Effective as of 1 July 2025
Thank you for choosing StoryCraft Marketing Inc. (“StoryCraft,” “we,” “us,” or “our“). Protecting your privacy is fundamental to the way we do business. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our websites (including storycraft.marketing, surefunnels.ca, and related sub‑domains), purchase products or services (such as StorySite Hosting & Care), or interact with us in any manner.
Key Canadian Law: Because StoryCraft is headquartered in Ontario, Canada, we primarily follow the Personal Information Protection and Electronic Documents Act (PIPEDA). Where we serve individuals in other jurisdictions (e.g., the European Economic Area or California), we also account for regional requirements such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Personal Information We Collect
We collect information that can identify you (“Personal Information”) in the following categories:
| Category | Examples | Source |
|---|---|---|
| Account & Contact Data | Name, business name, mailing address, phone number, email address, login credentials | Directly from you when you create an account, fill out a form, or contact us |
| Payment Data | Last four digits of credit card, card type, billing address, transaction ID | Payment details are processed by SureCart and its processors (e.g., Stripe or PayPal). We do not store full card numbers. |
| Website Content Data | Text, images, or files you upload to your hosted WordPress site | Directly from you during service use |
| Support & Communications | Support tickets, emails, chat transcripts, call recordings (if applicable) | Directly from you |
| Usage & Device Data | IP address, browser type, referring/exit pages, timestamps, page interactions, cookie IDs | Automatically collected via cookies, web beacons, and analytics tools (e.g., Cloudflare, Google Analytics) |
| Marketing Preferences | Subscription status for newsletters, opt‑in/opt‑out choices | Directly from you |
We do not intentionally collect information from children under 13. If you believe a child has provided us personal information, please contact us so we can delete it.
2. How & Why We Use Personal Information
Under PIPEDA, we collect, use, and disclose Personal Information only for purposes a reasonable person would consider appropriate in the circumstances. Our primary purposes include:
- Service Delivery ‑ to set up and manage your hosting account, process payments, and provide technical support.
- Improvement & Analytics ‑ to monitor performance, diagnose issues, and enhance user experience.
- Security & Fraud Prevention ‑ to detect, investigate, and mitigate malicious activity.
- Communications ‑ to send invoices, service notices, product updates, and respond to inquiries.
- Marketing (with consent) ‑ to send newsletters, promotions, or event invitations you have opted in to receive.
- Legal & Compliance ‑ to meet tax, accounting, or lawful information‑request obligations.
Legal Bases under GDPR (where applicable)
- Contract – processing necessary to fulfil the services you request.
- Consent – e.g., for email marketing. You may withdraw consent at any time.
- Legitimate Interests – to improve our services, secure our network, and prevent fraud.
- Legal Obligation – where laws require us to process or retain certain data.
3. How We Share Personal Information
We do not sell Personal Information. We may share it only with:
- Service Providers & Sub‑Processors Provider Purpose Location SureCart / Stripe / PayPal Payment processing Canada, USA, or other regions depending on your locale Cloudflare DNS, CDN, security firewall USA & global edge network Cloud Infrastructure Partners Web‑hosting servers & backups (e.g., Vultr HF, DigitalOcean) Canada / USA Help Desk & CRM Support ticketing, email campaigns (e.g., HelpScout, FluentCRM) Canada / USA
- Professional Advisors – lawyers, accountants, auditors, subject to confidentiality.
- Law Enforcement or Regulators – when required by law or court order.
- Business Transfers – if we merge, sell, or reorganize assets, provided the recipient agrees to honour this Policy.
All third parties are contractually obligated to safeguard your data and use it only for the designated purpose.
4. International Data Transfers
StoryCraft and many of our service providers operate in multiple jurisdictions. When Personal Information is transferred outside Canada (e.g., to the United States or the European Union), we ensure comparable protections through contractual clauses or approved certifications (e.g., Standard Contractual Clauses for EU data, Stripe’s Binding Corporate Rules).
5. Security Measures
We employ administrative, technical, and physical safeguards proportional to the sensitivity of the data, including:
- TLS encryption in transit
- Encrypted-at-rest databases for hosting accounts
- Firewall and bot‑mitigation rules (Cloudflare WAF)
- Principle of least privilege for employee access
No system is 100 % secure, but we strive to minimise risks and train staff accordingly.
6. Data Retention
We retain Personal Information only as long as necessary for the purposes stated in this Policy, or as required by law (e.g., tax records for 7 years). Backups are purged on a rolling schedule (typically 30–60 days). Upon account closure, we remove your data from active systems within 60 days, unless retention is legally required.
7. Your Rights & Choices
Under PIPEDA and, where applicable, GDPR/CCPA, you may:
| Right | Description |
|---|---|
| Access | Request a copy of Personal Information we hold about you. |
| Correction | Update or correct inaccurate data. |
| Withdrawal of Consent | Opt out of marketing emails via the unsubscribe link or by contacting us. |
| Deletion (Right to Erasure) | Ask us to delete certain data, subject to legal exceptions. |
| Data Portability (GDPR) | Receive your data in a structured, machine‑readable format. |
| Complaint | Lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) if you believe we have mishandled your data. |
To exercise any of these rights, email [email protected] or write to the address below. We may verify your identity before fulfilling the request.
8. Cookies & Similar Technologies
We use cookies, pixel tags, and local storage to:
- Keep you logged in to your account
- Remember preferences & language settings
- Measure site performance via analytics (Google Analytics, Cloudflare Insights)
- Deliver relevant marketing messages (only if you consent)
You can adjust browser settings to refuse or delete cookies, but some site features may not function correctly.
9. Marketing Communications
- Opt‑In: We send marketing emails only if you expressly consent or where permitted by Canada’s Anti‑Spam Legislation (CASL).
- Opt‑Out: Click “Unsubscribe” in any marketing email or contact us to be removed from our mailing list.
10. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be announced on our website and, where appropriate, notified by email at least 30 days before they take effect. The “Effective Date” at the top indicates the most recent revision.
11. Contact Us
Email: [email protected]
We welcome your questions or concerns regarding privacy. We try to respond within 30 days.