Privacy Policy Governing Use of Our Website

Last Updated: August 11, 2025

This Privacy Policy explains how 14173627 CANADA INC - DBA Backbone IT Services (we, us, our) collects, uses, discloses, retains, and protects personal information when you visit or interact with our website (the Site). It is drafted to comply with Quebec’s Act respecting the protection of personal information in the private sector, as amended by Law 25, as well as applicable Canadian privacy laws.

1. Who We Are and Scope

14173627 CANADA INC - DBA Backbone IT Services
1235 R. Notre Dame O, Unit 139, Montreal, QC, H3C 0B1
Registration Number: 1417362-7
contact@backboneitservices.com

We have appointed a person in charge of the protection of personal information (Privacy Officer), reachable at the mailing address above. If you write “Attention: Privacy Officer” in your correspondence, your request will be prioritized.
This policy covers personal information collected via the Site, contact forms, email interactions initiated through the Site, and cookies/other tracking technologies used on the Site. It does not govern information collected through our mobile application or via third party websites linked from the Site.

2. What We Collect

The personal information we collect depends on how you use the Site:

• Contact and enquiry details: name, business title, email, phone number, organization, and the content of messages you send.
• Usage and technical data: IP address, device and browser type, operating system, screen resolution, language, referring/exit pages, timestamps, pages viewed, clickstream data, and error logs.
• Cookie and identifier data: first party cookies, third party cookies, pixels, tags, web beacons, session IDs, and online identifiers used for essential functions, analytics, and—if enabled—personalization or advertising.
• Preference data: cookie and consent preferences, communication choices. We do not intentionally collect sensitive information via the Site. Please avoid including sensitive personal details in web forms.

3. Sources of Information

• Information you provide: for example, when you submit a form, request a demo, download a resource, or contact us by email.
• Automatic collection via site usage: through server logs, cookies, pixels, and similar technologies.
• Analytics and SDK/tag partners: such as Google Analytics and Google Tag Manager, which collect usage metrics and help operate tags on the Site.

3. Purposes and Legal Bases

We collect personal information for specific, explicit, and legitimate purposes:

• To operate and secure the Site (fraud prevention, debugging, performance, availability).
• To respond to enquiries, provide quotes, schedule meetings, or send resources you request.
• To measure traffic, understand how visitors use the Site, and improve content and navigation.
• To personalize content or communications where permitted by your preferences.
• To comply with legal obligations and enforce our terms.

4. Consent

Where required, we obtain free, informed, and specific consent for each identified purpose. We seek express consent for non essential cookies/technologies (e.g., analytics beyond strictly necessary, targeted advertising) and for marketing communications. You may withdraw consent at any time via our cookie preferences, unsubscribe links, or by contacting the Privacy Officer.

5. Legitimate Interests

For activities necessary to operate the Site (e.g., security logging, basic audience measurement that is privacy preserving), we rely on legitimate interests balanced against your privacy rights. Where Quebec Law 25 requires consent, consent will prevail.

6. Cookies, Profiling, and Tracking Technologies

We use:

• Strictly necessary cookies: required for core site functions (security, load balancing, basic settings).
• Analytics cookies/tools: to understand page performance and visitor flows (e.g., Google Analytics 4). Data may include truncated IP address, device/browser info, and on site events.
• Preference cookies: to remember your choices (e.g., cookie banner selections, language).
• Advertising/retargeting technologies (if enabled): pixels or tags that help tailor and measure ads on third party platforms.

7. Your Controls:

• Cookie banner and preferences centre: on your first visit, you can accept, reject, or customize non essential cookies by category.
• Browser controls: you can block or delete cookies through your browser settings.

8. Sharing and Disclosures

We do not sell personal information. We share information in limited circumstances:

• Service providers (processors): hosting, security, analytics, email delivery, form processing, and customer relationship tools. Providers are bound by contracts requiring confidentiality, use only for our purposes, and Law 25 aligned safeguards.
• Legal and compliance: to comply with applicable law, respond to lawful requests, protect our rights, security, and property, or detect/prevent fraud and abuse.
• Business transactions: in connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality and continued protection of personal information.

9. Cross Border Transfers

Personal information may be processed outside Quebec, including elsewhere in Canada or other jurisdictions where our service providers operate. Before communicating personal information outside Quebec, we conduct a privacy impact assessment considering the sensitivity of the information, the purposes and measures for its use, and the legal framework of the destination jurisdiction. Transfers are protected through contractual safeguards (e.g., standard clauses), access controls, and encryption in transit.

10. Retention and Destruction/Anonymization

We retain personal information only for as long as necessary to fulfil the purposes described above, meet legal requirements, or resolve disputes.

11. Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including access controls, encryption in transit, least privilege access, logging, and supplier due diligence. No method of transmission or storage is completely secure; residual risk remains.

12. Your rights

Subject to legal limits, you have the following rights:

• Right of access: You may request confirmation of whether we process your personal information and obtain access to it. Where applicable, we will provide a copy along with information about the purposes of processing, categories of data, sources, recipients or categories of recipients, cross-border transfers, retention periods (or criteria), and a summary of your rights.
• Right to rectification: You may request correction of inaccurate, incomplete, or equivocal personal information. Where appropriate, we will supplement the record to reflect disputed accuracy and notify relevant third parties of corrections where feasible.
• Right to erasure: You may request deletion of your personal information in circumstances such as: the data is no longer necessary for the purposes collected; you withdraw consent (where consent is the legal basis) and there is no other lawful basis; you successfully object to processing; or the information was collected or used contrary to law. We may retain information where processing is necessary for compliance with legal obligations, the establishment, exercise or defence of legal claims, fraud detection and security, or internal record-keeping consistent with statutory requirements.
• Right to restrict processing: You may request that we limit processing in specific cases (for example, while we verify accuracy following a rectification request; when processing is unlawful and you prefer restriction over deletion; when we no longer need the data but you require it for legal claims; or pending verification of compelling grounds following an objection). During restriction, we will mark the data and process it only for limited purposes (e.g., storage, consent, legal claims, or protection of others).
• Right to data portability: Where technically feasible and when processing is based on consent or a contract and carried out by automated means, you may request your personal information in a structured, commonly used, machine-readable format and request that we transmit it directly to another organization, if technically practicable and permitted by law.
• Right to object: You may object at any time to processing based on our legitimate interests, on grounds relating to your particular situation. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is required for legal claims. You have an absolute right to object to processing of your personal information for direct marketing, including profiling related to such marketing; if you object, we will stop.
• Right not to be subject to a decision based solely on automated processing: You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you, unless an authorised exception applies (e.g., necessary for a contract, authorised by law with appropriate safeguards, or based on your explicit consent). Where such processing occurs, you have the right to obtain human intervention, express your point of view, and contest the decision. We do not currently engage in such decision-making via the website; if this changes, we will provide clear notice and appropriate controls.

To exercise rights, contact our Privacy Officer.

13. Contact

In order to contact us, please use the information found at the top of this document.

Privacy Policy Governing Our Mobile Application

Last Updated: August 11, 2025

Effective Date: August 11, 2025

This Privacy Policy explains how Backbone IT collects, uses, discloses, and protects personal information when you use our mobile application (the “App”). By installing or using the App, you agree to the practices described below and in our Terms and Conditions.

1. Who We Are (Data Controller)

• Controller: 14173627 CANADA INC - DBA Backbone IT Services (“we”, “us”, “our”)
• Address: 1235 R. Notre Dame O, Unit 139, Montreal, QC, H3C 0B1
• Email: contact@backboneitservices.com

Where we act as a service provider/processor on behalf of an enterprise customer, that customer is the controller for the data they supply, and our processing is governed by our agreement with them.

2. Scope

This policy applies to personal information collected through the App and associated in app support channels. It does not cover third party websites or services that may be linked from the App.

3. Data Sources

• Information you provide (e.g., via support chat or email)
• Automatic collection via app usage
• Analytics and SDK partners

4. Cookies, SDKs, and Similar Technologies

The App and our partners use software development kits (SDKs), local storage, and device identifiers to enable core functionality, analytics, crash reporting, advertising, and attribution. These technologies help us understand performance, deliver features, personalize or limit ads (subject to your settings), and prevent fraud.

5. How We Use Your Information

We process personal information to:

• provide, operate, and secure the App, including authentication, synchronization, and personalization
• deliver customer support and respond to requests
• monitor performance, debug, and improve stability and user experience
• measure usage, run analytics, and perform product research
• manage subscriptions, in app purchases, and entitlements
• comply with legal obligations and enforce our Terms
• prevent, detect, and investigate fraud, abuse, and security incidents
• deliver and measure advertising and marketing, where permitted by law and your preferences

6. Legal Bases

Where required (e.g., EEA/UK/Quebec Law 25 contexts), we rely on one or more of: consent, performance of a contract, compliance with legal obligations, and our legitimate interests in operating, improving, and securing the App. For Canadian users, we collect, use, and disclose personal information in accordance with PIPEDA and applicable provincial laws; consent may be express or implied depending on the context and sensitivity.

7. Analytics and Attribution Providers

We use analytics to understand how the App is used and to improve performance and features.

• AppsFlyer: install attribution, campaign performance, anti fraud Privacy: https://www.appsflyer.com/legal/services-privacy-policy/

These providers may process device identifiers, IP address, and usage events. In some regions, we request consent before enabling these SDKs. You can adjust analytics preferences in in app settings where provided.

8. Data sharing and Disclosures

We share personal information only as described:

• Service providers: cloud hosting, analytics, customer support, email/SMS delivery, payment processing (subject to contractual safeguards and confidentiality).
• Advertising and analytics partners: as outlined above, for ad delivery, measurement, and attribution.
• Enterprise customers: if you access the App under an enterprise account, usage data and content may be visible to your organization’s administrators subject to their policies.
• Legal and safety: to comply with law, respond to lawful requests, enforce our Terms, or protect rights, safety, and property.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets (subject to continued protection of personal information).

We do not sell personal information. We may “share” information for interest based advertising as defined in some jurisdictions; opt out mechanisms are provided where required.

9. International Transfers

We and our providers may process information in Canada and other countries. We implement contractual and technical safeguards (e.g., standard contractual clauses, access controls, encryption in transit and at rest) to protect information during cross border transfers.

10. Security

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including access controls, encryption in transit, least privilege practices, and monitoring. No method of transmission or storage is completely secure; residual risk remains.

11. Retention

We retain personal information only as long as necessary for the purposes described, to comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type, feature usage, and legal requirements. When no longer needed, information is de identified or securely deleted.

12. Your Choices and Rights

• Permissions: You can grant or revoke device permissions (e.g., location, camera, notifications) in your device settings.
• Advertising choices: Reset or limit ad identifiers, disable personalized ads where available, or opt out using platform controls (e.g., “Limit Ad Tracking” on iOS; “Opt out of Ads Personalization” on Android).
• Analytics controls: Where offered, you can adjust analytics and crash reporting settings in the App.
• Communications: You can manage marketing preferences or unsubscribe via the link in messages (in line with CASL).
• Access, correction, deletion: Subject to applicable law, you may request access to, or correction or deletion of, your personal information. We may require verification of identity and may limit requests where permitted by law.
• Region specific rights: Where applicable (e.g., EEA/UK/Quebec), you may have additional rights such as portability, restriction, and objection. You may also lodge a complaint with your local privacy authority (e.g., Office of the Privacy Commissioner of Canada).

To exercise rights, contact us at contact@backboneitservices.com. We will respond within a reasonable timeframe.

13. Children’s Privacy

The App is not directed to children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe a child has provided information, contact us to request deletion.

14. Data for Push Notifications and Messaging

If you enable push notifications, we process a device token to deliver messages. You can disable notifications at any time in device settings. Service messages related to your account or transactions may be sent even if marketing preferences are set to opt out.

15. Account Management and Enterprise Use

If your access is provisioned by an employer or other organization, that organization may control certain account settings and access logs. Their own privacy policies may apply in addition to this one.

16. Third Party Links and Content

The App may link to third party sites or services. Their privacy practices are governed by their own policies; we are not responsible for their content or practices.

17. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified in the App or by other reasonable means. Continued use after the effective date constitutes acceptance of the updated policy.

18. Contact Us

• Controller: 14173627 CANADA INC - DBA Backbone IT Services
• Address: 1235 R. Notre Dame O, Unit 139, Montreal, QC, H3C 0B1
• Email: contact@backboneitservices.com
• Registration Number: 1417362-7

Appendix: Platform Specific Disclosures

• Apple App Store:We align disclosures with Apple’s privacy labels. You can manage tracking permissions via iOS App Tracking Transparency (Settings > Privacy > Tracking).
• Google Play:We align disclosures with Google Play’s Data Safety section. You can manage ad personalization in your Google account and Android settings.

If you require this policy in an accessible format or have questions about accessibility, please contact us using the details above.