Privacy Policy

1. Who we are

CollisionMatrix is a product of LatitudeITP Inc., a software company incorporated in Ontario, Canada. We are the data controller for information collected through collisionmatrix.ca and the CollisionMatrix application. When you use CollisionMatrix to manage your customers' data, you are the controller of that data and we act as your data processor.

2. Information we collect

Information you provide directly

• Shop account data — shop name, address, logo, primary colour, billing details, and subscription information.
• Staff accounts — name, email address, role, and password (stored as a salted hash, never in plain text).
• Customer and vehicle records — name, contact details, vehicle details, VIN, insurance information, and repair history. This data belongs to your shop and your customers.
• Content you create — damage photos, inspection checklists, estimates, invoices, work orders, and repair reports.

Information collected automatically

• Usage logs — page views, feature interactions, and error logs used to diagnose issues and improve the platform.
• Technical data — IP address, browser type, device type, and session identifiers. Retained for up to 90 days on a rolling basis.

3. How we use information

• To operate and deliver the CollisionMatrix platform.
• To send transactional emails — estimate notifications, invoice links, appointment reminders, and account alerts.
• To diagnose and fix technical issues.
• To comply with legal obligations, including Canadian tax law.
• To improve the product based on aggregated, de-identified usage patterns. We never use your customers' data to train AI models or to improve services for other shops.

4. Sharing & sub-processors

We do not sell, rent, or share your data with third parties for their own marketing. We share data only with the sub-processors necessary to operate the platform:

• Supabase — database hosting (US East region).
• Cloudflare — R2 object storage for photos and PDFs; CDN.
• Stripe — payment processing for customer invoices and your subscription billing.
• Resend — transactional email delivery.
• Twilio — SMS notifications (optional, only if configured).

All sub-processors are contractually bound to process data only on our instructions and to maintain appropriate security standards.

5. Data storage & location

Database records are stored on servers in the United States (AWS US East region). Photo and document files are stored on Cloudflare's distributed edge network. Both are accessible to Canadian users with low latency. We are PIPEDA-compliant and, where applicable, meet the requirements of provincial privacy legislation.

6. Security

All data is encrypted in transit using TLS 1.2 or higher and encrypted at rest using AES-256. Access to production data is restricted to authorised LatitudeITP personnel on a need-to-know basis. Staff passwords are never stored in recoverable form. Customer portal passwords use PBKDF2-HMAC-SHA256 with per-user salts. We conduct periodic security reviews.

7. Retention

• Active accounts — shop data is retained while the subscription is active.
• After cancellation — a 30-day wind-down window during which data can be exported, then permanent deletion.
• Financial records — invoices and payments may be retained for up to 7 years to meet Canadian tax obligations.
• Technical logs — up to 90 days on a rolling basis.

8. Your rights

Under PIPEDA and applicable provincial law, you have the right to access the personal information we hold about you, to correct inaccuracies, and to request deletion. To exercise these rights, email privacy@collisionmatrix.ca. We will respond within 30 days.

9. Cookies

We use session cookies for authentication and local storage for your theme preference and portal session. We do not use third-party advertising cookies. We do not use cross-site tracking.

10. Contact

For any privacy question, access request, or concern: