Legal

Privacy Policy

Effective Date: April 14, 2026  |  Last Updated: April 14, 2026  |  Governed by PIPEDA

Important Notice: This Privacy Policy contains disclosures about how client data may be processed and stored outside Canada by third-party platforms including Google (United States), Anthropic (United States), and Make.com (United States / European Union). Please read Section 7 carefully before engaging our services.

1. About This Policy

This Privacy Policy describes how Outport Automated Systems ("we," "us," or "our"), operated by Tracy Coles, collects, uses, retains, discloses, and protects information in connection with providing financial automation, payroll audit, accounts receivable and payable automation, aged debt recovery, and related services to clients across Newfoundland and Labrador and Canada.

This policy is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private-sector privacy legislation, as administered by the Office of the Privacy Commissioner of Canada (OPC). We are committed to handling all information in accordance with PIPEDA's ten fair information principles.

This policy applies to information provided by clients and their authorized representatives in connection with our services; information processed through our technology platforms on behalf of clients; and information submitted through our website at outportsystems.ca. It does not apply to the personal information of our employees, which is governed by applicable employment law.

2. What Information We Collect

2.1 Client Business Information

In the course of providing our services, we collect and process the following categories of information provided by or on behalf of clients:

  • Payroll and timesheet data: employee names, hours worked, overtime records, travel claims, banked time entries, and related payroll records
  • Financial records: invoices, accounts receivable ledgers, accounts payable records, vendor information, purchase orders, rate cards, and payment histories
  • Business operational data: company name, business address, industry type, employee roster, and organizational structure as relevant to services engaged
  • Contact information: names, email addresses, and phone numbers of client representatives and authorized contacts

2.2 Information We Do Not Collect

We do not collect Social Insurance Numbers (SIN), banking or credit card details, medical or health information, or any personal information beyond what is reasonably necessary to perform the services described in our Master Service Agreement with each client.

2.3 Website and Booking Information

When you visit outportsystems.ca or book a discovery call through our Calendly booking link, basic technical information such as your IP address, browser type, and visit timestamps may be automatically collected by those platforms. If you book a call, your name and email address are collected by Calendly LLC (Atlanta, Georgia, United States) to schedule and manage your appointment.

3. How We Use Your Information

We use the information we collect only for the following purposes, which are purposes a reasonable person would consider appropriate given the circumstances:

  • To perform the financial automation, payroll audit, AR/AP automation, aged debt recovery, and reporting services described in our engagement with you
  • To generate Monday Morning Exception Reports, financial dashboards, and other deliverables agreed upon in your service engagement
  • To communicate with you about your account, service exceptions, and issues requiring your attention or decision
  • To retain records as required by the Canada Revenue Agency (CRA) and applicable financial record-keeping obligations
  • To respond to inquiries submitted through our website or booking platform

We do not use client information for marketing, advertising, or any purpose unrelated to providing the services you have engaged us for.

4. Legal Basis for Processing

Under PIPEDA, we rely on your consent as the primary basis for collecting, using, and disclosing personal information. Consent is obtained through your execution of our Master Service Agreement, which incorporates this Privacy Policy by reference.

You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may mean we are unable to continue providing some or all services to you.

5. How We Protect Your Information

We implement reasonable and appropriate technical and organizational safeguards to protect client information against unauthorized access, use, disclosure, alteration, or destruction. These measures include:

  • Access controls limiting information access to authorized personnel only
  • Use of enterprise-grade platforms with encryption in transit and at rest
  • Password protection and secure account management for all platforms used in service delivery
  • The "Help Improve Claude" AI training toggle in our Anthropic account is permanently disabled, meaning client data submitted to Claude is not used to train Anthropic's AI models

Despite these measures, no electronic system or transmission is completely secure. We cannot guarantee absolute security. In the event of a privacy breach that creates a real risk of significant harm to individuals, we will notify affected parties and the Office of the Privacy Commissioner of Canada as required under PIPEDA's mandatory breach notification provisions.

6. Retention of Information

We retain client information for seven (7) years following the end of an engagement, in accordance with the Canada Revenue Agency's general records retention requirements for financial records. After the retention period, information is securely deleted or destroyed.

Clients may request the return or deletion of their information prior to the end of the retention period. Where early deletion is not possible due to legal obligations, we will advise accordingly.

7. Cross-Border Data Transfers

PIPEDA Disclosure: The following third-party platforms used to deliver our services are headquartered outside Canada. By engaging our services and accepting this Privacy Policy, you acknowledge and consent to the possibility that your information may be processed and stored outside Canada as described below.

Outport Automated Systems uses the following third-party platforms in the delivery of services. Each platform is subject to its own privacy policy and data handling practices:

Google Workspace (Google LLC, United States)
We use Google Forms for timesheet collection and Google Sheets as our Master Data Workbook platform. Google LLC is headquartered in Mountain View, California, United States. Google Workspace data is stored on Google's global server infrastructure. Canada is not a selectable data region; data may be stored in the United States or other jurisdictions. Google states that it does not use customer data for any purpose other than providing the relevant Workspace service.
Google Privacy Policy: policies.google.com/privacy
Anthropic / Claude (Anthropic PBC, United States)
We use Claude, an AI assistant developed by Anthropic PBC, headquartered in San Francisco, California, United States, to perform automated auditing of client financial data. Data is stored in the United States and traffic may be routed to servers in the United States, Europe, Asia, or Australia. Our account has the "Help Improve Claude" training toggle permanently disabled, meaning client data submitted to Claude is not used to train Anthropic's AI models.
Anthropic Privacy Policy: anthropic.com/legal/privacy
Make.com (Celonis Inc., United States)
We use Make.com to build and operate automated workflows that deliver reports and connect platforms. Make.com is operated by Celonis Inc. and has data centers in the United States and European Union. Data processed through Make.com automation scenarios may be stored on servers in the United States or European Union.
Make.com Privacy Policy: make.com/en/privacy-notice
Calendly (Calendly LLC, United States)
We use Calendly for booking discovery calls and client appointments. Calendly is operated by Calendly LLC, headquartered in Atlanta, Georgia, United States. Information submitted when booking a call, including your name and email address, is processed and stored by Calendly on servers in the United States.
Calendly Privacy Policy: calendly.com/privacy

In accordance with PIPEDA, we require that these third-party service providers maintain a comparable level of protection for your information while processing it on our behalf. However, when information is transferred outside Canada, it may be subject to the laws of the jurisdiction in which it is stored or processed, including access by law enforcement or national security authorities of that jurisdiction.

8. Disclosure of Information

We do not sell, rent, or trade client information to any third party. We disclose client information only in the following circumstances:

  • To the third-party platforms described in Section 7, strictly as necessary to perform the services you have engaged us for
  • To comply with a legal obligation, court order, or lawful request by a government authority
  • To protect the rights, property, or safety of Outport Automated Systems, our clients, or others, where permitted by law
  • With your prior written consent

We may use anonymized, aggregate data for business development purposes such as c