Privacy Policy

Effective date: [YYYY-MM-DD on publish] · Last updated: 2026-05-08

1. Identity and contact

This Privacy Policy describes how FieldReply ("FieldReply", "we", "us", or "our") collects, uses, discloses, and protects personal information when you visit our website at fieldreply.pages.dev (the "Site"), book a discovery call, or submit our missed-lead audit form (together, the "Services").

Operator and data controller. FieldReply is operated by [LEGAL_ENTITY_NAME], based in British Columbia, Canada. (counsel-confirm: confirm legal entity name, registered jurisdiction, and incorporation status before publish.)

Privacy contact. For any question about this policy or your personal information, contact our designated Privacy Officer:

• Name: Ashkon Mousavi (counsel-confirm: PIPA BC s.4(3) and PIPA AB s.5 require a named individual or position; counsel should confirm acceptable.)
• Email: ashkon.mousavi@gmail.com (counsel-confirm: a personal Gmail is acceptable in early-stage operation; counsel may recommend privacy@<domain> once a domain is registered.)
• Mailing address: [MAILING_ADDRESS — required by CASL s.6(2) and PIPEDA Principle 1] (counsel-confirm: must be a real address valid for at least 60 days post-CEM per CASL.)

2. What personal information we collect

We collect the following categories of personal information when you interact with the Services:

A. From the discovery-call booking page (Cal.com)

• Your name
• Your email address
• Your company / firm name
• Your phone number (if you provide it)
• Booking metadata: the date, time, and timezone of your scheduled call; any notes you submit; the calendar invite Cal.com sends on our behalf.

B. From the missed-lead audit form

• Your name and contact email
• Your firm name and primary segment (plumbing, HVAC, mixed)
• Your firm size (employee-count band)
• The current tools you use (CRM, scheduling, dispatch, etc., if disclosed)
• Your self-reported missed-calls-per-week count
• Any free-text notes you provide

C. Automatically when you visit the Site

• Your IP address, browser type, device type, referring URL, and page-view metadata, collected via standard server logs. We do not currently use analytics beyond default Cloudflare access logs.

(counsel-confirm: the audit-form fields in (B) become "personal information" under PIPA AB and PIPA BC once linked to your contact info in (A). Counsel should confirm whether the audit form should support anonymous submission or always requires contact info.)

3. Why we collect it (purposes)

We collect personal information for the following purposes only:

1. To schedule, deliver, and follow up on the discovery call you booked, including sending the booking confirmation, calendar invite, and reminder messages (transactional CEMs under CASL s.6(6)(a)).
2. To assess whether FieldReply's missed-lead recovery service is a fit for your firm, based on the audit-form information you submit.
3. To respond to questions you send us by email or through the Site.
4. To comply with legal and regulatory obligations (record-keeping, tax, audit).
5. With your separate express consent (opt-in), to send you marketing communications about FieldReply's services. See Section 7.

We do not use your personal information for any purpose other than those listed above without obtaining your additional consent, except where authorized or required by law.

4. How we store it and where (cross-border disclosure)

Your personal information is stored and processed by the following third-party service providers, which operate outside of Canada. By using the Services, your personal information is transferred to and processed in the jurisdictions listed below.

Foreign-government access risk. Because all of the above providers are incorporated in the United States, your personal information may be subject to access by U.S. authorities under U.S. law (including the U.S. CLOUD Act), even when the data is at rest. We have selected providers that contractually commit to industry-standard security (encryption in transit and at rest, access controls, audit logging) but we cannot eliminate this jurisdictional risk. (counsel-confirm: OPC PIPEDA cross-border guidance and PIPA AB s.13.1 require this disclosure in plain language.)

Your rights regarding cross-border processing. You have the right to obtain information from us about (i) the country in which the service provider operates, (ii) the purposes for which the service provider is authorized to process your information, and (iii) the name and contact information of the FieldReply Privacy Officer. To exercise this right, contact us using the details in Section 1.

5. How long we retain it

We retain personal information only as long as is reasonably necessary to fulfill the purposes for which it was collected, or as required by applicable law.

When personal information is no longer required, we will securely delete it or render it anonymous.

6. Your rights

Under PIPEDA, PIPA Alberta, and PIPA British Columbia, you have the following rights:

1. Right of access. You may request a copy of the personal information we hold about you. We will respond within 30 calendar days (with limited extensions permitted by statute).
2. Right of correction. If any of your personal information is inaccurate or incomplete, you may request a correction.
3. Right to withdraw consent. You may withdraw your consent for our collection, use, or disclosure of your personal information at any time, subject to legal or contractual obligations and reasonable notice. Withdrawal may affect our ability to provide the Services.
4. Right to unsubscribe from CEMs. Every commercial electronic message we send you will include a clear unsubscribe mechanism. We will action your unsubscribe request within 10 business days, at no cost to you, in accordance with CASL s.11.
5. Right to complain to a regulator. If you believe we have not complied with applicable privacy law, you may complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca), the Office of the Information and Privacy Commissioner of Alberta (oipc.ab.ca), or the Office of the Information and Privacy Commissioner for British Columbia (oipc.bc.ca), depending on where you reside. We encourage you to raise your concern with us first so we have an opportunity to resolve it.

To exercise any of these rights, contact our Privacy Officer (Section 1).

7. Consent (PIPA notice of collection + CASL express consent)

A. PIPA notice of collection

By submitting the booking form or audit form, you consent to FieldReply collecting, using, and disclosing your personal information for the purposes set out in Section 3 and for the cross-border processing set out in Section 4. You may withdraw this consent at any time by contacting our Privacy Officer; doing so may affect our ability to deliver the Services. (PIPA AB s.13(1), PIPA BC s.10(1) — notice given before or at the time of collection.)

B. CASL express consent (marketing CEMs)

Booking confirmation emails, calendar invites, and call reminders fall under the CASL transactional exemption (s.6(6)(a)) and are sent without separately requesting your express consent.

If you wish to receive marketing communications from FieldReply after the discovery call (for example, follow-up offers, product updates, or service announcements), you must give your express consent by checking the unchecked opt-in box labelled "Send me FieldReply updates" on the booking form. By checking that box, you are providing express consent under CASL s.10(1) for FieldReply to send you commercial electronic messages.

By giving express consent, you acknowledge that:

• The party seeking your consent and on whose behalf consent is sought is FieldReply, operated by [LEGAL_ENTITY_NAME];
• The purposes are: to send you marketing emails about FieldReply's missed-lead recovery service, including service updates, promotional offers, and case-study content;
• Our mailing address is [MAILING_ADDRESS], and you may also reach us at ashkon.mousavi@gmail.com;
• You may withdraw your consent at any time by clicking the unsubscribe link in any marketing email or by contacting our Privacy Officer (Section 1).

(counsel-confirm: CASL SOR/2012-36 s.4 prescribes the elements above. The CASL consent UI on the booking page must use a positive opt-in — pre-checked boxes and bundled consent are non-compliant per CRTC Bulletin 2012-549.)

8. Security

We take reasonable physical, technological, and administrative measures to protect personal information against loss, theft, and unauthorized access, disclosure, copying, use, or modification, including:

• Encryption in transit (TLS) for all submissions to the Services;
• Encryption at rest at our service providers (Cal.com, Activepieces, Google);
• Access controls limiting personal-information access to FieldReply's Privacy Officer and authorized personnel;
• Secure password handling for any administrative accounts;
• Regular review of our service providers' security practices (SOC 2, ISO 27001 certifications where available).

No system can be made completely secure, and we cannot guarantee the absolute security of your personal information.

9. Privacy breach notification

In accordance with PIPEDA s.10.1–10.3 (Real Risk of Significant Harm — RROSH), if a breach of security safeguards occurs and we determine that the breach poses a real risk of significant harm to any affected individual, we will:

1. Report the breach to the Office of the Privacy Commissioner of Canada (and to the Office of the Information and Privacy Commissioner of Alberta, where Alberta residents are affected, per PIPA AB s.34.1);
2. Notify the affected individuals as soon as feasible, providing the information required by law (the circumstances, the personal information involved, the steps we have taken to reduce risk of harm, and the steps you can take); and
3. Maintain a written record of every breach of security safeguards involving personal information, regardless of whether notification is required.

10. Children

The Services are not directed to children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has submitted personal information to us, contact our Privacy Officer (Section 1) and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this policy reflects the date of the most recent change. Material changes will be communicated to you by email if you have an active relationship with us, and will be posted prominently on the Site. Your continued use of the Services after a change takes effect constitutes acceptance of the updated policy.

12. Quebec residents (Law 25)

If you reside in Quebec, additional rights and obligations apply under An Act respecting the protection of personal information in the private sector (Law 25). In particular, you have a right to data portability and a right to be informed of any decision based exclusively on automated processing. FieldReply does not currently use automated decision-making in connection with the Services. (counsel-confirm: if FieldReply does not actively market into Quebec, a shorter Quebec-residents clause may suffice; if FieldReply accepts Quebec bookings, a more substantive Law 25 section is required, including PIA documentation for cross-border transfers per Law 25 s.17.)

For the full template with all counsel-checklist items and source citations, see docs/work/research/2026-05-08-casl-pipa-privacy-template.md in the FieldReply repository.