Privacy Policy

Effective Date: April 22, 2026
Last Updated: April 22, 2026

Busy Blooming (operated as a sole proprietorship by Tessa Barclay in Ontario, Canada) respects your privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over it, when you use our website at https://busyblooming.ca, the Busy Blooming HQ members area at https://hq.busyblooming.ca, and any related services (together, the “Services”).
This policy is designed to comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

1. Information We Collect
1.1 Information you give us directly
•    Account information: name, email address, password or magic-link identifier.
•    Billing information: billing name, email, country, postal code, card details (card number, CVC, expiry). Full card details are submitted directly to our payment processor, Stripe, and are never stored on our servers.
•    Communications: any messages you send us by email, reply, or form submission, including support requests and feedback.
•    Profile content (optional): any information you choose to add to your HQ member profile.
1.2 Information collected automatically
•    Device and usage data: IP address, browser type, operating system, device identifiers, referring URL, pages viewed, links clicked, approximate location (city/region) derived from IP, and session timestamps.
•    Cookies and similar technologies: small data files stored in your browser to keep you logged in, remember preferences, and measure aggregate usage. See Section 5.
•    Push-notification tokens (if you opt in): a cryptographic endpoint identifier for your browser or device, used only to deliver notifications you have requested.
•    Podcast-feed tokens: if we introduce a private HQ podcast feed and you subscribe, we may generate a unique token tied to your account to authenticate your feed URL.
1.3 Information from third parties
•    Payment processor (Stripe): the last four digits of your card, card brand, expiry month/year, billing country, subscription status, invoice history, and in some cases tax status. We do not receive your full card number.
•    Email provider (Ghost / Mailgun): delivery, open, and click events for emails we send you.
•    Analytics and error-reporting providers (if enabled): pseudonymous usage events and crash/error reports.

2. How We Use Your Information
We use your information only for the purposes for which it was provided, and for closely related purposes that a reasonable person would expect:
•    To create and maintain your account.
•    To process payments, send invoices, and manage subscriptions.
•    To deliver the HQ content, audio, video, and notifications you have signed up for.
•    To send transactional messages about your account, security, billing, and changes to the Services.
•    To send membership updates and content announcements to current members (unless you have unsubscribed).
•    To respond to your questions, support requests, and feedback.
•    To operate, protect, debug, and improve the Services, including defending against fraud, abuse, and security incidents.
•    To calculate and remit applicable sales or value-added taxes.
•    To comply with applicable law, court orders, and lawful requests from public authorities.
We do not sell your personal information, rent it out, or share it with advertisers for targeted advertising.

3. Legal Bases for Processing
Where applicable under PIPEDA or equivalent law, we rely on one or more of the following bases:
•    Performance of a contract with you (delivering the Services you signed up for).
•    Your consent (for optional items like push notifications, non-transactional email marketing, or any cookies that require opt-in).
•    Our legitimate interests in operating, improving, and protecting the Services, provided these do not override your rights.
•    Legal obligation (for example, tax record-keeping).

4. Who We Share Information With
We share personal information only with trusted service providers who help us operate the Services, and only to the extent they need it to perform that service. Current providers include:
Provider    What they do    Where data lives
Ghost Pro    Membership platform, content management, email delivery    United States / European Union
Stripe, Inc.    Payment processing, billing, tax calculation, invoicing    United States
Bunny.net    Video and audio streaming for HQ content    Global CDN (primary: EU)
Cloudflare, Inc.    Push-notification worker and token storage (Cloudflare KV)    Global edge network
Mailgun / email relay (via Ghost)    Transactional and membership emails    United States / European Union
Apple / Google / Microsoft    Push-notification transport (only if you use their push services)    Global
Wix    Hosting and security for busyblooming.ca    United States / Global CDN
Each provider is bound by their own terms and privacy policy, and we require reasonable safeguards from each.
We may also disclose information:
•    To comply with a valid legal process (subpoena, court order, CRA request).
•    To protect the rights, safety, or property of Busy Blooming, members of HQ, or the public.
•    In connection with a sale, merger, or reorganization of the business (with notice to affected users).

5. Cookies and Similar Technologies
We use cookies and similar technologies to:
•    Keep you signed in to HQ (essential).
•    Remember your preferences (essential).
•    Measure aggregate usage so we can improve the Services (analytics).
•    Detect abuse and fraud (security).
You can control cookies through your browser settings. Disabling essential cookies may break sign-in and paid-content access.

6. International Transfers
Because some of our providers operate outside Canada (mainly in the United States and European Union), your information may be transferred to, stored, and processed in those jurisdictions. Where required, we rely on contractual safeguards to ensure your information receives a comparable level of protection. By using the Services you acknowledge this transfer.

7. How Long We Keep Information
•    Account data: while your account is active and for a reasonable period afterward to handle refunds, disputes, and audit needs (typically up to 24 months after closure, unless a longer period is required by law).
•    Billing records: for as long as required by Canadian tax law (currently 6 years from the end of the fiscal year to which they relate).
•    Transactional emails and logs: typically up to 12 months.
•    Push subscriptions: until you revoke notification permission in your device or browser, or we detect the subscription has expired.
•    Support messages: up to 24 months after the support issue closes.
When personal information is no longer needed, we delete or anonymize it.

8. Your Rights
Under PIPEDA and similar laws, you have the right to:
•    Access the personal information we hold about you.
•    Correct any information that is inaccurate or incomplete.
•    Withdraw consent for optional processing (such as marketing emails or push notifications) at any time.
•    Request deletion of your information, subject to any legal obligation we have to retain it (for example, tax records).
•    Request a copy of your information in a portable format.
•    Make a complaint to us (hello@busyblooming.ca) or to the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca.
To exercise any of these rights, email hello@busyblooming.ca from the address associated with your account. We respond within 30 days.

9. Security
We take reasonable administrative, technical, and physical safeguards to protect your information:
•    Passwordless magic-link authentication (no password reuse risk).
•    Payment card details handled exclusively by Stripe (PCI DSS Level 1 certified).
•    HTTPS on all services that handle personal data.
•    Principle-of-least-privilege access to production systems.
•    Routine backups and monitoring.
No system is 100% secure. If we discover a breach that creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada as soon as feasible, as required by law.

10. Children
The Services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us so we can delete it.

11. Do Not Track and Similar Signals
Because there is no common standard, our website does not currently respond to “Do Not Track” signals, but we honour all opt-outs listed in Section 8.

12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date and, where required, notify paid members by email or in-product notification. Your continued use of the Services after the effective date of an updated version means you accept the changes.

13. Contact Us
Privacy questions or requests:
Email: hello@busyblooming.ca
Our privacy contact is Tessa Barclay, reachable at the email address above.
Office of the Privacy Commissioner of Canada:
https://www.priv.gc.ca — 1-800-282-1376