PolarPath Technologies Ltd.Canada flag
Book demo

PolarPath Privacy Policy

Effective Date: 23 May 2026

Applies to: the PolarPath platform (the field operations operating system, including web and mobile apps), PolarSign (Google Workspace add-on and companion web app for e-signature), and all PolarPath websites (including polarpath.ca).

We do not sell personal information and do not “share” it for cross-context behavioural advertising (as defined by California's CPRA). We do not use Google user data, customer records, or AI-processed content for advertising or for training generalized third-party models.

Who We Are & Scope

PolarPath Technologies Ltd. (“PolarPath”, “we”, “us”, “our”) is a Canadian-incorporated software company based in Mississauga, Ontario, Canada. We provide:

  • PolarPath, our flagship field operations platform — a single operating system covering CRM, dispatch, work orders, projects, human resources, finance, mobile field execution, and embedded AI assistance (PolarAI) for construction, field-service, facilities, and manufacturing teams.
  • PolarSign, a Google Workspace add-on and companion web app that helps organizations prepare, send, and track documents for e-signature.

This Policy explains how we collect, use, disclose, and protect personal information when you use our platforms, visit our websites, or interact with us. It applies to both products. Where a practice is product-specific, we say so.

We comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, the EU/UK General Data Protection Regulation (GDPR) and U.S. state privacy laws (e.g., California CPRA).

By accessing or using our products or websites, you acknowledge this Policy. If you do not agree, please do not use our services.

PIPEDAGDPRCPRA
Back to top ↑

Our Role (Controller vs. Processor)

  • Controller: We act as a controller for account, billing, website, and support information we collect directly from you, and for the limited set of identifiers we use to operate and secure our services.
  • Processor / Service Provider: For customer-records data that your organization processes through PolarPath or PolarSign (e.g., customer accounts, jobs, dispatch records, work orders, invoices, call transcripts, AI summaries, e-signature documents, recipient details, audit trails), we act on your organization’s instructions. Your organization’s agreement with PolarPath governs that processing; please contact your administrator for requests about that data.

Back to top ↑

Information We Collect

1) Information You Provide

  • Account & profile. Name, email, organization, role, phone number, and preferences provided at sign-up or by your administrator.
  • Billing. Subscription plan, renewal dates, payment status, and limited payment metadata from our processor (Stripe). We do not store full card numbers.
  • Support & feedback. Messages, attachments, screenshots, and diagnostic logs you submit via email, chat, or in-product feedback.
  • Sales / demo inquiries. Information submitted via our website contact form (name, email, phone, company, modules of interest, free-text goals).

2) Customer-Records Data (PolarPath platform)

When you use the PolarPath operating system, your organization creates and processes operational records. This includes, depending on the modules you use:

  • CRM & pipeline. Customer/account/contact details, deal-stage history, quotes, tickets, tasks, communications, and email/calendar activity (with your authorization).
  • Operations. Jobs, work orders, dispatch assignments, schedules, project plans (Gantt, RFIs, issues), maps/territories, asset/vendor records.
  • Workforce. Timesheets, time-off requests, and similar employee records your administrators load into the platform.
  • Finance. Quotes, invoices, payments, collections data, and accounting-integration metadata.
  • Communications. Click-to-call call logs, recordings, transcripts, email activity tracking, and AI-generated summaries that attach to the customer record.
  • Mobile field execution. Location coordinates (with consent), photos, time-stamps, and status updates posted from the mobile app to the same record.

3) Document Content (PolarSign)

  • Files and fields you upload or select for e-signature workflows, plus recipient names/emails and routing instructions.
  • Signing status, time-stamps, IP addresses at signing, and audit-trail events.

4) Information Collected Automatically

  • Usage & device logs. IP address, locale, time zone, device/browser details, feature interactions, time-stamps, performance metrics, and error diagnostics.
  • Cookies / local storage. Session tokens, CSRF tokens, preferences, and analytics identifiers used on our sites and dashboards.

5) Information from Google APIs (PolarSign and optional PolarPath integrations)

PolarSign accesses Google Workspace data only with your explicit authorization (OAuth). PolarPath also offers optional Google Workspace integrations (Gmail and Calendar sync). Depending on the features you use, we may access:

  • Drive & editors. File metadata (title, type, ID, owner) and, when you request actions, file content to export or convert Google Docs/Sheets/Slides/Drive files to PDF for e-signature.
  • Gmail / Calendar. Message and event metadata required to surface communications on the customer record — only with your explicit OAuth consent.
  • Basic profile. userinfo.email to associate actions with your organization and display your identity in activity logs.
  • Script runtime context. Locale and UI container details to render the add-on interfaces.

We access the minimum Google data required to perform requested actions and honour Google’s Limited Use requirements (see Annex A).

6) Third-Party Integrations (Optional)

At your direction, we may receive data from integrations you connect (e.g., accounting, CRM, telephony, mapping, or helpdesk tools). Examples include QuickBooks metadata, Canada Post address-validation results, customer coordinate sync, telephony events from your calling provider, and HubSpot/Salesforce data where you choose to import or sync.

7) Recipients & Signers (PolarSign)

When you send documents through PolarSign, we process recipient contact details, signing status, time-stamps, IP addresses at signing, and audit-trail events.

8) Aggregated / De-identified Data

We may create aggregated or de-identified statistics (e.g., feature adoption, performance metrics) that do not identify individuals. We use these to improve reliability and user experience.

Back to top ↑

PolarAI & AI Processing

PolarAI is the AI layer embedded in the PolarPath platform. It summarizes records, drafts replies, captures call transcripts and AI summaries into activity history, and suggests next actions inside the workflow.

  • Where AI runs. AI processing happens through our infrastructure and vetted AI service providers (see Annex B). We design AI workflows so customer content stays within our processing boundary except where you explicitly route it elsewhere.
  • What AI can see. Only the records and communications you and your organization choose to surface to PolarAI (e.g., a specific customer record, a call recording you initiate, an email you sync).
  • No model training on your content. We do not use your customer records, document content, call recordings, Google user data, or any other identifiable customer content to train our own or third-party generalized AI models. We may use aggregated, de-identified performance metrics to improve PolarAI’s reliability.
  • Human in the loop. PolarAI outputs (summaries, drafts, suggested next actions) are assistive. Your team retains responsibility for review before sending or acting.
  • Recording & transcription. Call recording and transcription happen only when enabled by your organization’s administrators and in compliance with applicable consent and notification laws in your jurisdiction.

Back to top ↑

How We Use Information

  • Deliver, operate, and improve PolarPath and PolarSign (e.g., route work orders, dispatch crews, render dashboards, export files, send documents to recipients, surface AI summaries).
  • Authenticate users, enforce access controls, audit privileged actions, and protect accounts.
  • Process payments, manage subscriptions, and send transactional notices (status updates, reminders, invoices).
  • Provide support, troubleshoot issues, perform debugging and auditing.
  • Monitor performance, conduct analytics, and enhance reliability, quality, and security.
  • Comply with legal obligations, enforce terms, and prevent abuse or fraud.

AI / ML. See Section 4 (PolarAI & AI Processing). We do not use customer document content, customer records, call data, or Google user data to train generalized advertising or third-party models. Any product analytics use aggregated or de-identified data.

Back to top ↑

Legal Bases (EEA/UK GDPR)

  • Contract: To provide the services you or your organization requested.
  • Legitimate interests: To secure, improve, and support the services, and to prevent fraud — balanced against your rights.
  • Consent: Where required (e.g., certain cookies, call recording, optional communications). You can withdraw consent at any time by contacting privacy@polarpath.ca or, where available, through in-product settings.
  • Legal obligations: To meet tax, accounting, or compliance requirements.

Back to top ↑

How We Share Information

  • Service providers. Vendors that host infrastructure (e.g., Vercel for web hosting, Google Cloud Platform), process payments (e.g., Stripe), send emails, provide telephony or AI processing, or provide analytics — bound by confidentiality and data-protection terms.
  • Recipients you designate. Documents, envelopes, notifications, and audit trails are shared with the people you specify.
  • Your organization’s administrators. If you use PolarPath or PolarSign through your employer, your administrators can access activity, records, and content within their account.
  • Legal compliance & safety. When required by law or to protect the rights, safety, or property of PolarPath, users, or the public.
  • Business transfers. In a merger, acquisition, or reorganization, data may transfer to the successor subject to this Policy.

We do not sell personal information and do not “share” it for cross-context behavioural advertising.

Back to top ↑

Data Retention

  • Account & profile data: Kept while you maintain an account, then deleted or anonymized within a reasonable period unless retention is required by law or to resolve disputes.
  • Customer records (PolarPath): Retained per your organization’s settings and instructions. Administrators may request deletion of specific records or the full account; we will honour requests unless retention is legally required.
  • Documents & envelopes (PolarSign): Retained per your organization’s settings and instructions. Administrators may request deletion of specific documents or the full account.
  • Call recordings & transcripts: Retained per your organization’s retention policy configured in PolarPath; defaults can be adjusted by administrators.
  • Audit logs: Retained for security and compliance for a period consistent with organizational needs and applicable law.
  • Transactions & invoices: Minimum seven (7) years to satisfy tax requirements (e.g., CRA).
  • Integration / implementation data (where applicable): Purged within 90 days after project end unless otherwise agreed.
  • Analytics: Aggregated or de-identified data may be kept for trend analysis; personal analytics identifiers are typically rotated or anonymized within 24 months.

Back to top ↑

Security

We employ administrative, technical, and physical safeguards aligned with industry standards, including:

  • TLS 1.2+ for data in transit and encryption at rest (e.g., AES-256) where supported by our cloud providers.
  • Least-privilege, role-based access; enforced MFA for privileged access.
  • Audit logging, monitoring, intrusion alerts, and separation of environments.
  • Vulnerability management (e.g., periodic scans and dependency monitoring) and regular security assessments.
  • Secure software-development practices and change management.

No system is perfectly secure. Please protect your credentials and notify us promptly of any suspected unauthorized access.

Back to top ↑

Breach Notification

If we become aware of a security incident that compromises the confidentiality, integrity, or availability of personal information in our care, and the incident poses a real risk of significant harm, we will:

  • Notify the affected organization’s administrators without undue delay and, where required by law, within the timeframes set out under PIPEDA, GDPR, or applicable U.S. state laws;
  • Notify the Office of the Privacy Commissioner of Canada and other applicable regulators where required;
  • Provide affected individuals with information about the incident, the personal information involved, and the steps they can take to reduce risk;
  • Maintain internal records of all breaches as required by PIPEDA.

To report a suspected security incident, contact security@polarpath.ca.

Back to top ↑

International Transfers

We store and process data primarily in Canada and the United States and may use cloud infrastructure in other regions where our service providers operate. Where required, international transfers rely on appropriate safeguards (e.g., Standard Contractual Clauses or equivalent mechanisms).

You should be aware that data hosted on infrastructure located in the United States may be subject to U.S. legal process. We use service providers (e.g., Vercel, Google Cloud Platform, Stripe) that maintain industry-standard contractual and technical safeguards and that publicly disclose how they respond to government requests.

Back to top ↑

Your Choices & Rights

Your rights depend on your location and the context of processing. Subject to legal limits, you may:

  • Access a copy of your personal information.
  • Correct inaccuracies or update details.
  • Delete data or withdraw consent (where processing is based on consent).
  • Object to or restrict certain processing.
  • Request data portability.

Region Specific

  • EEA/UK: You may object to processing based on legitimate interests and lodge a complaint with your data-protection authority.
  • Canada (PIPEDA): You may access and challenge the accuracy of your personal information. Complaints can be directed to the Office of the Privacy Commissioner of Canada (priv.gc.ca).
  • California (CPRA): Right to know, delete, correct, and opt out of sale/sharing (noting we do neither). We honour legally required browser-based opt-out signals where applicable.

How to submit a request

Email privacy@polarpath.ca. We may need to verify your identity. If you use PolarPath or PolarSign through your employer, we may direct you to your administrator, who controls organizational data. We aim to respond within 30 days, or the period required by law.

How to withdraw consent

You may withdraw consent for optional processing at any time by emailing privacy@polarpath.ca or, where the feature supports it, by disabling the relevant integration or setting in your account (e.g., disconnecting Google Workspace, turning off call recording, opting out of marketing emails). Withdrawing consent does not affect processing carried out before withdrawal.

Back to top ↑

Cookies & Analytics

We use necessary cookies to operate our sites and dashboards (e.g., session and CSRF tokens), and analytics to understand usage and improve performance. You can control cookies via your browser settings; disabling some cookies may affect functionality.

Back to top ↑

Children

PolarPath and PolarSign are not directed to individuals under 16. We do not knowingly collect personal information from children. If we learn that a child has provided personal information, we will delete it promptly.

Back to top ↑

Changes to This Policy

We may update this Policy from time to time. We will post updates here and revise the effective date above. Significant changes may also be communicated via email or in-app notification. Your continued use after changes take effect signifies acceptance.

Back to top ↑

Contact

PolarPath Technologies Ltd.
Attn: Privacy Officer
Mississauga, Ontario, Canada
privacy@polarpath.ca
Security incidents: security@polarpath.ca

You may also contact your local data-protection authority if you believe we have not addressed your concerns.

Back to top ↑

Annex A — Google API Services User Data Policy Compliance (PolarSign and optional PolarPath integrations)

  • PolarSign and the optional Google Workspace integrations within PolarPath use Google OAuth scopes (e.g., https://www.googleapis.com/auth/drive, drive.file, documents, spreadsheets, presentations, gmail.readonly, calendar.readonly, userinfo.email, script.container.ui) only to perform actions explicitly requested by the user.
  • We access and store the minimum Google user data required to execute requested functionality (e.g., exporting a Google Doc to PDF and routing it to specified recipients; surfacing an email or calendar event on a customer record).
  • We do not transfer Google user data to third parties except as necessary to provide the requested functionality (e.g., secure cloud storage or email delivery to recipients you designate).
  • We do not use Google user data for advertising or marketing.
  • We do not use Google user data to train generalized AI/ML models.
  • Users / organizations can request deletion of their PolarPath or PolarSign account or data by emailing privacy@polarpath.ca. Associated Google data held by us will be deleted unless retention is legally required for obligations or audit purposes.
  • We honour the Google API Services User Data Policy, including Limited Use requirements.

Back to top ↑

Annex B — Key Service Providers

We use vetted service providers to deliver PolarPath and PolarSign:

  • Vercel — Hosting and content delivery for our web applications and marketing websites.
  • Google Cloud Platform (GCP) — Infrastructure hosting, storage, and security services.
  • Stripe — Payment processing (PolarPath receives limited payment metadata; full card data is handled by Stripe).
  • Email-delivery provider — Transactional notifications and status updates to recipients you designate.
  • Telephony provider — Click-to-call routing, call recording (where enabled), and transcription delivery.
  • AI provider(s) — Large-language-model providers used to power PolarAI summaries, drafts, and next-action suggestions. These providers process content under enterprise terms that prohibit use of customer content for model training.
  • Canada Post — Address lookup and validation through the Canada Post AddressComplete API (where enabled).
  • Analytics provider — Aggregated usage metrics to improve reliability and user experience.

A current list of subprocessors is available upon request at privacy@polarpath.ca.

Back to top ↑

Annex C — Definitions

  • “Personal information” / “personal data” means information that identifies or reasonably relates to an identified or identifiable person.
  • “Sell” / “Share” have the meanings given in the California Consumer Privacy Laws (CPRA).
  • “Processor” / “Service Provider” means an entity that processes personal information on behalf of a controller/business.
  • “Customer records” means accounts, contacts, jobs, work orders, projects, invoices, communications, and related operational data your organization creates or imports into PolarPath.
  • “Document content” means files, fields, and data you submit to PolarSign for e-signature workflows, including recipient details and audit events.
  • “PolarAI” means the AI features embedded in PolarPath that provide summaries, drafting assistance, transcription, and next-action suggestions.

This Policy is for transparency and does not limit any rights you may have under applicable law or your organization’s agreement with PolarPath.

Back to top ↑

By continuing to use PolarPath’s websites and services, you acknowledge and accept this Privacy Policy.