Last updated June 28, 2026
Scope and Operator
This Privacy Policy applies to the authenticated Maintenance Services application and to the organization operating this deployment of the application. The system is designed as an operational business tool for inventory, stock, supplier, equipment, project, document, media, and related workflow management. The operator of this deployment is responsible for applying this policy in a manner consistent with applicable law, including Canadian private-sector privacy requirements and Ontario requirements that may apply to its operations.
Information We Collect
Depending on how your organization uses this deployment, the system may collect and store account information such as usernames, email addresses, authentication status, role or permission assignments, and user settings. It may also store business records entered by authorized users, including inventory data, customer and supplier contact details, project records, work orders, invoices, purchase orders, uploaded files, and audit history linked to user actions.
The application also processes technical and security-related information needed to run the service, such as session data, password reset and verification flows, access logs, CRUD audit entries, and other records required to protect the service, investigate incidents, and maintain accountability.
Purposes and Consent
Personal information is collected, used, and disclosed only for purposes that a reasonable person would consider appropriate in the circumstances, including authenticating users, administering access, processing business records, generating documents, supporting media and attachment workflows, maintaining audit trails, responding to support requests, and protecting the security and integrity of the service.
Where consent is required, the operator of this deployment should ensure that consent is meaningful and that individuals understand the nature, purpose, and consequences of the collection, use, or disclosure of their personal information. In some cases, information may also be processed because it is necessary to provide the requested service, manage an employment or contractor relationship, comply with legal obligations, or protect the operator, users, or other affected parties.
Cookies, Sessions, and Similar Technologies
This application uses essential technical mechanisms needed to operate securely, including session handling, CSRF protection, authentication state, and related security features. These technologies are used to keep you signed in, protect forms and requests, remember limited account preferences, and help detect misuse or unauthorized access. This policy does not authorize non-essential tracking that is not otherwise disclosed by the operator of this deployment.
Disclosure and Service Providers
Information may be disclosed to employees, contractors, administrators, and service providers who need it to operate, secure, support, or improve the service, subject to appropriate confidentiality and access controls. Depending on configuration, the application may also interact with third-party or external services such as email providers, Google or Microsoft social sign-in providers, or AI and automation services enabled by the operator.
The operator should not disclose personal information beyond these purposes unless permitted or required by law, necessary to investigate misuse or protect rights and safety, or authorized by the affected individual or organization.
Retention, Accuracy, and Access
Personal information should be retained only as long as necessary for the identified purposes, for reasonable business continuity needs, and for legal, accounting, tax, dispute, fraud-prevention, archival, or record-keeping requirements. Because this application maintains operational records and audit history, some information may remain in the system after active use ends where retention is reasonably required.
Individuals may request access to their personal information and may ask that inaccurate or incomplete information be corrected, subject to lawful exceptions and the rights of other individuals or organizations. Requests should be directed to the organization operating this deployment through the administrator or contact path provided with your account access.
Safeguards and Breach Response
The application is intended to support role-based access, authentication controls, audit logging, and private storage patterns for protected files. The operator of this deployment remains responsible for implementing safeguards appropriate to the sensitivity of the information under its control, including administrative, technical, and physical safeguards.
If the operator becomes aware of a breach of security safeguards involving personal information, it should assess the incident promptly, contain and investigate it, keep the records required by law, and provide notices or reports where required, including where there is a real risk of significant harm.
Ontario and Canada-Specific Notes
This policy is intended to be interpreted consistently with Canadian private-sector privacy requirements, including the principles of accountability, identifying purposes, consent, limiting collection, limiting use, disclosure and retention, accuracy, safeguards, openness, individual access, and challenging compliance. Where Ontario accessibility or consumer-protection rules apply to a specific deployment or transaction, nothing in this policy is intended to waive or reduce those statutory rights.
Questions or Complaints
Privacy questions, access requests, correction requests, consent withdrawals, and complaints should be directed to the organization operating this deployment using the administrator or business contact details provided to your account. If this deployment is made available to the public or to external customers, the operator should publish a named privacy contact or privacy officer and a direct contact method before relying on this policy as its final public notice.