Privacy Policy

1. Who We Are and Applicable Law

Pynology Inc. is incorporated in the Province of Ontario, Canada. As a Canadian company collecting personal information, we are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. Where we serve users in the European Economic Area, the General Data Protection Regulation (GDPR) may also apply. Where we serve users in California (USA), the California Consumer Privacy Act (CCPA) may also apply.

For GDPR purposes, Pynology Inc. is the data controller for personal information we process about account owners and administrators. Where account administrators submit personal data of their customers and team members, the administrator is the data controller and Pynology acts as a data processor.

2. Information We Collect

2.1 Information you provide directly:

• Account registration: name, email address, password (hashed), phone number
• Business profile: company name, address, logo, business hours, service area
• Customer records: customer names, contact details, addresses, job history
• Team member information: name, email, role, employment type
• Job and service data: job descriptions, notes, photos, service reports, logs
• Financial data: invoice details, payment records (not full card numbers — see Section 6)
• Communications: support tickets, emails, and messages you send us

2.2 Information collected automatically:

• Log data: IP address, browser type, operating system, pages visited, time and date of access
• Device information: device type, operating system version, unique device identifiers
• Usage data: features used, actions taken, session duration
• Cookies and similar technologies (see Section 10)

2.3 Location data (mobile app):

With explicit permission, the mobile app may collect precise GPS location data. This includes foreground location (while app is in use) and, if enabled by the user, background location (while app is running in the background). Location data is used to support field service operations including sharing location with account administrators. See Section 5 for full details.

2.4 Information from third parties:

• Payment information from Stripe (transaction confirmations, subscription status — not full card numbers)
• Push notification tokens from Apple (APNs) and Google (FCM) via Expo

3. How We Use Your Information

4. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

Service providers and sub-processors:

Within your organization: If you are a team member, your account administrator can view your profile information, job activity, and location data (if location sharing is enabled).

Legal disclosure: We may disclose your information if required by law, subpoena, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfer: If Pynology is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as a business asset. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

With your consent: We may share your information for any other purpose with your explicit consent.

5. Location Data and Employee Monitoring

When location data is collected — plan and setting requirement. Location data is only ever collected when ALL of the following conditions are simultaneously true:

• The company account is on the Team plan (location features are not available on Starter or Pro plans)
• The account administrator has explicitly enabled location tracking in company settings
• The team member has accepted the in-app location disclosure (see below)
• The account administrator sends an active location request through the Live Field Map feature

If any of these conditions is not met, no location data is collected, transmitted, or stored. Team members on Starter or Pro plan companies will never see a location consent prompt and their location will never be accessed.

In-app consent disclosure. When a company meets the plan and setting requirements, every user receives a plain-language disclosure on first login explaining: what GPS data is collected, when collection occurs, who can view their location, and how to revoke consent at any time. Collection begins only after the user taps "I Understand & Allow." If the user taps "Decline," their location will never be reported for the lifetime of that login session, regardless of any request from the administrator.

What is collected. When all conditions are met, the app collects precise GPS coordinates (latitude, longitude, accuracy) and transmits them to My Job Logs servers. Location is captured on-demand when the administrator sends a request — it is not tracked continuously.

Background location. A location request may arrive as a push notification while the app is in the background. This is disclosed to users in the consent screen before they accept.

Employer obligations. Administrators who enable location tracking remain independently responsible for compliance with applicable employment standards, privacy legislation, and any collective agreement obligations in their jurisdiction. Pynology's in-app consent mechanism is a technical safeguard; it does not constitute legal advice or satisfy all employer-specific legal obligations.

Retention. Location data is retained for as long as the account is active and may form part of job records. You may request deletion by contacting hello@myjoblogs.com.

6. Payment Information

All payment processing is handled by Stripe, Inc. We do not store your full credit card numbers, CVV, or full banking details on our servers. We receive from Stripe only tokenized references, last four digits of your card, card type, and expiry information. Your payment transactions are subject to Stripe's Privacy Policy at stripe.com/privacy.

Stripe is a PCI DSS Level 1 certified service provider. We rely on Stripe's infrastructure for all payment security. We do not have PCI DSS obligations beyond ensuring our integration with Stripe is implemented correctly.

7. Data Retention

We may retain certain data longer if required by law, regulatory obligation, or to resolve disputes. Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

8. Data Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures include:

• Data encryption in transit (TLS/HTTPS) and at rest
• Hashed password storage (we cannot recover your password)
• Role-based access controls limiting who can access data internally
• Regular security reviews of our infrastructure
• Token-based authentication with expiry

However, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security. In the event of a data breach that poses a real risk of significant harm, we will notify affected users and the Office of the Privacy Commissioner of Canada (OPC) as required by PIPEDA. Where GDPR applies, we will notify the relevant supervisory authority within 72 hours.

9. Push Notifications

We may send push notifications to your mobile device for job updates, scheduling alerts, and service-related information. Push notifications are facilitated through Expo and the Apple Push Notification Service (APNs) or Google Firebase Cloud Messaging (FCM). We store your push notification token on our servers to deliver notifications to your device. You can disable push notifications at any time in your device operating system settings.

10. Cookies and Tracking Technologies

Our website uses the following types of cookies and similar technologies:

We primarily use localStorage (not cookies) for session token storage on the web dashboard. You can clear your browser storage at any time, which will log you out. We do not use cross-site tracking cookies or sell data to advertisers.

11. International Data Transfers

Your information may be stored and processed in Canada, the United States, or other countries where our service providers operate. When we transfer personal data outside Canada, we ensure appropriate safeguards are in place, such as standard contractual clauses or by transferring only to jurisdictions with adequate data protection laws as determined by applicable Canadian law.

For transfers from the EEA, we rely on Standard Contractual Clauses (SCCs) as the lawful transfer mechanism where no adequacy decision covers the destination country.

12. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@myjoblogs.com and we will delete such information promptly.

13. Your Rights

Depending on your jurisdiction, you may have the following rights:

To exercise any of these rights, contact us at hello@myjoblogs.com. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request. If you are dissatisfied with our response, you have the right to file a complaint with:

• Canada: Office of the Privacy Commissioner of Canada — priv.gc.ca
• EU/EEA: Your local Data Protection Authority
• California (USA): California Attorney General — oag.ca.gov

14. Marketing Communications

We may send you product updates, feature announcements, and other service-related communications. These are sent in compliance with Canada's Anti-Spam Legislation (CASL). You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in any email or contacting hello@myjoblogs.com. Unsubscribing from marketing does not affect transactional emails related to your account and subscription.

15. Do Not Track and App Tracking Transparency

Do Not Track (DNT). Some browsers transmit a "Do Not Track" signal to websites. We do not currently alter our data collection or use practices in response to DNT signals, as there is no universally accepted standard for how websites should respond to such signals. If a standard is established in the future, we will review our practices accordingly.

Apple App Tracking Transparency (ATT). My Job Logs does not track you across other companies' apps or websites for advertising purposes. We do not use your data to serve you targeted advertising on third-party platforms, and we do not share your data with data brokers or advertising networks. As a result, the My Job Logs mobile app does not trigger Apple's App Tracking Transparency permission prompt. All data collected by the app is used solely to operate the Service as described in this Policy.

Analytics. We may use aggregated, anonymized analytics to understand how the Service is used and to improve it. This data does not identify individual users and is not shared with advertising platforms.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email or in-app notification at least 14 days before the changes take effect. The date at the top of this page reflects the most recent update. Continued use of the Service after the effective date of changes constitutes acceptance.

17. Contact and Privacy Complaints

For privacy questions, requests, or complaints, contact our Privacy Officer:

Pynology Inc. — Privacy Officer
Email: hello@myjoblogs.com
Website: myjoblogs.com

If you are not satisfied with our response, you may escalate your complaint to the Office of the Privacy Commissioner of Canada at priv.gc.ca or 1-800-282-1376.