Privacy Policy

Tidal Flow Systems Inc. (“we”, “our”, or “us”) is committed to protecting your privacy in accordance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, Quebec’s Act respecting the protection of personal information in the private sector (“Law 25”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or make a purchase.

We collect personal information that you provide directly to us, including your name, email address, phone number, company name, shipping and billing addresses, order and enquiry history, and any other information you choose to provide through our contact form or during checkout. We also automatically collect certain technical information about your device and browsing activity when you use our website, including IP address, browser type, and pages visited.

We collect your personal information only for identified purposes, including: to process and fulfill your orders; to communicate with you about your orders, quotes, or enquiries; to manage our ongoing customer relationship through our customer relationship management (CRM) platform, including enquiry and quote history and account communications; to manage trade (B2B) customer accounts, wholesale pricing, and sales agent ordering through our B2B ordering platform; to send transactional notices and support messages; and to improve our website and services. We will not use your information for a new purpose without your consent.

Our website uses cookies to enable essential functions such as shopping cart and checkout. These cookies are necessary for the website to operate and cannot be disabled. We do not currently use cookies for advertising or tracking purposes beyond what is required for store functionality.

We do not sell your personal information. We share your personal information only with trusted third-party service providers who help us operate our business, and only to the extent necessary for them to perform their services on our behalf. These currently include:

• Shopify Inc.— powers our online store and processes orders, payments, and shipping on our behalf. Shopify’s privacy practices are available at shopify.com/legal/privacy.
  
  
• HubSpot, Inc.— our customer relationship management (CRM) platform, used to manage customer enquiries, quote and order history, and ongoing communications. HubSpot’s privacy practices are available at legal.hubspot.com/privacy-policy.
  
  
• SparkLayer (Spark Layer Limited)— our B2B and wholesale ordering platform, used to manage trade customer accounts, B2B pricing, quick ordering, and sales agent tools. SparkLayer’s privacy practices are available at sparklayer.io/privacy.

Shopify, HubSpot, and SparkLayer may store and process your personal information on servers located outside of Canada, including in the United States and the European Union. When your personal information is transferred outside Canada, it may be subject to the laws of the jurisdiction in which it is stored, including lawful access requests by foreign authorities. We remain accountable under PIPEDA for the protection of your personal information when it is transferred to third-party service providers, and we require those providers to maintain safeguards comparable to our own.

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. CRM records relating to an active customer relationship are retained for the duration of that relationship and for a reasonable period thereafter in accordance with our internal retention policy.

Under PIPEDA, and under Quebec’s Law 25 where applicable, you have the right to access the personal information we hold about you, to request corrections if it is inaccurate or incomplete, to request portability of information you have provided to us, to request de-indexing in certain circumstances, and to withdraw consent to certain uses of your information, subject to legal or contractual restrictions. To exercise any of these rights, please contact us through our Contact page. We will respond to access and correction requests within 30 days.

Tidal Flow Systems Inc. has designated a Privacy Officer who is responsible for overseeing compliance with this Privacy Policy and applicable privacy legislation. You may contact the Privacy Officer through our Contact page.

We implement reasonable security safeguards to protect your personal information against unauthorized access, disclosure, or misuse. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

In the event of a breach of security safeguards that creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada (and, where applicable, the Commission d’accès à l’information du Québec) as required by law.

We may update this Privacy Policy from time to time. The date at the top of this page reflects when it was last revised. Continued use of our website following any changes constitutes your acceptance of the updated policy.

If you have any questions about this policy or wish to make a privacy complaint, please reach out through our Contact page. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca. If you are a Quebec resident, you may also contact the Commission d’accès à l’information du Québec at cai.gouv.qc.ca.