Privacy Policy
At PackTrack One Inc. (“PackTrack One,” “we,” “us,” or “our”), we take privacy seriously. This Privacy Policy explains what personal information we collect when you use the PackTrack One platform (available at app.packtrack.one and packtrack.one), how we use it, who we share it with, and what rights you have over it.
PackTrack One is a cloud-based SaaS platform for inventory management, vendor management, compliance tracking, and smart ordering, designed for food packaging manufacturers. We are a B2B service — our customers are businesses, and the individuals whose information we handle are primarily business professionals accessing the platform on behalf of their employer.
This Privacy Policy applies to information collected through our websites, web application, and any related services.
We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s federal private-sector privacy law, and applicable Alberta privacy requirements.
1. Who We Are and How to Contact Us
PackTrack One Inc. is the “organization” responsible for your personal information under PIPEDA.
Privacy Contact:
PackTrack One Inc.
Alberta, Canada
Privacy Inquiries: privacy@packtrack.one
If you have questions or concerns about how we handle your personal information, please contact us at the address above. We will respond to all privacy inquiries within 30 days.
2. What Personal Information We Collect
We collect personal information only to the extent necessary to provide our Service and fulfill our legitimate business purposes. We do not sell personal information.
2.1 Account and Contact Information
When you register for an account, we collect:
- Full name — to identify you within the platform;
- Work email address — for account communication, login, and notifications;
- Company name and role — to understand your organizational context;
- Password (hashed) — if you use email/password login (we never store plain-text passwords); and
- SSO profile data — if you register or log in using Google or Microsoft, we receive your name, email address, and profile picture as provided by that provider’s OAuth flow.
2.2 Billing and Payment Information
If you subscribe to a paid plan, we collect:
- Billing contact information (name, email, billing address); and
- Payment information — your payment card details are collected and processed directly by Stripe. PackTrack One does not receive or store your full card number, CVV, or sensitive card data. We may store a Stripe customer ID and the last 4 digits of your card number for reference.
2.3 Business and Operational Data
As you use the platform, you upload and generate business data, which may incidentally include personal information. This includes:
- Inventory records — product names, quantities, SKUs, expiry dates, and related data you enter;
- Vendor information — supplier names, contact persons, email addresses, phone numbers, and addresses for your vendors;
- Compliance documents — certificates, permits, audit reports, and other documents you upload, which may be processed by our AI features (OCR) to extract text; and
- Purchase orders and ordering history — details about orders placed within the platform.
You, as the business using our Service, are responsible for the personal information of third parties (such as your vendors’ employees) that you upload to the platform. You should have a lawful basis for providing that information to us.
2.4 Usage and Technical Data
When you use the Service, we automatically collect technical and usage information, including:
- Log data — IP address, browser type, operating system, referring URL, pages visited, timestamps, and session duration;
- Device information — device type, screen resolution, and language settings;
- Usage patterns — features used, buttons clicked, workflows completed, and time spent in the application; and
- Error data — crash reports and error logs, which may include information about the state of the application at the time of an error.
2.5 Communications
If you contact us by email, through our support system, or through in-app chat, we retain the contents of those communications and your contact information.
2.6 Cookies and Tracking Technologies
We use cookies and similar technologies. See Section 8 (Cookie Policy) for details.
3. How We Use Your Personal Information
We use the personal information we collect for the following purposes:
3.1 Providing and Operating the Service
- Creating and managing your account;
- Authenticating your identity when you log in;
- Enabling platform features, including AI-powered OCR and chatbot functionality;
- Processing transactions and managing your subscription;
- Providing customer support and responding to your inquiries; and
- Sending transactional communications (account confirmations, invoices, password resets, subscription renewals).
Legal basis under PIPEDA: Your consent at account creation and performance of our contract with you.
3.2 Improving the Service
- Analysing usage patterns to understand how the platform is used and identify areas for improvement;
- Monitoring performance and diagnosing bugs and errors;
- Conducting product research and user testing; and
- Developing new features and functionality.
Where possible, we use aggregated or anonymized data for improvement purposes.
Legal basis under PIPEDA: Our legitimate business interest in improving our product.
3.3 Communications and Marketing
- Sending service-related updates, product announcements, and feature newsletters;
- Sending promotional emails about our plans and services (you can unsubscribe at any time using the link in any marketing email); and
- Notifying you of changes to these policies or to the Service.
Legal basis under PIPEDA: Your consent (for marketing communications) and our legitimate interest (for service-related communications).
3.4 Security and Fraud Prevention
- Detecting, investigating, and preventing fraudulent transactions, unauthorized access, and other misuse of the Service;
- Enforcing our Terms of Service; and
- Complying with applicable legal obligations.
3.5 Legal and Regulatory Compliance
- Complying with applicable laws, regulations, and lawful requests from government authorities; and
- Establishing, exercising, or defending legal claims.
4. Third-Party Data Sharing
We do not sell your personal information. We share personal information with third parties only as described in this section.
4.1 Our Third-Party Service Providers (Subprocessors)
We use a limited number of trusted service providers to help us operate the Service. Each provider is bound by data processing agreements and is only permitted to use your data for the specific purpose for which we share it.
Stripe — Payment Processing
Website: https://stripe.com
Purpose: Stripe processes all subscription payments and manages billing.
Data shared: Name, email address, billing address, payment card information (handled directly by Stripe), and subscription details.
Stripe’s role: Stripe is an independent data controller for the payment data it collects. Stripe’s use of your data is governed by Stripe’s Privacy Policy.
Location: United States (with global operations).
Google — Single Sign-On (SSO)
Website: https://google.com
Purpose: If you choose to log in using “Sign in with Google,” Google authenticates your identity and passes your profile information to us.
Data shared: Name, email address, and profile picture as provided by your Google account.
Note: This integration is optional. Google’s use of your data is governed by Google’s Privacy Policy.
Location: United States (with global operations).
Microsoft — Single Sign-On (SSO)
Website: https://microsoft.com
Purpose: If you choose to log in using “Sign in with Microsoft,” Microsoft authenticates your identity and passes your profile information to us.
Data shared: Name, email address, and profile picture as provided by your Microsoft account.
Note: This integration is optional. Microsoft’s use of your data is governed by Microsoft’s Privacy Statement.
Location: United States (with global operations).
Anthropic — AI Features (OCR and Chatbot)
Website: https://anthropic.com
Purpose: We use Anthropic’s Claude AI models to power our OCR document scanning and conversational chatbot features.
Data shared: Content you submit to these AI features — this may include text extracted from compliance documents, inventory descriptions, and queries you type into the chatbot. We do not intentionally send unnecessary personal information to Anthropic; however, documents you upload may incidentally contain personal information.
Important: Anthropic’s models may process content on Anthropic’s infrastructure. Data shared with Anthropic is governed by our data processing agreement with Anthropic and Anthropic’s Privacy Policy.
Location: United States.
Your control: You can avoid sending sensitive personal information to Anthropic by not submitting it through AI-powered features.
PostHog — Product Analytics
Website: https://posthog.com
Purpose: PostHog helps us understand how users interact with the Service, track feature usage, and identify areas for improvement.
Data shared: Usage events (pages visited, features clicked, workflows completed), session data, IP address, browser and device information, and your PostHog-assigned user identifier (which we may associate with your account ID).
Note: We configure PostHog to minimize collection of unnecessary personal data. Data is governed by our data processing agreement with PostHog and PostHog’s Privacy Policy.
Location: Data may be stored in the United States or European Union (PostHog offers data residency options).
Sentry — Error Monitoring
Website: https://sentry.io
Purpose: Sentry captures application errors, crashes, and performance issues to help us identify and fix bugs.
Data shared: Error logs, stack traces, browser and device information, IP address, and potentially the state of the application at the time of an error (which could include fragments of data you were viewing or entering). We configure Sentry to scrub sensitive data where possible.
Location: United States.
Note: Data is governed by our data processing agreement with Sentry and Sentry’s Privacy Policy.
Brevo (formerly Sendinblue) — Email Delivery
Website: https://www.brevo.com
Purpose: Brevo powers our transactional and marketing email delivery (account confirmations, invoices, product updates, newsletters).
Data shared: Your name, email address, and email engagement data (opens, clicks, unsubscribes).
Location: European Union (with global infrastructure). Data is governed by our data processing agreement with Brevo and Brevo’s Privacy Policy.
4.2 Business Transfers
If PackTrack One Inc. is involved in a merger, acquisition, asset sale, financing, or other corporate transaction, your personal information may be disclosed to, and transferred to, the parties involved in that transaction as part of the business assets. We will notify you via email and/or a prominent notice on our website before any such transfer occurs, and before your personal information becomes subject to a materially different privacy policy.
4.3 Legal Requirements
We may disclose your personal information if required to do so by law, court order, or lawful request from a government authority, or where we believe in good faith that disclosure is necessary to:
- Comply with a legal obligation;
- Protect and defend our rights or property;
- Prevent or investigate possible wrongdoing in connection with the Service; or
- Protect the personal safety of users of the Service or the public.
4.4 Aggregate and Anonymized Data
We may share aggregated or anonymized data (which does not identify any individual) with third parties for industry analysis, benchmarking, or other business purposes. This is not personal information sharing.
4.5 With Your Consent
We may share your personal information with third parties for any other purpose with your explicit consent.
5. Data Storage and Security
5.1 Where Your Data Is Stored
Our primary database infrastructure is PostgreSQL hosted on Railway (https://railway.app), with servers located in the United States and/or Canada. Some subprocessors (listed in Section 4) may process or store data in other locations, including the United States and the European Union.
By using the Service, you acknowledge that your data may be transferred to, stored in, and processed in countries outside Canada. See Section 7 (International Data Transfers) for more information.
5.2 Security Measures
We implement commercially reasonable technical and organizational security measures to protect your personal information, including:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
- Encryption at rest: Customer data stored in our database is encrypted at rest.
- Access controls: Access to production systems and customer data is restricted to authorized personnel on a need-to-know basis.
- Authentication: We support strong password requirements and encourage multi-factor authentication.
- Monitoring: We use automated tools to monitor for security anomalies and unauthorized access attempts.
- Vendor security: We conduct due diligence on third-party service providers and require them to maintain appropriate security standards.
Despite our best efforts, no security system is impenetrable. We cannot guarantee that your personal information will not be accessed, disclosed, altered, or destroyed by a breach of our security measures. If you believe your account has been compromised, please contact us immediately at privacy@packtrack.one.
5.3 Data Breach Notification
In the event of a security breach that involves your personal information, we will notify you as required by applicable law, including PIPEDA’s mandatory breach reporting requirements. We will notify the Office of the Privacy Commissioner of Canada (OPC) and affected individuals of breaches that pose a real risk of significant harm.
6. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
| Data Type | Retention Period |
|---|---|
| Account information (name, email, company) | For the duration of your account, plus 30 days after termination |
| Customer Data (inventory, vendor, compliance data) | For the duration of your account, plus 30 days after termination |
| Billing records and payment history | 7 years from the date of transaction (for tax and regulatory purposes) |
| Usage and analytics data | Up to 24 months from collection |
| Error logs (Sentry) | Up to 90 days from collection |
| Email communications and support records | Up to 3 years from the date of the communication |
| Cookies and session data | As described in Section 8 |
After the applicable retention period, we will securely delete or anonymize personal information. If you request deletion of your personal information (see Section 9.3), we will fulfill that request subject to any legal retention obligations.
7. International Data Transfers
PackTrack One is based in Alberta, Canada. Our subprocessors are primarily located in the United States. When your personal information is transferred outside Canada, it is subject to the laws of the country where it is processed, which may not provide the same level of privacy protection as Canadian law.
We take the following steps to protect personal information transferred internationally:
- We enter into data processing agreements with all subprocessors that include privacy and security obligations appropriate for the transfer;
- We select subprocessors that adhere to recognized security and privacy frameworks; and
- We periodically review our subprocessors’ privacy and security practices.
By using the Service, you acknowledge and consent to the transfer of your personal information to countries outside Canada, including the United States, as described in this Policy.
If you have questions about international data transfers, please contact privacy@packtrack.one.
8. Cookie Policy
8.1 What Are Cookies?
Cookies are small text files stored on your device when you visit a website. We also use similar technologies such as local storage and session tokens. In this section, we use “cookies” to refer to all such technologies.
8.2 Cookies We Use
| Cookie Type | Purpose | Examples |
|---|---|---|
| Strictly Necessary | Required for the Service to function — session management, authentication, security tokens. Cannot be disabled. | Session tokens, CSRF tokens |
| Functional | Remember your preferences and settings, such as language, theme, and dashboard layout. | User preference cookies |
| Analytics | Collect information about how you use the Service to help us improve it. Set by PostHog. | PostHog analytics cookies |
| Error Monitoring | Help us detect and fix errors. Set by Sentry. | Sentry session replay identifiers |
8.3 Third-Party Cookies
Some cookies are set by our third-party service providers (PostHog, Sentry) and are subject to those providers’ own privacy policies. We do not control third-party cookies.
8.4 Managing Cookies
You can control non-essential cookies through your browser settings. Most browsers allow you to:
- View and delete cookies;
- Block all cookies or block cookies from specific sites; and
- Receive a warning before a cookie is stored.
Note that disabling certain cookies may affect the functionality of the Service. Strictly Necessary cookies cannot be disabled without preventing access to the Service.
8.5 Do Not Track
Some browsers send “Do Not Track” (DNT) signals. We do not currently respond to DNT signals in a standardized way because there is no consistent industry standard for what constitutes a DNT response. We will revisit this as standards evolve.
9. Your Rights Under PIPEDA
As an individual whose personal information we hold, you have the following rights under PIPEDA:
9.1 Right of Access
You have the right to request access to the personal information we hold about you. Upon a verified request, we will tell you:
- What personal information we hold about you;
- How we are using it;
- Who we have disclosed it to; and
- Where it came from (if known).
We will respond within 30 days of receiving a valid access request. In some cases, we may need more time or may be unable to provide access (for example, where it would reveal information about a third party or is subject to legal privilege). If we cannot fulfill your request fully, we will explain why.
9.2 Right to Correction
If you believe that personal information we hold about you is inaccurate, incomplete, or out of date, you have the right to request correction. You can update most account information directly in your profile settings. For other corrections, please contact privacy@packtrack.one.
9.3 Right to Withdraw Consent / Request Deletion
You may withdraw your consent to our collection and use of your personal information at any time. In practice, withdrawing consent typically means closing your account, as we cannot provide the Service without processing your account information.
If you wish to have your personal information deleted, you may submit a deletion request to privacy@packtrack.one. We will honor deletion requests subject to the following:
- We may retain certain information where required by law (e.g., billing records for tax purposes — see Section 6);
- We will delete or anonymize your personal information from our active systems within 30 days of your account’s termination date; and
- Residual copies may remain in backups for a limited period before being overwritten.
9.4 How to Submit a Request
To exercise any of the above rights, please email privacy@packtrack.one with the subject line “Privacy Request — [Type of Request]” and include:
- Your full name and the email address associated with your account;
- A description of your request; and
- Any information that helps us verify your identity.
We will respond to all verified requests within 30 days. If we need more time, we will notify you within the initial 30-day period.
9.5 Right to Lodge a Complaint
If you are not satisfied with our response to a privacy request or believe we have violated PIPEDA, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC):
- Website: https://www.priv.gc.ca
- Phone: 1-800-282-1376
10. Children’s Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. Our Terms of Service require users to be at least 18 years of age.
If you believe we have inadvertently collected personal information from a minor, please contact us at privacy@packtrack.one and we will promptly delete the information.
11. Communications from Us
11.1 Transactional Communications
We will send you transactional emails related to your account and use of the Service (e.g., account confirmation, password resets, invoices, service status notifications). These communications are a necessary part of providing the Service and cannot be opted out of while your account is active.
11.2 Marketing Communications
With your consent, we may send you newsletters, product updates, feature announcements, and promotional content. You may opt out of marketing communications at any time by:
- Clicking the “Unsubscribe” link in any marketing email; or
- Updating your notification preferences in your account settings; or
- Emailing privacy@packtrack.one.
Opting out of marketing communications will not affect transactional communications.
12. Links to Third-Party Websites
The Service may contain links to third-party websites, integrations, or resources. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons.
When we make material changes, we will notify you by:
- Sending an email to the address associated with your account; and/or
- Displaying a prominent notice within the Service or on our website.
The updated Policy will take effect 30 days after we post it (unless the change is required by law, in which case it may take effect sooner). Your continued use of the Service after the effective date of any update constitutes your acceptance of the updated Policy.
The “Last Updated” date at the top of this page indicates when this Policy was most recently revised.
14. Contact Us About Privacy
If you have any questions, concerns, or requests related to this Privacy Policy or our privacy practices, please contact our privacy team:
PackTrack One Inc.
Alberta, Canada
Privacy Email: privacy@packtrack.one
General Support: support@packtrack.one
Website: https://packtrack.one
We are committed to working with you to resolve any privacy concerns and will respond to all inquiries within 30 days.
This Privacy Policy was last updated on April 12, 2026.