Privacy Policy

AquaDesk ("we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our pool service management platform at app.myaquadesk.com and our website at myaquadesk.com.

This policy is governed by Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). By using AquaDesk, you consent to the practices described in this policy.

1. Information We Collect

We collect information you provide directly and information generated through your use of the platform.

Account & Business Information:

• Name, email address, phone number
• Business name and address
• Account login credentials (passwords are hashed and never stored in plain text)
• Billing information (processed by Stripe — we do not store card numbers)

Operational Data:

• Customer records (names, addresses, contact details, pool information)
• Job and scheduling data (service types, dates, notes, photos)
• Employee information (name, phone, work schedule, GPS location during active jobs)
• Invoice and payment records
• Inventory and supply data
• Water test results and chemical usage logs
• Route and dispatch data

Technical Information:

• IP address, browser type, device information
• Pages visited and features used within the platform
• Error logs for debugging purposes

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the AquaDesk platform
• Process payments and manage your subscription
• Send transactional emails (invoice delivery, job completion notifications, password resets)
• Provide customer support
• Monitor platform performance and fix bugs
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

3. Third-Party Services

AquaDesk integrates with the following third-party services to deliver platform functionality. Each has its own privacy policy.

• Stripe — Payment processing. Stripe handles all card data. We never see or store full card numbers. Stripe Privacy Policy
• Intuit / QuickBooks Online — Optional accounting integration. If you connect QuickBooks, we sync invoice and customer data to your QuickBooks account on your behalf. Intuit Privacy Policy
• Google Maps — Route planning and address autocomplete. Location queries are sent to Google's APIs. Google Privacy Policy
• Railway — Cloud infrastructure provider where AquaDesk servers and databases are hosted. Data is stored in Railway's secure cloud environment. Railway Privacy Policy
• Sentry — Error tracking and crash reporting to help us identify and fix bugs. Error data may include limited context about actions taken before an error occurred.
• Twilio — Optional SMS messaging. If you configure SMS, customer phone numbers are transmitted to Twilio to deliver messages. Twilio Privacy Policy

We only share data with third parties to the extent necessary to provide the services you use within AquaDesk.

4. Data Storage & Security

All AquaDesk data is stored on Railway's cloud infrastructure. We implement industry-standard security measures including:

• Encrypted connections (HTTPS/TLS) for all data in transit
• Encrypted database storage
• Hashed and salted passwords using bcrypt
• JWT-based authentication with short-lived access tokens
• Role-based access controls limiting what each user can see and do

While we take reasonable precautions, no system is completely secure. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

5. Data Retention

We retain your data for as long as your account is active. If you cancel your AquaDesk subscription:

• Your data remains accessible for 30 days after cancellation
• After 30 days, your account and associated data are permanently deleted from our systems
• You may request immediate deletion at any time by contacting us at brandon@myaquadesk.com

Backup copies may persist for up to 90 days in automated backup systems before being purged.

6. Cookies

AquaDesk uses minimal cookies strictly necessary for the platform to function:

• Authentication tokens — stored in browser local storage to keep you logged in
• Preference cookies — to remember settings like dark mode and theme preferences

We do not use advertising cookies, tracking pixels, or third-party analytics cookies on the platform. Our marketing website (myaquadesk.com) does not use any tracking or analytics cookies.

7. Your Rights

Under PIPEDA, you have the right to:

• Access — request a copy of the personal information we hold about you
• Correction — request that inaccurate information be corrected
• Deletion — request that your personal information be deleted
• Withdrawal of consent — withdraw consent to our processing of your data (note: this may require account closure)
• Complaint — file a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, contact us at brandon@myaquadesk.com. We will respond within 30 days.

8. Children's Privacy

AquaDesk is a business management platform intended for use by adults operating pool service companies. We do not knowingly collect personal information from anyone under the age of 18. If you believe a minor has provided us with personal information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify active users via email. Continued use of AquaDesk after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

• Email: brandon@myaquadesk.com
• Website: myaquadesk.com