Privacy Policy
Last Updated: February 2026
Quick Navigation
Introduction
BLUEcollar ("we," "our," or "us") is committed to protecting your privacy and ensuring transparency about how we handle your personal information.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application and website. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws.
Company Location: Oshawa, Ontario, Canada
What Information We Collect
Information You Provide
- Account Information: Name, email address, phone number
- Professional Information: Job title, company name, trade/union affiliation (e.g., "721 Ironworkers", "25 Millwrights"), years of experience
- Certification Data: Certification card images, card holder names, card numbers, issue and expiry dates, institution names, certification types
- Profile Image: Optional photo for your profile
Information Collected Automatically
- Device Information: Device type, operating system (for app functionality only)
- Crash Reports & Diagnostics: We automatically collect crash reports and diagnostic information when the app malfunctions. This includes technical details like error codes, device type, and operating system version to help us identify and fix bugs. This data is used solely to improve app stability and is not used for marketing purposes.
- Usage Data: Only collected if you consent to analytics
Information We Do NOT Collect
We explicitly do NOT collect:
- Social Insurance Numbers (SIN)
- Health records
- Union membership status or dues information
- Employer HR identifiers
- Location tracking data
- Biometric data (stored on-device only, never sent to servers)
- Financial information
- Government ID numbers
How We Protect Union Affiliation Data
Your complete trade/union affiliation (including local numbers like "721 Ironworkers") is:
- Stored ONLY in your encrypted user profile - Protected with XChaCha20-Poly1305 encryption at rest
- Never shared with third parties without your explicit consent
- Only YOU can access your specific union local information
If you enable Anonymous Analytics:
- Union local numbers are automatically stripped ("721 Ironworkers" becomes "ironworkers")
- Only the general trade category is used for aggregated statistics
- No individual identification is possible from analytics data
- Analytics data cannot be traced back to specific union locals
How We Use Your Information
Core Service Functionality (Required)
We use your information to provide the app's essential features:
- Profile Display: Show your name, job title, company, and professional details in your profile
- Certification Storage: Store, encrypt, and display your certification cards securely
- Expiry Notifications: Send timely reminders based on certification expiry dates (if enabled)
- Email Sharing: Generate shareable certification reports when you choose to send them
- Cloud Sync: Back up your data to secure cloud storage (if cloud backup is enabled)
- App Stability & Bug Fixes: Analyze crash reports to identify and fix technical issues
Experience Customization (Optional)
With your professional information (job title, trade, experience), we may:
- Personalize Onboarding: Provide trade-specific tips and guidance
- Suggest Features: Recommend relevant features based on your profession
- Customize Templates: Pre-populate common certification types for your trade
This customization happens on your device and does not require analytics consent.
Product Improvement with Analytics (Optional - Requires Consent)
ONLY if you enable Anonymous Analytics, we use aggregated, non-identifiable data to improve the app:
What We Analyze (Aggregated Only):
- Feature Development: Understand which trades need specific features
Example: "Ironworkers frequently upload welding certifications → build better cert templates" - User Experience: Identify workflow differences by experience level
Example: "Apprentices use manual entry 3x more → improve OCR for beginners" - Market Research: Identify industry trends to prioritize development
Example: "Construction users request expiry alerts 2x more → enhance notifications" - Performance Optimization: Understand usage patterns to improve app speed
Example: "Users with 10+ certifications experience lag → optimize card loading"
How Analytics Works:
- ✅ Individual Tracking: We NEVER track individual user behavior or create personal profiles
- ✅ Aggregation Only: All analytics are grouped and anonymized
- ✅ "500 users in ironworker trades"
- ✅ "Journeymen upload 5 certifications on average"
- ✅ "Construction industry has 60% cloud backup adoption"
- ❌ NOT "John Doe from Local 721 Ironworkers uploaded 3 certifications"
- ✅ No Cross-User Profiling: Your data is never combined with other sources to profile you
- ✅ Minimum Group Size: We only report metrics for groups of 10+ users
- ✅ Consent Required: Analytics only collected if you explicitly enable "Anonymous Analytics"
- ✅ Withdrawal Anytime: Disable analytics consent at any time in Settings to stop data collection immediately
| Purpose | Legal Basis |
|---|---|
| Store and display your certifications | Contract performance |
| Enable cloud backup and sync across devices | Your consent |
| Share certifications when you explicitly request | Your consent |
| Send service-related notifications (expiration reminders, etc.) | Legitimate interest |
| Collect crash reports and diagnostics for bug fixing | Legitimate interest (service stability) |
| Improve our services with aggregated analytics | Your consent (analytics) |
| Comply with legal obligations and security | Legal requirement |
We will NEVER:
- Sell your personal data or aggregated data to third parties
- Share data with employers or unions without your explicit consent
- Use your data for advertising or targeted marketing purposes
- Profile individual users for any purpose
- Share your certifications publicly unless you explicitly request it
- Track your individual behavior or identify you in analytics
- Train AI models on your certification content
Data Sharing & Disclosure
When We May Share Your Data
- With Your Consent: When you explicitly request to share certifications (e.g., via email, supervisor reports)
- Service Providers: With trusted third-party services that help us operate the app (subject to strict confidentiality agreements)
- Legal Requirements: When required by law (court order, regulatory investigation, etc.)
- Security: To prevent fraud or protect user safety
Our Service Providers
We use the following third-party services (all are bound by confidentiality agreements):
- Firebase (Google): Cloud storage, authentication, and database services
- SendGrid: Email delivery (only when you choose to share certifications)
- Google Cloud Platform: Infrastructure and security services
These providers can only access data necessary to provide their specific service and are prohibited from using your data for any other purpose.
Security & Data Protection
We implement industry-standard security measures to protect your information:
Encryption & Protection
- XChaCha20-Poly1305 Encryption: Sensitive data is encrypted at rest
- TLS 1.2+ Encryption: All data in transit is encrypted
- Secure Key Storage: Encryption keys are stored securely using hardware-backed security
- Access Controls: Data is scoped to individual users - no cross-user access possible
- Audit Logging: All security-relevant events are logged for compliance monitoring
Account Security
- Use strong, unique passwords
- Enable biometric authentication when available
- Never share your login credentials
- Log out when using shared devices
- Notify us immediately if you suspect unauthorized access
Your Privacy Rights (PIPEDA Compliance)
As a Canadian resident and BLUEcollar user, you have the following rights:
Right to Access
You have the right to request and receive a copy of all personal information we hold about you. Use the "Export My Data" feature in Settings → Privacy & Data within the app.
Right to Correction
You can update or correct any inaccurate or incomplete information through your account settings or by contacting us directly.
Right to Deletion
You can delete your account and all associated data permanently at any time. Use Settings → Privacy & Data → Delete Account in the app. This action cannot be undone.
Right to Withdraw Consent
You can withdraw consent for optional features at any time through Settings → Privacy & Data. This will not affect the lawfulness of processing before withdrawal.
Right to Data Portability
You can export your data in JSON format through the app for use with other services.
Right to Opt-Out
You can opt out of non-essential communications (analytics, marketing) while continuing to use core app features.
Right to File a Complaint
If you believe your privacy rights have been violated, you have the right to file a complaint with the Privacy Commissioner of Canada at www.priv.gc.ca.
Data Storage & Location
Where Your Data Is Stored
Your data is stored using Firebase Cloud services in Canadian data centers:
- Region: northamerica-northeast1 (Montreal, Quebec)
- Jurisdiction: Canada
- Data Sovereignty: All data remains within Canada
Data Retention
- Active Accounts: Data is retained as long as your account is active
- Deleted Accounts: All data is permanently deleted within 30 days of account deletion
- Backup Data: Cloud backups are deleted according to Firebase retention policies
- Audit Logs: Security logs are retained for 12 months for compliance purposes
Children's Privacy
BLUEcollar is not intended for users under 18 years of age. We do not knowingly collect personal information from users under 18. If we learn that we have collected personal information from a user under 18, we will delete such information promptly.
Third-Party Links
Our website and app may contain links to third-party services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date.
Your continued use of the app after changes are posted constitutes your acceptance of the revised Privacy Policy.
Contact Us
Questions About Your Privacy?
If you have any questions about this Privacy Policy or our privacy practices, please contact us:
Email: privacy@bluecollarapps.ca
Support: support@bluecollarapps.ca
Admin: admin@bluecollarapps.ca
Location: Oshawa, Ontario, Canada
We typically respond to privacy inquiries within 5 business days.
This Privacy Policy is effective as of February 2026 and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA).