CanWeb Services Inc.

Privacy Policy

Last Updated: January 2026

Section 1 — Who We Are

This website is operated by CanWeb Services Inc. (“we”, “our”, “us”). Our main website is https://canwebservices.ca, and our billing and client portal is located at https://billing.canwebservices.ca.

As a Canadian business, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). We are responsible for all personal information under our control and have designated a Privacy Officer to ensure compliance with PIPEDA’s 10 Fair Information Principles.

Section 2 — What Personal Data We Collect and Why

We collect personal information only for purposes that a reasonable person would consider appropriate in the circumstances. We identify these purposes at or before the time of collection, and we obtain your consent where required.

2.1 Comments

When visitors leave comments, we collect the information shown in the comment form, your IP address, and browser user agent string to help detect spam and maintain site security. An anonymized hash of your email address may be sent to the Gravatar service to determine if you use it. Their privacy policy is available at https://automattic.com/privacy/. After approval, your profile image becomes publicly visible next to your comment.

2.2 Media Uploads

If you upload images, avoid including embedded location data (EXIF GPS). Visitors may download and extract location data from images on the site. Uploading media is voluntary and constitutes implied consent.

2.3 Contact Forms

When you submit a contact form, we collect your name, email address, and any information you include in your message. We use this information solely to respond to your inquiry and provide customer service. We retain this information only as long as necessary to fulfill these purposes.

2.4 Cookies

We use cookies to improve your experience and maintain essential site functionality. Cookies may include:

  • Comment cookies: Save your name, email, and website for one year with your consent.
  • Login cookies: Temporary cookies verify browser compatibility; additional cookies store login preferences.
  • Editor cookies: A temporary cookie storing the post ID when editing or publishing content.

You may disable cookies in your browser settings; however, some site features may not function properly.

2.5 Embedded Content

Articles may include embedded content (videos, images, articles, etc.). Embedded content behaves as if you visited the external website directly and may collect data, use cookies, or track your interaction. These third parties operate under their own privacy policies.

2.6 Analytics

We may use analytics tools to understand how visitors use our website. These tools may collect:

  • IP address
  • Browser type
  • Pages visited
  • Time spent on pages
  • Referring URLs

Analytics data helps us improve site performance and user experience. We use aggregated or de‑identified data whenever possible.

2.7 Client Accounts & Billing Portal (WHMCS)

When you create an account or place an order through our billing portal, we collect the personal information necessary to provide hosting and related services. This includes:

  • Name
  • Email address
  • Phone number (optional)
  • Billing address
  • IP address at time of order
  • Order history and invoices
  • Support ticket submissions
  • General payment method selection

We use this information to verify identity, process orders, issue invoices, maintain service records, and provide support. We limit collection to what is necessary for these purposes.

We do not store full credit card numbers or banking information. Payments are processed by third‑party providers (e.g., Stripe, PayPal) under their own privacy and security standards.

2.8 Support Tickets

When you submit a support ticket, we collect your name, email address, IP address, and any information or files you include. This information is used to diagnose issues, provide support, and maintain service quality. We retain support records only as long as necessary for operational and legal purposes.

2.9 Security & Activity Logs (Defender Pro)

Our site uses security tools that automatically log:

  • IP address
  • Username (if logged in)
  • Email address
  • Actions taken on the site (e.g., login attempts, comment submissions)

Logs are stored locally for 30 days and remotely for 1 year to detect and prevent unauthorized access. Retention periods are based on legitimate security needs.

2.10 Backups & Third‑Party Storage

We may use WPMU DEV cloud storage to store backups of audit logs and security data. These backups may contain personal information collected during normal site activity. Access to backups is restricted and protected using industry‑standard safeguards.

Section 3 — Who We Share Your Data With

We do not sell or rent your personal information. We share data only with third parties who assist in operating our website, delivering services, or meeting legal obligations. These may include:

  • Spam detection services
  • Security and backup providers (e.g., WPMU DEV, Defender Pro)
  • Analytics providers
  • Payment processors (e.g., PayPal, Stripe)
  • Service providers necessary to operate the website and billing portal

All third‑party providers are required to maintain privacy protections consistent with PIPEDA.

Section 4 — How Long We Retain Your Data

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, to meet legal or regulatory requirements, or to resolve disputes. Retention periods are based on PIPEDA’s principles of limiting use, disclosure, and retention.

  • Comments: Retained indefinitely to maintain discussion history unless you request removal.
  • User accounts: Stored as long as the account remains active. You may update or delete your information at any time (except usernames, which are system identifiers).
  • Orders and invoices: Retained for the period required by Canadian tax and corporate record‑keeping laws.
  • Support tickets: Retained only as long as necessary for service history, troubleshooting, and quality assurance.
  • Security logs: Retained for 30 days locally and 1 year in remote storage to detect and prevent unauthorized access.
  • Contact form submissions: Retained only as long as necessary to respond to your inquiry or maintain business records.

Section 5 — Your Rights Over Your Data

Under PIPEDA, you have the right to access your personal information, challenge its accuracy, and request corrections. You may also request deletion of your personal information, subject to legal or contractual limitations.

You may request:

  • A copy of the personal information we hold about you
  • Correction of inaccurate or incomplete information
  • Deletion of your personal information where permitted by law
  • Information about how your data has been used or disclosed

To make a privacy request, contact our Privacy Officer at:

Section 6 — Where We Send Your Data

Visitor comments may be checked through automated spam detection services. Security logs, backups, and certain operational data may be stored in secure third‑party cloud systems. These providers may be located outside Canada, and their handling of personal information is governed by contractual safeguards consistent with PIPEDA.

Section 7 — How We Protect Your Data

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information we collect. These measures are designed to prevent unauthorized access, disclosure, alteration, or misuse.

  • Secure server environments and hardened hosting infrastructure
  • Firewalls, malware scanning, and intrusion detection
  • Encrypted connections (HTTPS/TLS)
  • Access controls, authentication, and role‑based permissions
  • Regular security audits, updates, and vulnerability monitoring

While no system is completely secure, we follow industry best practices and continuously improve our safeguards.

Section 8 — Data Breach Procedures

If a data breach occurs involving personal information, we follow PIPEDA’s breach notification requirements. This includes assessing the risk of harm and taking immediate steps to reduce further impact.

  • Investigating the incident promptly
  • Securing affected systems and preventing further unauthorized access
  • Notifying affected individuals when there is a real risk of significant harm
  • Documenting all breaches as required by law
  • Reporting to the Office of the Privacy Commissioner of Canada when applicable

Section 9 — Third-Party Data Sources

We may receive limited data from third‑party tools that support our operations. These sources may include:

  • Security and monitoring tools
  • Analytics providers
  • Spam and fraud detection services
  • Backup and hosting providers

Third‑party providers are required to maintain privacy protections consistent with PIPEDA.

Section 10 — Automated Decision-Making & Profiling

We do not use automated decision‑making or profiling that produces legal, financial, or other significant effects on users. Any automated tools we use (such as spam detection) operate solely to protect the security and integrity of our services.

Section 11 — Industry Regulatory Disclosures

We comply with applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), and follow recognized international privacy and security best practices.

Section 12 — Contact Information

For privacy-related inquiries, you may contact us at:

© CanWeb Services Inc. — All Rights Reserved.

This document forms part of the binding legal policies governing your use of CanWeb Services Inc. products and services.

favicon-32x32

Get in touch with us today!

Let's discuss your requirements and how we can assist you.