Privacy Policy - Reckoner

Reckoner Platform — Maverick Gardner

Effective Date: March 24, 2026 | Last Updated: March 24, 2026

1. Introduction

Maverick Gardner ("we," "us," or "our") is a corporation incorporated under the Canada Business Corporations Act, headquartered in the Province of Ontario, Canada. We operate the Reckoner platform (the "Service"), a cloud-hosted SaaS product.

This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with the Service. It applies to visitors to our website, users of the Service, and individuals whose personal information we process in the course of our commercial activities.

We are committed to protecting your privacy in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

2. Privacy Officer

Maverick Gardner has designated a Privacy Officer who is responsible for our compliance with this Policy and with PIPEDA. You may contact our Privacy Officer at:

Privacy Officer

Maverick Gardner

Email: [email protected]

3. What Personal Information We Collect

3.1 Information You Provide Directly

Account registration information (name, email address, phone number, company name, job title)
Billing and payment information (processed through a PCI-compliant third-party payment processor; we do not store credit card numbers)
Support and communication records (support tickets, emails, chat messages)
Information provided during onboarding and service configuration

3.2 Information Collected Automatically

Log data (IP addresses, browser type and version, access times, pages viewed, referring URLs)
Device information (operating system, device type, screen resolution)
Usage analytics (features used, click patterns, session duration)
Cookies and similar tracking technologies (see Section 6)

3.3 Information from Third Parties

Business contact information from publicly available sources or referrals
Information from identity verification services (where applicable)

3.4 A Note on Customer Data

When you use the Service, you may upload or process data through the platform ("Customer Data"). Where Customer Data contains personal information, we process it on your behalf as a service provider. That processing is governed by our service agreement and Data Processing Addendum (DPA), not this Privacy Policy. This Policy covers personal information we collect for our own purposes.

4. Purposes for Collection, Use, and Disclosure

We collect and use personal information for the following purposes:

4.1 Providing and Maintaining the Service

Creating and managing your account
Delivering, operating, and maintaining the Service
Processing transactions and sending related information (confirmations, invoices)
Providing customer support and responding to inquiries

4.2 Improving the Service

Analyzing usage patterns to improve functionality and user experience
Conducting research and development
Monitoring and analyzing trends, usage, and activities

4.3 Communications

Sending service-related notices (updates, security alerts, maintenance notifications)
Sending marketing and promotional communications (only with your express consent, in compliance with CASL)

4.4 Security and Compliance

Detecting, preventing, and addressing technical issues, fraud, and security threats
Complying with legal obligations and enforcing our terms

4.5 Disclosure to Third Parties

We may disclose personal information to:

Service providers and sub-processors who assist us in delivering the Service, bound by contractual obligations to protect your information
Professional advisors (legal, accounting, insurance) as necessary for business operations
Law enforcement or government authorities when required by law, regulation, court order, or governmental request
Parties to a business transaction (merger, acquisition, sale of assets), with prior notice to affected individuals

We do not sell personal information.

5. Consent

5.1 How We Obtain Consent. We obtain consent for the collection, use, and disclosure of personal information as required by PIPEDA. Depending on the sensitivity of the information and your reasonable expectations, consent may be express (opt-in) or implied (through your use of the Service).

5.2 Express Consent. We will seek express consent before: collecting or using sensitive personal information; sending commercial electronic messages (in compliance with CASL); or using personal information for a purpose not originally identified.

5.3 Withdrawing Consent. You may withdraw your consent at any time by contacting our Privacy Officer. We will inform you of the implications of withdrawal, which may include an inability to continue providing certain services. To unsubscribe from marketing communications, use the unsubscribe link in any marketing email or contact us directly.

6. Cookies and Tracking Technologies

We use cookies and similar technologies on the Service for the following purposes:

Strictly necessary cookies: Required for the Service to function (authentication, security, session management)
Functional cookies: Remember your preferences and settings
Analytics cookies: Help us understand how the Service is used (via privacy-respecting analytics)

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

7. Data Retention

We retain personal information only as long as necessary to fulfil the purposes for which it was collected, or as required by law:

Account information: Retained for the duration of your account plus two (2) years for legal and business purposes
Billing records: Minimum seven (7) years (Canada Revenue Agency requirements)
Support records: Two (2) years after resolution
Usage analytics: Aggregated and anonymized on a rolling basis; raw data retained for twelve (12) months
Marketing consent records: Retained until consent is withdrawn, plus two (2) years for CASL compliance records

When personal information is no longer required, we securely delete or anonymize it.

8. Safeguards

We protect personal information with security safeguards appropriate to the sensitivity of the information, including:

Technical safeguards: Encryption of data at rest and in transit (TLS 1.2+), multi-factor authentication, role-based access controls, network segmentation, and regular vulnerability assessments
Organizational safeguards: Employee privacy and security training, confidentiality agreements, background checks for personnel with access to personal information, and documented security policies
Incident response: Documented incident response procedures for detecting, responding to, and recovering from security incidents

9. Data Storage and Cross-Border Transfers

9.1 Storage Location. Personal information collected through the Service is stored and processed in Canada.

9.2 Sub-processors. Some of our service providers may process personal information outside of Canada. Where this occurs, we ensure that contractual or other measures are in place to provide a comparable level of protection, in accordance with PIPEDA. We will inform you if your personal information may be accessible to foreign governments under their applicable laws.

9.3 Sub-processor List. A current list of sub-processors is available upon request by contacting our Privacy Officer.

10. Your Rights Under PIPEDA

Under PIPEDA, you have the following rights with respect to your personal information:

Right of access: You may request a copy of the personal information we hold about you.
Right of correction: You may request that we correct any inaccurate or incomplete personal information.
Right to withdraw consent: You may withdraw your consent to the collection, use, or disclosure of your personal information, subject to legal or contractual limitations.
Right to challenge compliance: You may file a complaint with our Privacy Officer or with the Office of the Privacy Commissioner of Canada.

10.1 How to Exercise Your Rights

To make a request, contact our Privacy Officer using the information in Section 2. Please include sufficient detail for us to identify you and understand your request. We will respond within thirty (30) days. In limited circumstances, we may extend this period by an additional thirty (30) days, with notice.

We will not charge a fee for responding to reasonable requests. If a request is manifestly unfounded or excessive, we may charge a reasonable fee or decline the request, with an explanation.

11. Complaint Process

If you have a concern about our privacy practices, we encourage you to contact our Privacy Officer first. We will investigate and respond to your complaint in a timely manner.

If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada:

Office of the Privacy Commissioner of Canada

30 Victoria Street, Gatineau, Quebec K1A 1H3

Toll-free: 1-800-282-1376

Website: www.priv.gc.ca

12. Children's Information

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this Policy.

For material changes that affect how we collect, use, or disclose your personal information, we will provide notice via email or a prominent notice on the Service at least thirty (30) days before the changes take effect. Where required by law, we will obtain your consent before applying material changes.