Privacy Policy

This Privacy Policy (the "Policy") explains how Solutions Numériques de la Vallée (the "Provider", "we", "us") collects, uses, retains and discloses your personal information when you use our digital services for firefighters, including the website, applications and tools such as the Loss Trainer (collectively, the "Service"). We are established in Québec, Canada, and our services are primarily intended for users located in Québec, Canada and the United States.

This Policy applies to: - any person who creates an account or uses the Service on an individual basis (the "User" or "you"); - individuals who use the Service under an organization’s subscription (a fire service, department, training center or other "Organization"). If an Organization provides you with access to the Service, some of your information may also be processed by that Organization in accordance with its own policies and obligations. This Policy does not cover the privacy practices of Organizations.

We collect only the information necessary to provide, secure and improve the Service. 3.1 Account information When creating an account or logging into the Service, we may collect: - email address; - name or nickname (if provided); - preferred language; - profile information linked to an identity provider (for example Auth0, Google, Facebook), to the extent that you share it with us. Your password (when used) is handled securely and is never stored in plain text. 3.2 Usage information When you use the Service, we may collect: - technical logs relating to connections, errors, performance and interactions with features; - information about the scenarios or modules used (for example, type of exercise started, time spent, options selected); - anonymized usage data for statistical purposes (feature usage rates, login frequency, etc.). We do not intentionally collect sensitive content related to real interventions or detailed operational data about specific incidents. The Service is designed as a training and support tool. 3.3 Payment information Payments and billing information (for example credit card number, billing address) are processed by our payment service providers (currently Stripe). We do not have access to the full credit card number and do not store it in our systems. However, we may receive from Stripe certain information necessary to manage your subscription, such as: - the last four digits of the card; - the card type; - the expiration date; - payment amounts and dates; - subscription status (active, expired, in default, etc.). 3.4 Cookies and similar technologies We may use cookies and similar technologies to: - keep your session open; - remember certain preferences (language, display settings); - produce aggregated usage statistics. You can configure your browser to refuse certain cookies. However, some features of the Service may not function properly without certain essential cookies.

We use your personal information only for the following purposes: 1. Provide the Service - creating and managing your account; - authentication and secure access control; - operation of training and simulation modules. 2. Manage subscriptions and billing - activation, suspension or termination of subscriptions; - processing payments through Stripe; - sending billing-related communications (renewal notifications, payment issues, etc.). 3. Ensure the security and integrity of the Service - preventing and detecting abusive or fraudulent use; - monitoring performance and technical errors; - protecting systems and data against unauthorized access. 4. Improve the Service - anonymous analysis of feature usage; - planning new features or improvements; - testing, research and development of new training tools. 5. Communicate with you - responding to your questions or support requests; - sending you important information about the Service (technical, security or terms-of-use changes); - occasionally informing you of new features or relevant changes. You may opt out of receiving certain non-essential communications. We do not sell your personal information to third parties.

Depending on where you are located, the processing of your information may be based on: - performance of a contract (for example, to provide the Service you requested or to manage your subscription); - your consent (for example, for certain cookies or optional communications); - our legitimate interests (for example, to ensure the security of the Service, prevent fraud, improve our tools), to the extent that such interests are compatible with your rights and reasonable expectations; - compliance with our legal obligations (for example, tax or accounting requirements).

We may disclose certain information to third-party service providers who help us deliver the Service. These third parties only access your information to the extent necessary to perform the services entrusted to them, and they are bound by appropriate confidentiality obligations. These providers may include, in particular: - authentication providers (for example Auth0, Google, Facebook) to manage secure login; - payment processors (for example Stripe) to process payments and manage billing; - cloud hosting providers (for example Oracle Cloud) to host applications and data; - where applicable, analytics tools to produce aggregated and anonymized usage statistics. We do not allow these providers to use your information for purposes other than those described in this Policy or agreed contractually. We may also disclose your information if required by law or where we believe in good faith that such disclosure is necessary to: - comply with a legal obligation or a request from a competent authority; - protect our rights, property or the safety of the Service, our users or the public; - prevent or investigate possible illegal activities, fraud or security threats.

The systems we use and our service providers (for example Oracle Cloud, Auth0, Stripe) may be located outside Québec, including elsewhere in Canada or in the United States. This means that your information may be transferred to and stored in jurisdictions where privacy laws offer a different level of protection than those of Québec. In all cases, we take reasonable steps to protect your information in accordance with this Policy and applicable laws.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to meet our legal, accounting or reporting obligations. By way of example: - account information is generally retained for as long as your account is active, and then for a reasonable period after account closure (for example, to answer questions, resolve disputes or meet legal obligations); - certain technical logs and usage data may be kept for a limited period for security, traceability and Service-improvement purposes; - information required for accounting and tax purposes may be retained for the minimum periods required by law. When information is no longer needed, we delete it or anonymize it securely.

We implement reasonable security measures to protect your personal information against loss, theft, unauthorized access, disclosure, copying, use or modification. These measures may include, among others: - encryption of certain communications and data in transit; - role-based access controls; - secure authentication mechanisms; - careful management of logs and administrative access; - limiting access to information to people who need it to perform their duties. No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to taking reasonable and proportionate measures in light of the risks.

Depending on the jurisdiction in which you are located (including Québec), you may have the following rights with respect to your personal information: - access: obtain confirmation that we hold information about you and, where applicable, receive a copy of it; - rectification: request the correction of incomplete, inaccurate or ambiguous information; - withdrawal of consent: where processing is based on your consent, withdraw that consent (without affecting the lawfulness of processing prior to withdrawal); - deletion: in certain cases, request the deletion of certain information, subject to our legal retention obligations; - portability (where applicable): in some contexts, request that certain information be provided to you in a structured, commonly used format or transmitted to another provider. To exercise any of these rights, please contact us using the details set out in section 11 below. We may ask you for additional information to verify your identity before responding to your request. You also have the right to file a complaint with the competent data protection authority, including the Commission d’accès à l’information du Québec, if you believe that your rights have not been respected.

The Provider designates a person responsible for the protection of personal information, tasked with overseeing compliance with this Policy and applicable laws. For any question, request or complaint regarding this Policy or the handling of your personal information, you may contact: Privacy Officer Solutions Numériques de la Vallée Email: contact@sndv.ca

We may update this Policy from time to time, for example to reflect legal, technical or Service-related changes. In the event of a material change, we will post a notice on the Site and/or in the Service and indicate the date of the latest update at the top of this Policy. Where required by law, we will seek your consent again. Your continued use of the Service after a revised version of the Policy comes into effect means that you accept those changes, subject to applicable legal requirements.