are captured and tied to your Clerk user identifier:
    • Page views and in-app navigation
    • Click and interaction events (PostHog autocapture, limited to click, submit, and change DOM events)
    • Session recordings of your interactions, with all input fields, passwords, and free-text inputs masked at the source
    • Approximate geographic information derived from your IP (country, region, city, three-character postal prefix, timezone), browser, OS, viewport, language
    • A subset of properties: your Clerk user identifier, your email domain (e.g. gmail.comnot the full address), your subscription tier (e.g. beta), and the date your account was created
    The following are not sent to PostHog: your email address, name, phone number, postal address, payment information, or any free-text content you type. A property denylist enforced in client-side code (src/lib/analytics.ts) strips these fields before any event is transmitted.
  • Advertising: none. Ever.

7.1 Use of analytics for user-success outreach

We may use the analytics data described above to identify users who appear to be experiencing difficulty with the product (repeated errors, abandoned workflows, declining engagement) and proactively offer support, documentation, or onboarding help. This processing is grounded on our legitimate interest in delivering a usable product and reducing customer effort, balanced against your reasonable expectation of being supported.

Outreach is sent through separate communication tools (currently Clerk and direct email from [email protected]); your contact information is held by Clerk and is not stored in PostHog. You can opt out of personalized outreach at any time without losing access to the service (see §6). Operational messages (security, billing, service status) are excluded from opt-out.

Cohort scoring is automated but is not used to make decisions about you that have legal or similarly significant effects within the meaning of Quebec Law 25 §12.1 — it informs only whether a human at ArdanGeo decides to reach out to you.

7.2 Right to opt out of analytics and session recording

You can request that we stop collecting product analytics and session recordings for your account by emailing [email protected]. Once received, your account is flagged in our system and the PostHog client is disabled for your sessions going forward; the PostHog opt_out_capturing directive is also set so no further data is sent. Previously collected events and recordings remain until the retention period expires (see §5) unless you also request erasure under §6.

An in-app self-serve toggle is available at /workspace/settings/privacy. Changes take effect immediately; the new state is recorded against the privacy policy version in effect at the time.

8. Children

ArdanGeo is a professional engineering tool not intended for users under 14. We do not knowingly collect information from minors. If you believe a minor has signed up, please contact us so we can delete the account.

9. Security and confidentiality incidents

We use TLS (HTTPS) for all data in transit, encrypted volumes for data at rest, and Clerk for authentication (MFA, device tracking, leaked- credential monitoring). No system is impenetrable. If a confidentiality incident (within the meaning of Quebec Law 25 §63.5) occurs that presents a risk of serious injury, we will notify the Commission d'accès à l'information du Québec and any affected persons with diligence (and in any event no later than 72 hours after we become aware), in accordance with Quebec Law 25 §§63.7–63.10. Every such incident is recorded in our incident register pursuant to §3.5.

10. Updates to this policy

Substantive changes will be communicated by email to active users at least 30 days before they take effect, and you will be asked to re-accept the policy at next sign-in. Minor edits (typos, link updates) appear here without notice.

11. Language of this policy

The French version of this Privacy Policy prevails in the event of any inconsistency with the English version, in accordance with the Charter of the French Language (RLRQ, c. C-11, §55) and Article 1432 of the Civil Code of Quebec.