Privacy Policy

1. Information Collected

2. Use of Information

We use your information to: • provide and operate the Service (queue management, SMS notifications); • communicate with you (turn notifications, password reset); • improve the Service (aggregated and anonymized statistics); • ensure the security of the Service (authentication, fraud prevention).

3. Data Retention

Customers' personal information (first name, phone number) is automatically deleted 24 hours after joining the queue. Aggregated statistics (wait times, number of people served) are retained without personal data. Owner and Employee account data is retained as long as the account is active.

4. Information Sharing

We do not sell or rent your personal information. We share your data only with: • Supabase (hosting and database); • Twilio (SMS delivery, limited to customer phone number); • Stripe (payment processing, limited to billing information); • Sentry (error monitoring and session replay captured only when a technical error occurs). These providers are required to protect your data in accordance with their own privacy policies and applicable laws.

5. Data Location and Transfers Outside Quebec

Your data may be processed by our subcontractors located outside Quebec, including in the United States (Stripe, Twilio, Sentry). Supabase hosts our data in a region selected to provide adequate protection guarantees. Before transferring personal information outside Quebec, we assess each provider's compliance with the protection principles set out in Law 25.

6. Your Rights

Under Law 25 and PIPEDA, you have the right to: • access your personal information; • correct inaccurate information; • request deletion of your information; • receive your information in a structured, commonly used technological format (data portability); • withdraw your consent at any time. To exercise these rights, contact us at support@suivant.app. We will respond within 30 days.

7. Security

We use industry-standard security measures to protect your data, including: • encryption in transit (TLS/HTTPS); • password encryption (hashing); • role-based access control (RLS); • automatic deletion of personal data after 24 hours.

8. Cookies

The Service uses essential cookies for authentication sessions and security. For technical error diagnostics, Sentry captures a session replay only when an error occurs (no recording during normal use). No advertising or third-party tracking cookies are used.

9. Children

The Service is not intended for persons under 14 years of age. We do not knowingly collect information from persons under 14. If we learn that a child under 14 has provided us with personal information, we will delete it promptly.

10. Changes to this Policy

We may update this Policy at any time. The updated version will be posted on this page with the revision date. Your continued use of the Service after publication constitutes your acceptance of the modified Policy.

11. Contact and Privacy Officer

The person responsible for the protection of personal information at Suivant can be reached at support@suivant.app. Any request regarding your personal information, this Policy, or the exercise of your rights must be sent to this address. We will respond within 30 days.