Bois-à-Feu du Nord
Privacy Policy
Last updated: April 27, 2026
1. Introduction
Bois-à-Feu du Nord is committed to protecting your personal information in accordance with Quebec's Act respecting the protection of personal information in the private sector (Law 25) and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). This policy describes what information we collect, how we use it, and the rights available to you.
2. Information We Collect
We collect the following information: your email address, your first name (optional), your password (hashed with Argon2id — never readable), your reservation history, your loyalty points balance, your invitation code history, and your sign-in method (email or Facebook).
3. Facebook Sign-In
If you choose to sign in with Facebook, we receive your name and email address from Meta Platforms, Inc. servers. We do not store your Facebook password. Your Facebook access token is encrypted at rest using AES-GCM before being stored. You can revoke Bois-à-Feu du Nord's access to your Facebook data at any time in your Facebook account settings. Meta's privacy policy is available at: facebook.com/privacy/policy.
4. Payments via Stripe
Payments are processed by Stripe, Inc. (stripe.com), a PCI-DSS compliant payment service provider. We never store your full card number or sensitive payment data — we only retain a Stripe transaction confirmation token. See Stripe's privacy policy at: stripe.com/privacy.
5. Use of Information
Your information is used exclusively to: process and confirm your reservations, send transactional emails (confirmation, delivery, password reset), calculate and display your loyalty points balance, identify your account and prevent fraud, and meet our legal obligations.
6. Sharing of Information
We never sell, trade, or rent your personal information. We share it only with the service providers necessary to deliver our service: Stripe, Inc. (payment processing), our transactional email provider, and our hosting provider. These parties are bound by confidentiality agreements and may only use your data for the purposes for which it was shared.
7. Data Retention
We retain your personal information for the duration of your membership, then for two (2) years after account closure, unless a longer retention period is legally required. Transaction data is retained for seven (7) years in accordance with Canadian tax requirements.
8. Security
We apply appropriate technical and organizational measures to protect your data: password hashing with Argon2id, sensitive token encryption with AES-GCM, HTTPS/HSTS-secured communications, role-based access control, and audit logging of sensitive actions.
9. Your Rights
Under Law 25 and PIPEDA, you have the right to access your personal information, have it corrected, and request its deletion (subject to our legal obligations). To exercise these rights, contact our Privacy Officer at the address below. We commit to responding within thirty (30) days.
10. Cookies
We use only essential cookies required for authentication session management. These cookies are configured with the HttpOnly, Secure, and SameSite=Lax attributes. We do not use advertising, analytics, or third-party tracking cookies.
11. Changes to This Policy
We may update this policy from time to time. We will notify you of any material changes by email at least fifteen (15) days before they take effect. The date of the last update is shown at the top of this page.
12. Contact — Privacy Officer
For any questions about this policy or to exercise your rights, write to us at: [email protected] — Bois-à-Feu du Nord, Côte-Nord, Quebec.
