Privacy Policy

1. Introduction

Full Blast Labs Inc. ("we", "us", "our") operates the ClimaSense™ heat stress monitoring platform, including the ClimaSense mobile application and the web dashboard at climasense.io (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

Full Blast Labs Inc. is committed to protecting your privacy in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's Anti-Spam Legislation (CASL), and applicable provincial privacy laws.

2. Information We Collect

2.1 Account Information

When you register for the Service, we collect:

• Email address
• Name (if provided)
• Phone number (if you configure SMS alerts)
• Company/organization name
• Job title or role
• Password (stored securely via AWS Cognito)

2.2 Sensor Data

For customers with deployed sensors, we collect environmental data from your facility including:

• Temperature readings
• Humidity readings
• Calculated humidex values
• Sensor location identifiers
• Timestamp data
• Alert history

This data is associated with your customer account and configured sensor locations.

2.3 Device Information

When you use the mobile application, we may collect:

• Device type and operating system version
• Firebase Cloud Messaging (FCM) token for push notifications
• App crash reports (via Firebase Crashlytics) to improve reliability
• IP address for security purposes

2.4 Free Calculator Tool

The free humidex calculator available on our website does not collect, store, or transmit any data. All calculations are performed locally in your browser.

2.5 Business Contact Information

When you provide business contact information (work email, business phone, job title) in your capacity as an employee or representative of an organization, this information may be exempt from certain PIPEDA requirements as it is collected, used, and disclosed for business-to-business communication purposes.

2.6 How We Obtain Your Consent

By creating an account and using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.

For specific types of data collection and use, we obtain consent as follows:

• Account creation: Implied consent through your voluntary provision of information
• Email alerts: Express consent when you configure email notifications
• SMS alerts: Express opt-in consent when you provide your phone number and enable SMS notifications
• Push notifications: Express consent when you enable notifications in the mobile app

You may withdraw your consent at any time by contacting our Privacy Officer (see Section 11), subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may affect our ability to provide certain features of the Service.

3. How We Use Your Information

3.1 Service Delivery

• To provide real-time heat stress monitoring and alerts
• To authenticate your identity and manage your account
• To generate compliance reports and analytics for your facility
• To provide technical support and respond to your inquiries
• To process and deliver notifications you have configured

3.2 Service Improvement

• To improve the reliability and performance of our Service
• To analyze usage patterns and develop new features
• To troubleshoot technical issues through crash reports

3.3 Legal and Security

• To comply with applicable laws and regulations
• To protect against fraud, unauthorized access, and security threats
• To enforce our Terms of Service

3.4 Electronic Messages (CASL Compliance)

We send you electronic messages including heat stress alerts, system notifications, and service updates. These messages fall into two categories:

• Critical Safety Alerts: Messages related to active heat stress conditions at your facility. These cannot be disabled while sensors are actively deployed, as they are essential to worker safety and the core purpose of the Service.
• Service Messages: Account notifications, system updates, and non-critical communications. You can manage preferences for these messages.

By providing your email address or phone number and configuring alerts, you provide express consent to receive these electronic messages.

You can manage your communication preferences at any time:

• Email: Adjust settings in your account dashboard or click the unsubscribe link in any non-critical email
• SMS: Reply STOP to any SMS message, or disable SMS alerts in your account settings
• Push notifications: Disable via your device settings or the mobile app

4. Data Storage and Security

4.1 Storage Location and Cross-Border Transfer

Your data is stored on Amazon Web Services (AWS) infrastructure in the United States (us-east-1 region).

We use Amazon Web Services under their Data Processing Addendum (DPA), which provides contractual safeguards to ensure your data receives protection comparable to that required under Canadian privacy law, including PIPEDA. These safeguards include:

• AWS Data Processing Addendum and AWS Customer Agreement
• Organizational and technical security measures
• Restrictions on access and use of your data
• Requirements to notify us of government data requests where legally permitted

4.2 Security Measures

We use industry-standard security measures to protect your information, including:

• Encryption in transit using TLS/HTTPS protocols
• Encryption at rest for sensitive data
• AWS Cognito for secure authentication and password management
• Role-based access controls limiting employee access to personal information
• Regular security assessments and updates
• Automated monitoring for suspicious activity
• Secure data backup and recovery procedures

Despite these measures, no system is completely secure. We cannot guarantee absolute security of your information.

5. Data Sharing and Third-Party Processors

5.1 No Sale of Personal Information

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

5.2 Service Providers

We share personal information with the following service providers who process data on our behalf. These providers operate under their standard Data Processing Agreements (DPAs) which require them to protect your information in accordance with applicable privacy laws:

These service providers are contractually bound under their DPAs to:

• Process data only as instructed by Full Blast Labs
• Implement appropriate security and confidentiality measures
• Not use your data for their own commercial purposes
• Comply with applicable privacy laws
• Return or securely delete data upon termination of services

5.3 Within Your Organization

Sensor data, alerts, and account information are shared with authorized users within your customer organization as configured by your administrator. Your organization's administrator controls user access and permissions.

5.4 Legal Requirements

We may disclose your personal information if required by law, court order, or government regulation, or if we believe in good faith that such disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or the public
• Prevent fraud or security threats

We will notify you of such disclosures where legally permitted.

6. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specific retention periods:

• Sensor readings and historical data: Retained according to your subscription plan (typically 12–36 months of historical data)
• Alert/notification records: Automatically deleted after 7 days
• Account information: Retained until you request account deletion
• Crash reports and diagnostics: Retained for 90 days
• Backup data: Retained for 30 days, then permanently deleted

When personal information is no longer required, we securely delete or anonymize it in accordance with our data retention and destruction policies.

7. Your Privacy Rights

You have the following rights under Canadian privacy law:

7.1 Access

You have the right to request access to the personal information we hold about you. We will provide you with a copy of your personal information in a commonly used format.

7.2 Correction

You have the right to request correction of inaccurate or incomplete personal information. You can update most account information directly through your account settings.

7.3 Deletion

You have the right to request deletion of your account and associated personal data, subject to:

• Legal or regulatory requirements to retain certain information
• Ongoing contractual obligations
• Legitimate business needs (e.g., resolving disputes, enforcing agreements)

7.4 Data Portability

You have the right to request your sensor data in a portable, machine-readable format (CSV). This can be exported directly from your account dashboard or by contacting support.

7.5 Withdraw Consent

You have the right to withdraw consent for certain uses of your personal information. Note that withdrawal may affect our ability to provide certain features of the Service.

7.6 Object to Processing

You have the right to object to certain processing of your personal information where we rely on legitimate interests as the legal basis for processing.

7.7 Quebec Residents

If you are a Quebec resident, you have additional rights under Quebec's Law 25, including:

• The right to request de-indexing of your personal information from search engines in certain circumstances
• Enhanced transparency regarding automated decision-making
• Portability rights for certain personal information

Contact our Privacy Officer for more information about rights specific to Quebec residents.

7.8 How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Officer:

We will respond to your request within 30 days. There is no fee for access requests unless they are manifestly unfounded, excessive, or repetitive.

7.9 Right to Complain

If you are not satisfied with our response to your privacy request or believe we have violated your privacy rights, you have the right to file a complaint with:

8. Cookies and Tracking Technologies

Our web dashboard (climasense.io) uses the following cookies and similar technologies:

8.1 Essential Cookies

• Authentication cookies: Maintain your login session
• Security cookies: Prevent cross-site request forgery (CSRF) and other security threats
• Preference cookies: Remember your dashboard settings and preferences

These cookies are necessary for the Service to function and cannot be disabled without affecting core functionality.

8.2 Optional Cookies

We do not currently use analytics, advertising, or third-party tracking cookies. If this changes in the future, we will update this Privacy Policy and obtain your consent where required.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

9. Children's Privacy

Our Service is designed for use in industrial and commercial settings and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information as soon as possible. If you believe we have collected information from a child under 18, please contact our Privacy Officer immediately.

10. Data Breach Notification

We have implemented security measures and incident response procedures to protect against data breaches. In the event of a data breach that poses a real risk of significant harm to affected individuals:

We will:

• Notify affected individuals as soon as feasible
• Notify the Office of the Privacy Commissioner of Canada
• Report the circumstances of the breach, affected personal information, and steps taken to reduce risk of harm
• Provide guidance on steps individuals can take to protect themselves

You will be notified:

• Via email to the address associated with your account
• Through in-app notification if applicable
• As required by law

We maintain records of all privacy breaches in accordance with PIPEDA requirements.

11. Privacy Officer and Contact Information

Full Blast Labs Inc. has designated a Privacy Officer who is accountable for our organization's compliance with privacy laws and this Privacy Policy.

For questions about this Privacy Policy, to exercise your privacy rights, or to file a privacy complaint, please contact:

We will acknowledge receipt of your inquiry within 5 business days and provide a substantive response within 30 days.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

• We will update the "Last Updated" date at the top of this page
• For material changes, we will notify you by email or through a prominent notice in the Service
• Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Interpretation

This Privacy Policy is governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein. Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Ontario.

If any provision of this Privacy Policy is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.