Privacy Policy

Solutions ArdanGeo Inc. ("ArdanGeo", "we", "us") operates the ArdanGeo platform at ardangeo.com. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and what rights you have over it.

We are a data controller within the meaning of Quebec Law 25 (the Act respecting the protection of personal information in the private sector) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Who we are and how to reach us

Solutions ArdanGeo Inc., Quebec, Canada. Privacy contact: [email protected].

2. What information we collect

2.1 Account information (via Clerk)

• Email address
• Name (if you provide it during signup)
• Authentication state (login timestamps, IP address used at login)
• Subscription tier and access metadata (currently: free or beta)

Authentication is handled by Clerk Inc. (United States). See Clerk's privacy policy.

2.2 Usage information

• Hexes and locations you query in the explorer
• Feedback you submit through the in-app widget
• Browser type, language, and device class (technical telemetry)
• IP address (used for abuse prevention; truncated after 30 days)

2.3 What we do NOT collect

• Payment information (no paid tiers active during beta)
• Precise location from your device (we do not request geolocation)
• Third-party advertising identifiers
• Sensitive personal information (race, health, religion, biometrics, etc.)

3. Why we collect it (legal basis)

• Contractual necessity — to provide the screening service you signed up for
• Legitimate interest — to prevent abuse, debug errors, and improve the service
• Legal obligation — to comply with applicable law (anti-spam, accounting, regulatory requests)
• Consent — for any optional features that explicitly ask for it (e.g., feedback survey participation)

4. Where your information is stored and processed

Your data is processed in:

• Canada — Solutions ArdanGeo Inc. operations and audit logs
• United States — Clerk (authentication), Mapbox (map tiles)
• European Union — Copernicus / ECMWF (climate normals and ERA5 data; only when your queries trigger lookup, not your personal data)
• Cloudflare global edge — caching of static pages (no personal information cached at the edge)

Cross-border transfers from Quebec to the United States rely on standard contractual clauses with Clerk and Mapbox, in accordance with Quebec Law 25 §17.

5. How long we keep it

• Account information: while your account is active, plus 90 days after deletion request (for fraud-prevention archive)
• Hex query history: 12 months rolling window
• Feedback submissions: indefinitely (used for product development; anonymized after 24 months)
• IP address logs: 30 days, then truncated to /24 prefix
• Generated reports (post-beta): as long as your account is active, plus 6 months

6. Your rights

Under Quebec Law 25 (and GDPR where applicable), you have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Delete your account and associated personal information
• Receive a portable copy of your data (JSON export)
• Withdraw consent for any optional processing
• Lodge a complaint with the Commission d'accès à l'information du Québec (CAI) or, if you are in the EU, your local Data Protection Authority

Send any rights request to [email protected]. We will respond within 30 days as required by Quebec Law 25 §29.

7. Cookies and similar technologies

• Strictly necessary: Clerk session cookie (required to stay logged in)
• Functional: locale preference (en/fr), theme preference
• Analytics: none yet during beta. If we add analytics (e.g., Plausible), we will update this policy and request fresh consent.
• Advertising: none. Ever.

8. Children

ArdanGeo is a professional engineering tool not intended for users under 14. We do not knowingly collect information from minors. If you believe a minor has signed up, please contact us so we can delete the account.

9. Security

We use TLS (HTTPS) for all data in transit, encrypted volumes for data at rest, and Clerk for auth (which provides MFA, device tracking, and breach monitoring). No system is impenetrable; if a breach occurs that affects your data, we will notify you and the CAI within 72 hours per Quebec Law 25 §63.7.

10. Updates to this policy

Substantive changes will be communicated by email to active users at least 30 days before they take effect. Minor edits (typos, link updates) will appear here without notice.