ClearBreach
Get early access

Privacy Policy

Last updated: April 2026

Who we are

ClearBreach Technologies Inc. (“ClearBreach”, “we”, “us”) is a Canadian corporation providing automated privacy breach assessment services to Canadian small and medium-sized organizations and managed service providers. We are subject to the federal Personal Information Protection and Electronic Documents Act (PIPEDA).

What information we collect and why

Waitlist signups (clearbreach.ca)

If you submit your email address on our early access page, we collect your email address for the sole purpose of notifying you when ClearBreach launches. We do not collect any other information at this stage.

Subscriber accounts (app.clearbreach.ca)

When you subscribe to ClearBreach, we collect your name, email address, organization name, and registered province. This information is required to create your account, process your payment through Stripe, and provide the service.

Assessment sessions

Breach assessment answers never leave your browser.The ClearBreach assessment wizard runs entirely in your browser. Your answers to the assessment questions are stored only in your browser’s session storage and are never transmitted to our servers. We record only the anonymized verdict tier (MINIMAL, LOW, MEDIUM, HIGH, or CRITICAL) and your assessment count for the purpose of enforcing the per-year assessment limit included in your subscription.

Usage and technical data

We collect standard server logs (IP address, browser type, pages visited, timestamps) for security monitoring and service operation. We do not use third-party analytics platforms that track individual behaviour across websites.

How we use your information

  • To provide and operate the ClearBreach service
  • To process payments and manage your subscription
  • To send transactional email (account setup, password reset, renewal reminders)
  • To notify waitlist subscribers when ClearBreach launches
  • To deliver The Breach Brief to subscribers who have consented to receive it
  • To respond to support and privacy inquiries

Email communications and CASL consent

ClearBreach complies with Canada’s Anti-Spam Legislation (CASL). We send commercial electronic messages only to individuals who have provided express consent.

  • Waitlist subscribers consent to receive a one-time launch notification by submitting their email address on our early access page.
  • ClearBreach subscribers consent to receive The Breach Brief and subscription-related communications by purchasing a subscription, as disclosed at the point of purchase.

You may withdraw consent at any time by clicking the unsubscribe link in any email or by contacting us at hello@clearbreach.ca. Unsubscribing from The Breach Brief does not cancel your subscription or affect your access to the assessment tool.

Third-party service providers

We use the following third-party service providers to operate ClearBreach. Each provider processes personal information only as necessary to deliver the service and is bound by contractual data protection obligations.

  • Stripe Inc. (USA)— payment processing. Stripe processes your payment card information and billing details. ClearBreach does not store payment card information. Stripe’s privacy policy is available at stripe.com/privacy.
  • Resend Inc. (USA) — transactional and newsletter email delivery. Resend processes your email address and the content of emails sent to you (account setup, password reset, renewal reminders, The Breach Brief). Resend does not process breach assessment content.
  • Microsoft Corporation (Canadian data residency) — business email hosting for ClearBreach staff correspondence at @clearbreach.ca addresses. Microsoft 365 is configured with Canadian data residency (Toronto and Quebec City data centres). Microsoft is a US-incorporated entity subject to the US CLOUD Act.
  • DigitalOcean LLC (Canada) — cloud infrastructure hosting the ClearBreach application and database on servers located in Canada.

Data residency and cross-border transfers

The ClearBreach application and subscriber database are hosted in Canada (DigitalOcean). Transactional email is processed by Resend, a US-based provider. Payment processing is handled by Stripe, a US-based provider. By using ClearBreach, you acknowledge that your account-level personal information (name, email, organization name) may be transferred to and processed in the United States in connection with these services. Breach assessment answers are never transferred — they remain in your browser only.

Data retention

  • Waitlist email addresses — retained until ClearBreach launches and the launch notification is sent, after which they are removed from the waitlist audience within 90 days.
  • Subscriber account data — retained for the duration of your subscription and for 24 months following cancellation, after which it is deleted.
  • Assessment records — the anonymized verdict tier and count metadata are retained for 24 months, consistent with PIPEDA breach record-keeping requirements.
  • Newsletter consent records — retained for 3 years following withdrawal of consent, as required by CASL.

Your rights under PIPEDA

You have the right to request access to the personal information we hold about you, to request correction of inaccurate information, and to withdraw consent to our use of your personal information (subject to legal and contractual restrictions).

To exercise these rights, contact our Privacy Officer at privacy@clearbreach.ca. We will respond within 30 days.

Security

We implement appropriate technical and organizational safeguards to protect personal information against unauthorized access, disclosure, or loss. These include encrypted data transmission (TLS), database access controls, and the privacy-by-design architecture that keeps breach assessment answers in your browser only.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated to subscribers by email. The date at the top of this page reflects the most recent update.

Contact

General inquiries: hello@clearbreach.ca
Privacy inquiries and PIPEDA access requests: privacy@clearbreach.ca

ClearBreach Technologies Inc.
Alberta, Canada