Effective date: 2026-03-08

This Privacy Policy explains how Scaffold Insite Inc. ("Scaffold Insite", "we", "our", or "us") collects, uses, protects, and discloses personal data when you use the SLAM platform and related services (the "Service"). We align our privacy program with globally recognized standards and applicable legal requirements, including U.S. and Canadian privacy obligations.

1. Who we are

Scaffold Insite provides cloud software for scaffold lifecycle, workforce, and operational management. Primary hosting is in Canada with controlled use of approved service providers.

2. Scope and privacy roles

This Policy applies to personal data of users, employees, contractors, and other individuals whose information is entered into the Service. Depending on context, Scaffold Insite may act as:

• Controller/Business for account administration, platform security, billing, and support.
• Processor/Service Provider when processing customer-submitted personal data under customer instructions.

3. Categories of personal data we collect

• Identity and account data: name, email, role, company, project assignments, preferences.
• Authentication and security data: hashed passwords, login history, session identifiers, audit logs.
• Operational records: project entries, forms, timesheets, documents, photos, and related metadata.
• Device and usage data: IP address, browser/OS attributes, feature usage, timestamps, diagnostics.
• Support data: tickets, feedback, communications, and troubleshooting context.

4. Why we process personal data

• Deliver, operate, secure, and support the Service.
• Authenticate users and prevent fraud, abuse, and unauthorized access.
• Maintain records, auditability, and legal/regulatory compliance.
• Respond to user requests, incidents, and support matters.
• Improve products and platform capabilities using analytics and quality signals.

5. Legal bases and compliance framework

We process personal data as permitted by applicable law, including consent where required, contractual necessity, legitimate business interests (such as security and service improvement), and legal obligations. We maintain controls intended to satisfy applicable requirements in Canada (including PIPEDA and similar provincial laws), and relevant U.S. frameworks (including CCPA/CPRA and other state privacy laws where applicable).

6. Data ownership and rights model

Personal data belongs to the user/data subject, subject to rights and obligations under applicable law. Scaffold Insite processes personal data only for legitimate business purposes described in this Policy and the applicable service agreement.

Scaffold Insite retains rights in non-personal platform data, including system telemetry, performance metrics, operational statistics, de-identified data, aggregated analytics, and derivative insights generated through operation of the Service.

We do not sell personal data. We may use collected data (including de-identified and aggregated information) to improve product performance, reliability, user experience, and security.

7. Disclosure of personal data

• Service providers: hosting, communications, monitoring, and support vendors under written safeguards.
• Customer administrators: authorized workspace admins may access records in their tenant scope.
• Legal and safety disclosures: where required by law or necessary to protect rights and safety.
• Corporate transactions: merger, acquisition, or restructuring, subject to continued protection obligations.

8. International transfers and data residency

Data is primarily hosted in Canada. Where cross-border processing is required, we use contractual and organizational safeguards intended to provide an appropriate level of protection.

9. Security controls

We use layered administrative, technical, and physical safeguards, including encryption in transit and at rest, role-based access controls, least-privilege design, secure development practices, and security monitoring. No system can be guaranteed 100% secure.

10. Retention and deletion

We retain personal data only as long as needed for service delivery, legal compliance, dispute resolution, and enforcement of agreements. Customers may request export or deletion where available and legally permitted.

11. U.S. and Canadian privacy rights

Subject to applicable law, individuals may request access, correction, deletion, portability, restriction, or objection to certain processing. We will verify identity before processing requests and may coordinate with the relevant customer organization where required.

• Canada: rights and recourse may be available through federal/provincial privacy regulators.
• U.S. states: where applicable, we honor rights requests and do not sell personal data.

12. Cookies and similar technologies

We use essential and functional cookies to operate the Service, preserve sessions, and maintain security. We may also use analytics technologies to understand performance and improve the product.

13. Children's data

The Service is intended for business use and is not directed to children. We do not knowingly collect personal data from children in violation of applicable law.

14. Changes to this Policy

We may update this Policy periodically. Material changes will be communicated through the Service or by other reasonable means, with the updated effective date shown above.

15. Contact us

Privacy requests and questions: privacy@scaffoldinsite.com
Legal requests: legal@scaffoldinsite.com