Privacy Policy

1. Who We Are

E-EPIC TECHNOLOGIES LTD. is a company incorporated in British Columbia, Canada, operating the Jada event marketplace platform at www.eepic.ca.

Privacy contact: contact@eepic.ca

2. Scope & Roles

Jada operates a two-sided marketplace that connects Event Planners (individuals or organizations planning events) with Vendors (independent event service providers such as photographers, DJs, caterers, florists, venues, and more). Depending on context, we act as:

• Controller — for planner and vendor account data, platform analytics, marketing preferences, communications, support records, and AI interaction logs.
• Processor — for certain third-party personal data that Vendors input into the Platform (e.g., attendee lists, client contact information for event management purposes).

3. Your Data Rights & How to Exercise Them

You have the right to access, export, correct, or delete your personal data. Until self-serve data tools are available in your account settings, you may submit any privacy request by emailing:

contact@eepic.ca — include your full name, the email address associated with your account, and a description of your request.

We will acknowledge receipt within 5 business days and respond substantively within 30 days. Where requests are complex or numerous, we may extend this period by an additional 30 days with notice to you.

4. Information We Collect

A. Information You Provide Directly

• Account details: name, email address, password (stored as a hash), and optionally a phone number.
• Profile information: for Vendors — business name, service categories, service description, pricing ranges, location and service area, portfolio images and videos, availability, team member bios, and custom FAQs. For Planners — event types and preferences.
• Event details: event name, type, date/time, location, guest count, budget, style preferences, and notes.
• Communications: messages sent through the Platform, support tickets, survey responses, and feedback.
• Marketing preferences: newsletter opt-in/opt-out, promotional SMS consent where applicable.
• Payment information: billing address and payment method details processed by our payment partners (e.g., Stripe). We do not store full card numbers on our servers.

B. Information Collected Automatically

• Usage data: pages visited, features used, search queries, vendor profiles viewed, clicks, session duration, and referral source.
• Device & technical data: IP address, browser type and version, operating system, device identifiers, and time zone.
• Performance & diagnostics: crash reports, error logs, and bug reports used to improve the Platform.
• Security signals: login attempts, suspicious activity patterns, and fraud indicators.
• Cookies and tracking technologies: see Section 11.

C. Information From Third Parties

• Payment processors (e.g., Stripe) provide payment status, transaction metadata, and fraud signals. We do not store full payment card numbers.
• Social / OAuth sign-in (e.g., Google): if you choose to sign in via a third-party provider, we receive basic profile information (name, email) as authorized by you.
• Public business data: publicly available information such as business categories and tags used to enrich Vendor profiles.
• Analytics partners: aggregated or pseudonymous data about how users interact with our marketing pages.

5. How We Use Your Information

• Provide and operate the Platform: create and manage accounts, enable search and discovery, power messaging and lead connections, and manage events.
• AI features: power Jada to provide vendor recommendations, planning assistance, content generation, and personalized suggestions. See Section 12 for more detail.
• Facilitate connections: manage “lead unlocks” where a Vendor pays credits to receive an introduction to a Planner’s contact details.
• Payments & billing: process credit purchases, subscriptions, invoices, and applicable taxes (including GST/HST) through third-party payment processors.
• Safety & trust: detect, investigate, and prevent fraud, abuse, spam, security incidents, and violations of our Terms.
• Customer support: respond to inquiries, resolve disputes, and send service notifications and transactional communications.
• Product improvement: analyze usage patterns, conduct research, run A/B tests, and improve features, performance, and user experience.
• Marketing: with your consent or as otherwise permitted by law (including CASL), send newsletters, product updates, tips, and promotional communications.
• Legal compliance: comply with applicable laws, respond to lawful government requests, and enforce our Terms.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

6. Legal Bases (GDPR / UK GDPR)

Where the EU General Data Protection Regulation or UK GDPR applies to your use of the Platform, we process personal data on the following legal bases:

• Contract performance: processing necessary to provide the Platform and services you have requested (e.g., account creation, facilitating connections).
• Legitimate interests: analytics, product improvement, security and fraud prevention, and business operations — where our interests are not overridden by your rights.
• Consent: non-essential cookies, marketing emails/SMS, and certain AI data uses where required by law.
• Legal obligations: tax and accounting records, responding to lawful law enforcement requests.

7. Canadian Privacy Law (PIPEDA & Quebec Law 25)

As a company based in British Columbia, Canada, we are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, provincial privacy legislation including Quebec’s Act respecting the protection of personal information in the private sector (Law 25 / Bill 64).

Under these laws, we commit to the following 10 fair information principles:

1. Accountability: we have designated a privacy contact (contact@eepic.ca) responsible for compliance.
2. Identifying purposes: we identify the purposes for collecting personal information before or at the time of collection (see Section 5).
3. Consent: we obtain meaningful consent for collection, use, and disclosure, except where permitted by law.
4. Limiting collection: we collect only the information necessary for the identified purposes.
5. Limiting use, disclosure, and retention: we use and disclose personal information only for the purposes for which it was collected, and retain it only as long as necessary.
6. Accuracy: we keep personal information as accurate, complete, and up to date as necessary, and give you tools to correct your information.
7. Safeguards: we protect personal information with appropriate security measures (see Section 10).
8. Openness: we make our privacy practices readily available (this Policy).
9. Individual access: upon request, we tell you what personal information we hold and give you access to it (see Section 3).
10. Challenging compliance: you may challenge our compliance with this Policy via contact@eepic.ca, or file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca.

Quebec residents: as required by Law 25, we maintain a privacy impact assessment process for new projects involving personal information, and publish this Policy in a clear and accessible manner. You may request that we communicate your personal information to you or to another organization in a structured, commonly used technological format.

8. CASL – Canadian Anti-Spam Legislation

We comply with the Canada’s Anti-Spam Legislation (CASL, S.C. 2010, c. 23). We only send commercial electronic messages (CEMs) — including promotional emails, newsletters, and SMS — where we have:

• Express consent: you have opted in to receive marketing communications; or
• Implied consent: you are an existing or recent customer (within 2 years of a transaction), or you have inquired about our services (within 6 months), as defined under CASL.

Every commercial email we send includes:

• Our full legal name and mailing address.
• A clear and easy unsubscribe mechanism.
• Unsubscribe requests are honoured within 10 business days.

You may withdraw consent at any time by clicking “ Unsubscribe” in any marketing email, by replying STOP to any SMS, or by emailing contact@eepic.ca. Note: transactional and service emails (e.g., booking confirmations, password resets) are not commercial messages and will continue regardless of marketing preferences.

9. Sharing & Disclosures

We share personal information only in the following circumstances:

• Service providers: trusted third parties who help us operate the Platform (cloud hosting, email/SMS delivery, analytics, payment processing, customer support tools). These partners are bound by contractual data-protection and confidentiality obligations and are not permitted to use your data for their own purposes.
• Vendors and Planners (via lead connections): a Planner’s direct contact details (name, email, phone) are only shared with a specific Vendor after that Vendor has explicitly unlocked the connection by spending credits through the Platform. Planners are informed of this process.
• Business transfers: in connection with a merger, acquisition, financing, restructuring, bankruptcy, or sale of assets. We will notify you before your data is transferred and becomes subject to a different privacy policy.
• Legal requirements: where required by law, court order, or government authority, or where necessary to protect the rights, safety, and integrity of Jada, our users, or the public.
• With your consent: any other sharing will be disclosed to you and require your explicit agreement.

10. Data Storage, Security & Retention

Storage

Our primary infrastructure is hosted on reputable cloud providers. Data may be stored in Canada, the United States, or other jurisdictions depending on our service providers. See Section 13 for information on international transfers.

Security Measures

• Transport Layer Security (TLS/HTTPS) for all data in transit.
• Encryption at rest for databases containing personal data.
• Role-based access control (RBAC) and least-privilege principles for internal systems.
• Monitoring, alerting, and audit logging for unauthorized access attempts.
• Regular security assessments and vendor due diligence.
• Passwords are stored as cryptographic hashes; we never store plaintext passwords.

No method of transmission or storage is 100% secure. While we implement industry-standard safeguards, we cannot guarantee absolute security.

Retention

• We retain personal data for as long as your account is active and as necessary to provide the Platform.
• Upon a verified deletion request, we delete personal data within 30 days. Certain records (transaction history, tax records, fraud logs) may be retained for up to 7 years where required by Canadian tax and accounting law.
• Security and audit logs may be retained for up to 12 months and are purged on a rolling basis.
• Unsubscribe records and CASL consent logs are retained as long as required by applicable anti-spam law.
• Backups are retained for up to 90 days before automatic deletion.

11. Cookies & Similar Technologies

We use cookies and similar technologies (local storage, pixels, SDKs) to operate and improve the Platform. These fall into three categories:

• Strictly necessary cookies: required for authentication, session management, security, and core Platform functionality. These cannot be disabled.
• Analytics cookies: used (with consent where required) to understand how users interact with the Platform, identify usage patterns, and improve features. We use Google Analytics and Google Tag Manager.
• Marketing & advertising cookies: used (with consent where required) to measure the effectiveness of marketing campaigns and deliver relevant advertising. We use Facebook Pixel.

You can manage your cookie preferences through our consent banner (where shown) or through your browser settings. Disabling non-essential cookies will not affect your ability to use the core Platform, but may affect personalization features.

12. AI Features & Automated Assistance (Jada)

“Jada” is our AI-powered assistant built into the Platform to help both Event Planners and Vendors. Here is how we handle data in connection with Jada:

• Conversation data: messages and inputs you send to Jada may be processed to generate responses and to improve the AI model. We take care to minimize the personal data included in AI processing.
• Context data: Jada uses your account and event information to personalize suggestions (e.g., recommending vendors by budget and location). This contextual data is used only to serve you and is not used to train third-party AI models without your consent.
• No binding automated decisions: Jada provides suggestions and recommendations, but we do not make legally binding or significantly consequential decisions about you based solely on automated processing. You remain in control of all hiring and transactional decisions.
• Third-party AI providers: we may use third-party AI infrastructure providers (such as Anthropic or OpenAI) to power Jada. Data shared with these providers is subject to their data processing agreements and is used only to provide the service.
• Retention: AI conversation logs may be retained for up to 12 months to allow you to review your chat history and to improve the service. You may request deletion at any time.

13. International Data Transfers

Jada is based in Canada. Our service providers may process your data in the United States or other countries. When we transfer personal information outside Canada, we ensure appropriate safeguards are in place, such as:

• Contractual protections (Standard Contractual Clauses for EU/UK transfers).
• Transfers to jurisdictions recognized as providing adequate protection.
• Data processing agreements with all sub-processors requiring equivalent protections.

Please note that laws in other countries may differ from Canadian privacy law. By using the Platform, you acknowledge that your data may be transferred internationally as described here.

14. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Access: request a copy of the personal data we hold about you.
• Correction: request that inaccurate or incomplete data be corrected.
• Deletion: request that we delete your personal data, subject to legal retention obligations.
• Portability: request your data in a structured, machine-readable format (where technically feasible).
• Withdraw consent: withdraw marketing consent at any time (e.g., unsubscribe from emails) without affecting the lawfulness of prior processing.
• Object or restrict: object to certain processing or request that we restrict processing in certain circumstances (EU/UK users).
• Complain: lodge a complaint with your local data protection authority. In Canada, this is the Office of the Privacy Commissioner (OPC).

To exercise any right, email contact@eepic.ca with “Privacy Request” in the subject line. We will verify your identity before acting on requests.

15. SMS / Text Messages

If you opt in to SMS notifications or marketing messages, standard message and data rates from your carrier may apply. You can opt out at any time by replying STOP to any message. For help, reply HELP. We will process your unsubscribe request within 10 business days in compliance with CASL. Note that opt-out from SMS marketing does not affect transactional SMS (e.g., account security alerts).

16. Children

The Platform is intended for users who are at least 18 years of age. We do not knowingly collect personal information from individuals under 18. If you believe a minor has provided us with personal information, please contact us at contact@eepic.ca and we will take steps to promptly delete it.

17. Do-Not-Track

Our Platform does not currently respond to browser “Do-Not-Track” (DNT) signals, as there is no universally accepted standard for how DNT should be interpreted. You can manage tracking preferences through our cookie settings or your browser.

18. Breach Notification

In the event of a security incident involving your personal information that creates a real risk of significant harm, we will notify you and, where required, the Office of the Privacy Commissioner of Canada and/or other applicable regulators as required by PIPEDA and any other applicable law. We maintain an incident response plan and conduct post-incident reviews to prevent recurrence.

19. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via in-app notification and/or email at least 14 days before the changes take effect. The “Last updated” date at the top of this Policy reflects the most recent revision. Your continued use of the Platform after the effective date of any update constitutes your acceptance of the revised Policy.

20. Contact & Complaints

For privacy questions, requests, or complaints, please contact our Privacy Officer:

If you are not satisfied with our response, you have the right to file a complaint with:

• Canada: Office of the Privacy Commissioner of Canada
• EU/EEA: your local Data Protection Authority
• UK: Information Commissioner’s Office (ICO)