Privacy Policy

Effective date: March 24, 2026  ·  Last updated: March 24, 2026

Plain-language summary: We collect the minimum information needed to provide our yard management software. We do not sell your data. You can request access to or deletion of your personal information at any time by contacting us.

1. Overview

Pleroma Inc. ("Pleroma," "we," "us," or "our") operates a cloud-based yard management platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our marketing website at pleroma.systems or use our Service.

We are governed by Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, provincial privacy legislation including Quebec's Act respecting the protection of personal information in the private sector (Law 25 / Bill 64). By using the Service you consent to the practices described in this Policy.

2. Definitions

Personal Information
Information about an identifiable individual, as defined under PIPEDA.
Customer
An organization that subscribes to the Service.
End User
An individual (employee, contractor, jockey driver) authorized by a Customer to use the Service.
Customer Data
All operational data (shunts, trailers, docks, yard activity) submitted by a Customer through the Service.
Usage Data
Automatically collected technical data about how the Service is accessed and used.

3. Information We Collect

Information you provide directly

  • Account information: Name, work email address, job title, and organization name when you register or are invited to the Service.
  • Billing information: Company billing address and payment details (processed by our third-party payment processor; we do not store full card numbers).
  • Communications: Information you send us in support requests, feedback forms, or email correspondence.
  • Driver / jockey profiles: Operational profiles created by Customers for yard personnel, which may include name, employee ID, and shift records.

Information collected automatically

  • Log data: IP address, browser type, pages viewed, time and date of visits, referring URLs.
  • Device data: Device type, operating system, and unique device identifiers.
  • Usage data: Feature interactions, session duration, and in-app activity patterns used to improve the Service.
  • Cookies and similar technologies: See Section 9 (Cookies).

Information from third parties

  • Identity provider: If your organization uses single sign-on (SSO), we receive your name and email from your identity provider.
  • Payment processor: Billing status and transaction identifiers from our payment processor.

4. How We Use Information

We use personal information only for the purposes for which it was collected, or for compatible purposes:

  • To provision, operate, and maintain the Service
  • To authenticate users and enforce access controls
  • To process payments and manage subscriptions
  • To send transactional communications (account confirmations, invoices, security alerts)
  • To respond to support requests and inquiries
  • To send product updates and marketing communications (with consent, and with an opt-out in every message)
  • To analyze aggregated, de-identified usage data to improve the Service
  • To detect, investigate, and prevent fraud, security incidents, and abuse
  • To comply with applicable law and legal obligations

We do not use Customer Data to train machine learning or AI models without explicit written consent from the Customer.

5. Sharing & Disclosure

We do not sell, rent, or trade personal information. We may share information in the following circumstances:

Service providers (processors)

We engage third-party vendors to provide infrastructure, payments, authentication, customer support, and analytics. These vendors process data only on our instructions under written data processing agreements and are not permitted to use data for their own purposes. Key categories include cloud hosting and storage, authentication services, payment processing, and error monitoring tools. For Customers whose data processing requires a formal agreement, our Data Processing Agreement (DPA) is available at pleroma.systems/dpa.

Legal requirements

We may disclose information if required by law, regulation, court order, or valid government request, or when we believe disclosure is necessary to protect our legal rights or the safety of others.

Business transfers

If we undergo a merger, acquisition, or sale of assets, personal information may be transferred to the successor entity. We will notify affected users before their information becomes subject to a materially different privacy policy.

With your consent

We may share information for any other purpose with your explicit consent.

6. Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, to maintain your account, and to comply with legal and contractual obligations.

  • Account data: Retained for the duration of the subscription plus up to 90 days following termination to allow for account recovery.
  • Customer Data: Deleted or returned upon request following subscription termination, subject to our standard offboarding process.
  • Billing records: Retained for seven (7) years to comply with Canadian tax and accounting requirements.
  • Log and usage data: Typically retained for 12 months, then aggregated or deleted.

7. Security

We implement technical and organizational safeguards appropriate to the sensitivity of the information, including encryption in transit (TLS) and at rest, role-based access controls, multi-factor authentication for internal systems, regular security assessments, and incident response procedures.

No system is completely secure. In the event of a breach involving personal information, we will notify affected individuals and, where required, the Office of the Privacy Commissioner of Canada (OPC) in accordance with PIPEDA's mandatory breach reporting rules.

8. Your Rights

Subject to applicable law, you have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that inaccurate or incomplete information be corrected.
  • Deletion: Request deletion of your personal information, subject to legal retention obligations.
  • Withdrawal of consent: Withdraw consent to processing at any time, where processing is based on consent, subject to legal and contractual restrictions.
  • Portability (Quebec): If you are a Quebec resident, you have the right to receive your personal information in a structured, commonly used technological format.
  • Complaint: Lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca, or if you are a Quebec resident, with the Commission d'accès à l'information (CAI) at cai.gouv.qc.ca.

To exercise these rights, contact us using the information in Section 13. We will respond within 30 days. In some cases, your rights are exercised through your employer (the Customer) as the data controller for your operational data.

9. Cookies & Tracking Technologies

We use cookies and similar technologies on our marketing website and within the Service for the following purposes:

  • Essential: Required for authentication, session management, and core Service functionality. Cannot be disabled.
  • Analytics: Aggregate, anonymized usage data to understand how visitors interact with our site.
  • Preferences: Remember your settings and preferences across visits.

You can control cookies through your browser settings. Disabling non-essential cookies may affect some features of the marketing site but will not affect your ability to use the core Service.

10. Cross-Border Transfers

Our primary infrastructure is hosted in Canada. However, some of our service providers are located in the United States or other jurisdictions. When we transfer personal information outside Canada, we take steps to ensure an equivalent level of protection applies, including contractual safeguards consistent with PIPEDA Schedule 1 accountability principles and, where applicable, Quebec Law 25 requirements for privacy impact assessments (PIA) on cross-border data transfers.

11. Children

The Service is designed for business use and is not directed at individuals under 18. We do not knowingly collect personal information from minors. If you believe a minor has submitted information to us, please contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on our website with an updated effective date. For material changes, we will provide additional notice (such as a banner on the Service or an email to account holders) at least 30 days before the change takes effect. Your continued use of the Service after that date constitutes acceptance of the revised Policy.

13. Contact & Privacy Officer

Questions, requests, or complaints regarding your personal information can be directed to our Privacy Officer:

Pleroma Inc.
Attn: Privacy Officer
[Street Address, City, Province, Postal Code]
Email: privacy@pleroma.systems

We will acknowledge your request promptly and respond within 30 calendar days. If you are not satisfied with our response, you may escalate to the Office of the Privacy Commissioner of Canada.