BreachOfPrivacy
Menu

No account? Contact us

Legal

Privacy Policy

Last updated: June 4, 2026

Who we are

BreachOfPrivacy.com is a Canadian privacy-law reference site. It publishes plain-language summaries of federal privacy decisions and legislation. It is not a law firm and does not provide legal advice.

What we collect

You can browse all public pages on this site without creating an account. Creating an account is optional and only required for subscriber features.

Our hosting provider (Vercel) records standard server access logs — including IP address, browser type, referring URL, and pages visited — for security and performance monitoring. These logs are retained for a limited period and are not sold or shared with third parties for marketing.

If you use the site search, your search query is passed as a URL parameter. It is not stored in a database associated with your identity.

Account information

If you register for an account, we collect and store the information you provide: your name, email address, phone number, postal address, and (optionally) your company. Each account is assigned an internal customer identifier for support and billing reference.

  • Passwords are never stored in plain text. They are hashed with scrypt (a salted, computationally hard algorithm) and cannot be recovered by us — only reset.
  • Two-factor authentication — by default we email a one-time code at sign-in. If you enrol an authenticator app, the TOTP secret is stored encrypted (AES-256-GCM) at rest.
  • Single sign-on— if you sign in through Google or your organization's Microsoft Entra tenant, we store the identifiers needed to recognize your account on return. Enterprise members' access is governed by their organization.
  • Records of consent — we record the date and version of the Terms of Use and this Privacy Policy you accept.

Account data is retained while your account is active and for a reasonable period afterward as needed for legal, security, and billing purposes. You can update your profile and login methods from your account settings.

Email

We use Resend to send transactional email (verification, sign-in codes, password resets, and security notices). These messages are necessary to operate your account and are not marketing.

Cookies and local storage

This site uses cookies and browser local storage for the following purposes:

  • Analytics cookies — Google Analytics 4 (GA4) sets cookies to measure aggregate site traffic and usage patterns. GA4 does not receive your name, email, or other directly identifying information from this site.
  • Notice preference — a single key is stored in browser local storage when you dismiss the cookie notice, so it does not reappear. No personal information is stored in that value.

No advertising or remarketing cookies are used. We do not sell or share analytics data with third parties for advertising purposes.

Third-party services

Google Analytics 4 — we use GA4 to understand how visitors use the site in aggregate (pages visited, session duration, traffic sources). GA4 is governed by Google's Privacy Policy. You can opt out of GA4 measurement using the Google Analytics Opt-out Browser Add-on.

Vercel — hosting and edge delivery. Vercel may process request metadata for performance and abuse prevention.

Google Gemini API — used server-side to generate plain-language summaries of published decisions. No user-identifying information is sent to the Gemini API; only the text of the official source document is submitted.

Vercel Blob — stores editorial images associated with published decisions. Images are publicly accessible by URL.

How we use information

We use server-side request data only to:

  • Operate and monitor the site
  • Diagnose errors and performance issues
  • Protect against abuse and unauthorized access

We do not sell, rent, or trade any information to third parties.

Links to external sites

This site links to official source documents at government and regulatory websites (e.g., priv.gc.ca, laws-lois.justice.gc.ca). Those sites have their own privacy policies. We are not responsible for the content or privacy practices of external sites.

Children

This site is not directed at children under 13 and does not knowingly collect information from children.

Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision.

Contact

Questions about this policy can be directed to the site operator via the contact information listed on the site.