Privacy Policy

Ask Norm ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use it, and your rights under PIPEDA and applicable Canadian privacy law.

We collect project details you provide, account information (email, password hash), and usage data. Payment information is handled entirely by Stripe — we never see or store your credit card number. We automatically collect technical data (browser type, device, anonymized IP) and session data. We use PostHog for anonymous product analytics only.

We use collected information to generate construction material estimates, process payments for PDF reports, save your past estimates, and analyze usage patterns to improve the Service. We do not sell your personal information to any third party. We do not use your information for advertising targeting.

Shopping lists contain affiliate links to Home Depot Canada and RONA. When you click these links, you are redirected to their websites governed by their privacy policies. We do not share your personal information with retailers — click tracking is anonymized.

We share data with: Clerk (authentication), Supabase (data storage), Stripe (payments), and PostHog (analytics). All providers are contractually bound to process your data in compliance with applicable privacy law. Chat messages are processed by Groq's AI API under their privacy policy.

Account data is retained for the life of your account plus 90 days after deletion. Saved estimates are retained until you delete them or your account. Payment records are retained as required by Canadian tax law (7 years). Anonymous analytics are retained indefinitely in aggregate form.

You have the right to access, correct, or delete your personal data. You may withdraw consent to data collection (note: this may prevent use of some features). To exercise these rights, email us at the address below. We will respond within 30 days and may verify your identity.

We use session cookies (via Clerk) for login, localStorage for client-side preferences (checkbox states), and analytics cookies (via PostHog). Analytics data is anonymized. You can disable cookies in browser settings, though some features may not function.

We implement HTTPS encryption, row-level security in Supabase, and Clerk-managed authentication with hashed passwords. No credit card data is stored by Ask Norm. No method of transmission is 100% secure, but we take reasonable steps to protect your information.

Ask Norm is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.

Ask Norm operates in Ontario, Canada. Some service providers (including Groq and analytics) may process data on servers in the United States. By using the Service, you consent to transfer of your information to countries where our service providers operate.

We may update this Privacy Policy. We will update the Effective Date. For material changes, we will notify registered users by email at least 14 days before the change takes effect.

For privacy-related questions, contact us at privacy@asknorm.ca.