Last Update: May 2026

1. Introduction; Scope. Flale respects your privacy and complies with applicable laws (PIPEDA, provincial acts, CCPA/CPRA, etc.). This Policy explains what personal data Flale collects via the website and services, how we use and protect it, and what choices you have. Terms defined here (e.g. “Personal Information” or “Personal Data”) follow legal definitions in each jurisdiction. This Policy applies to visitors to flalecommercialservices.com, clients, job applicants, employees and others whose data Flale processes.
    
2. Data Collected. We collect several types of data:

• • Contact/Inquiry Data: When you submit the “Request a Quote” form, we collect your name, company, phone, email and notes. (By submitting the form, you consent to be contacted.)
  • Usage Data: We use cookies and analytics tools to record pages visited, device/browser, IP address, and behavior on the site (clicks, forms, etc.) to improve the site and marketing. Typical analytics (e.g. Google Analytics) may set cookies or similar identifiers; see “Cookies” below.
  • Marketing Data: If you sign up for newsletters or communications, we store your email and marketing preferences.
  • Client Data: For contract clients, we collect business-related information (names, billing details, service schedules, etc.) as needed to deliver our cleaning services. This may include customer contact details and onsite preferences.
  • Payment Data: If any payments are processed through our site (e.g. deposit or online invoice payment), Flale will collect required billing/payment information (e.g. credit card, banking, address) only via secure third-party payment processors. Flale itself does not directly store raw payment card data. Our payment partners are PCI-compliant.
  • Employee/Contractor Data: For job applicants and staff, we collect resume info, employment history, tax ID, emergency contact, banking info (for payroll), and other HR data.
  • Social Media Data: If you communicate with us on social media or subscribe to our channels, we may collect information available on that platform (e.g. profile name) for engagement.

We do not knowingly collect sensitive data (e.g. health data) or minor data.

3. Purposes and Legal Basis. We use personal data for these primary purposes (legal bases in parentheses):

• • Service Delivery: To respond to quote requests, schedule and provide cleaning services, invoice clients, and communicate about services (necessary for contract performance).
  • Site Operations & Improvement: To operate the website, analyze usage, prevent fraud, and improve features (legitimate interest).
  • Marketing: To send promotional materials and newsletters if you opted in (consent under PIPEDA; legitimate interest under CCPA/CPRA, depending on jurisdiction). You may opt out at any time (see “Your Choices”).
  • Legal Compliance: To comply with legal obligations (e.g. tax reporting, employment law) or enforce terms (legal obligation).
  • Data Security: To protect against unauthorized access or breaches (legitimate interest).

We will not use your data for unrelated purposes without giving you notice and seeking consent if required.

4. Cookies and Tracking. We use cookies, pixels and similar technologies. These may include:

• • Essential cookies for site functionality (e.g. keeping you logged in or remembering selections).
  • Analytics cookies (e.g. Google Analytics) to understand site usage and improve performance. This data is usually aggregate; individual IPs may be anonymized.
  • Advertising/Targeting cookies (e.g. by Facebook or Google Ads) if you interact with our content, to display relevant ads. Under CA law, “sale”/“sharing” of data may trigger an opt-out right if we share identifiers with ad networks. We treat any use of cookies for third-party ads as a “sharing” of data; Californians may opt-out (see below).

We will not drop non-essential cookies until after obtaining your consent via our cookie banner (see Cookie Consent). You can manage or delete cookies in your browser settings at any time.

5. Data Sharing and Third Parties. We may share your personal data in these ways:

• • Service Providers: We use third parties (processors) to support our operations. For example: payment processors (e.g. Stripe, PayPal), CRM/email platforms (e.g. HubSpot, Mailchimp), cloud storage, website host, analytics (Google Analytics), and background-check or recruitment firms. Each processor is bound by contract to use data only as instructed and to maintain confidentiality and security.
  • Subcontractors: To provide cleaning services, Flale may use subcontracted cleaning teams. We will share only necessary client/site information (locations, access instructions) under written non-disclosure agreements. Subcontractors must keep data secure.
  • Legal Requirements: Flale may disclose data to comply with law enforcement requests, court orders, or legal processes.
  • Business Transfers: If Flale merges or sells its business, personal data may be transferred to the new owners under confidentiality obligations. We will notify you if possible.

We do not rent or sell your personal information to unrelated third parties for their marketing purposes. (Under CCPA/CPRA, “sell” or “share” is very broadly defined; we only engage in sharing for targeted ads as noted above, subject to opt-out.)

6. Data Retention. We retain personal data as needed to fulfill its purposes or legal obligations. For example:

• • Contact forms/inquiries: Retain for up to 3 years or until your request is addressed, unless you request earlier deletion.
  • Client service records: Retain for the duration of the client relationship and up to 7 years for legal/tax compliance (Canadian tax law).
  • Employee records: As required by employment laws (e.g. 7 years in Canada; different in U.S. states).
  • Cookies and analytics: Session cookies deleted on sign-out; analytics data anonymized or purged after 2-3 years.
    You may request deletion of data (see below); we will respond within the timeframe required by applicable law.

7. Data Security. We implement industry-standard safeguards to protect personal data: encryption of data in transit (HTTPS) and at rest where feasible, secure servers and firewalls, anti-malware, role-based access controls, unique logins and two-factor authentication for staff access, security audits, and staff training on data handling. Sensitive info (e.g. payment data) is handled only by PCI-compliant processors. We limit internal access to personal information on a need-to-know basis and require confidentiality agreements for employees and contractors.
     
8. Your Rights and Choices.

• • Access/Correction: Under PIPEDA and most U.S. laws, you can request access to your personal information held by us and request correction if it’s inaccurate or incomplete. We will respond within 30 days (with one 30-day extension if needed).
  • Deletion (Erasure): Subject to legal exceptions, you may request deletion of your personal data. We may decline if we have a legal obligation or overriding legitimate interest to retain it.
  • Portability: Canadian law does not explicitly have a portability right, but California and other U.S. laws do. Californians and residents of other covered states may request their data in portable form.
  • Opt-Out of Sale/Sharing: California residents have the right to opt out of the “sale or sharing” of their personal information (CCPA/CPRA). We do not “sell” data in the traditional sense; however, we do engage in “sharing” for targeted advertising (e.g. Google/Facebook). A cookie-banner or privacy link will enable Californians to opt out of targeted ads. Under CPRA, consumers also have the right to limit use of sensitive personal information (e.g. SSN, precise geolocation, health info).
  • Opt-Out of Marketing: You may unsubscribe from marketing emails at any time via the “unsubscribe” link. For SMS or phone marketing (if applicable), reply “STOP” to any message to opt out.
  • Withdraw Consent: In contexts where we rely on consent, you may withdraw it (e.g. uncheck non-essential cookies, unsubscribe from newsletters). Withdrawal does not affect lawful processing before withdrawal.
  • No Discrimination: We will not discriminate against you for exercising any of these rights (e.g. by denying access to the website).

For all requests, contact us (below). We may require verification of identity before processing. Some requests may be denied if they are manifestly unfounded (e.g. excessively repetitive).

 

9. Cross-Border Transfers. Flale is based in Canada, but some service providers (CRM, payroll, cloud storage, analytics) may be located in the U.S. or other countries. When transferring personal data outside Canada, we ensure an appropriate level of protection: either the country has adequate laws, or we put in place model contract clauses or binding agreements. We note this possibility in our privacy notices. Individuals are informed if their data is processed abroad (per Alberta PIPA requirements).
       
10. Children’s Privacy. Our services are not directed to children under 13 (Canada) or 16 (under CPRA’s enhanced sales rules). We do not knowingly collect personal data from minors. If we learn we have collected data from a child without parental consent, we will delete it.
        
11. Breach Notification. In the event of a data breach (unauthorized access, loss or disclosure of personal information), we will act promptly:

• • Assessment: We assess the breach risk. Under PIPEDA and Alberta PIPA, if there is a “real risk of significant harm” to individuals, we will notify the OPC or Alberta OIPC and affected individuals as soon as feasible. (Under Québec’s Law 25, we must notify the Québec Commission and individuals if serious injury is likely.)
  • Notice Content: Notification will describe the breach nature, data involved, risk of harm, mitigation measures, and contact information for further help, as required by law.
  • Timeliness: In the U.S., state laws (e.g. California Civil Code §1798.82) require notifying affected residents without unreasonable delay. We have templates and processes (below) to ensure compliance.
  • Recordkeeping: We keep detailed records of all breaches and responses (PIPEDA requires retaining all incidents, even if no harm).

12. Changes to This Policy. We may update this Privacy Policy (e.g. for new laws or business practices). Changes will be posted on the site with a “last updated” date. We will notify users of material changes as required (e.g. via email if you are a subscriber).
      
13. Contact Us and Complaints. For privacy concerns or to exercise your rights, contact our Privacy Officer at Flale Services, [Toronto Address]; email FlaleServices@gmail.com or use our website contact form. Canadians can also contact the Office of the Privacy Commissioner (opc-ccie@priv.gc.ca) or provincial privacy commissioners, and U.S. residents can contact their state AG or privacy agency.

Plain-Language User Summary

• What data do we collect? Basic contact info when you fill our quote form (name, email, phone, company), plus usage data via cookies when you browse our site. If you sign up for emails, we use your email address. We collect client information needed to do business (billing, schedule).
• Why do we collect it? To give you a quote and provide cleaning services, to improve our website, and to send you info if you agree. We do not sell your info.
• Who do we share with? Only with service providers who help us run the business (e.g. our payment processor, CRM, email service, subcontractors) and as required by law. All are under contract to keep your info safe and use it only for us.
• Cookies and Ads: We use cookies to track site usage. You’ll see a cookie banner asking your consent for non-essential cookies. You can choose to opt out of interest-based ads at any time (especially if you live in California, we must honor that opt-out.
• Your rights: You can ask us to show you your data, correct it, or delete it (subject to legal requirements). If you’re a Californian, you can opt out of “selling or sharing” your data, i.e., stop targeted ads. You can also unsubscribe from marketing at any time.
• Security: We protect your data with encryption, passwords, training, and limited access (e.g. only necessary staff see your info).
• Breach: If there’s a data leak that poses a serious risk to you, we’ll notify the privacy authorities and affected people promptly.
• Contact: For any questions or requests about your data, email FlaleServices@gmail.com. You can also complain to privacy regulators in Canada or the U.S.