Privacy Policy
Last updated: July 2026
EastCoast WebCraft ("we," "us," or "our") is committed to protecting the privacy of our clients and website visitors. This policy explains what information we collect across our website, client portal, and the ECStores platform, how we use it, and your rights under Canadian privacy law (PIPEDA).
1. Information We Collect
Website visitors:
- Contact and quote form submissions — your name, email address, phone number (optional), organization details you choose to share, and your message or quote answers
- Anti-spam and security data — your IP address is processed by our forms for rate-limiting and abuse prevention
Clients with an account:
- Account information — your name, email address, and a password (stored only as a secure hash, never in plain text)
- Onboarding details — business name, website address, region, service interests, timeline, budget range, and any project description you provide
- Billing information — invoices, payments, and subscription records. If you save a payment card, the card itself is stored by Stripe, our payment processor; we store only the card brand, last four digits, and expiry date so you can recognize it in your portal
- Support and project communications — support tickets and information shared during an engagement
- Security logs — IP addresses and account activity recorded for fraud prevention, rate-limiting, and audit purposes
ECStores store owners: your store's product, order, and customer data is hosted on our infrastructure. You are the owner of your store's customer information; we host and process it only to provide the platform. You are responsible for your own store's privacy practices toward your customers.
2. Cookies & Tracking
We use a single functional session cookie, required for logging in to the client portal and admin areas. It expires after about one hour of inactivity and contains no tracking or advertising data.
We do not use analytics or advertising trackers — no Google Analytics, Facebook Pixel, Google Ads remarketing, or similar tools run on this site.
3. Payments & Automatic Billing
Payments are processed by Stripe in Canadian dollars. Full card numbers never touch our servers.
If you save a payment card for a subscription, we bill it automatically: our billing system instructs Stripe to charge your saved card on or after each billing date, without you needing to be present. You will receive an email receipt for every successful charge and a notice for every failed one. You can remove your saved card at any time in the client portal (Billing → Payment Method), which stops automatic charging; invoices then need to be paid manually before their due date.
4. How We Use Your Information
- To respond to your inquiries and prepare quotes
- To provide, bill, and support the services you've engaged us for — including web design projects, hosting, and ECStores stores
- To send transactional email about your account and services: email verification, invoices, receipts, payment-failure and card-expiry notices, service status notices (such as store suspension or restoration), and cancellation confirmations
- To secure our systems (rate-limiting, abuse and fraud prevention)
- To improve our website and services
We will never sell, rent, or trade your personal information to third parties for marketing purposes. We do not send marketing email without your consent.
5. Third-Party Services
Our websites are hosted on servers in North America. We use the following third-party services, each with its own privacy policy:
- Stripe — payment processing and saved payment cards
- Cloudflare Turnstile — bot protection on our registration form; when you register, your IP address and browser characteristics are sent to Cloudflare to verify you are human
- Content delivery networks — page assets (fonts, styles, scripts) are loaded from Google Fonts and jsDelivr; those services receive standard web request data (such as your IP address) when a page loads
- Email delivery — for the transactional messages described above
6. Data Retention
Contact form submissions are retained only as long as necessary to respond to and resolve your inquiry. Client billing and project records are retained for a minimum of 7 years as required by Canadian business record-keeping standards.
If an ECStores store is suspended or a subscription is cancelled (including for non-payment), the store's data is retained — not deleted — so service can be restored; see the Terms of Service for the suspension timeline. Store data is deleted permanently on your request or after a reasonable wind-down period following cancellation.
You may request deletion of your personal data at any time by contacting us; we will comply subject to the legal retention requirements above.
7. Security
All traffic to our sites is encrypted with HTTPS. Passwords are stored as secure one-way hashes. Access to client data is restricted to authorized personnel, and account activity relevant to security is logged.
8. Your Rights (PIPEDA)
Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to:
- Know what personal information we hold about you and request a copy
- Request correction of inaccurate information
- Withdraw consent for use of your information (subject to legal and contractual restrictions)
- Request deletion of your data (subject to the retention requirements in section 6)
- File a complaint with the Office of the Privacy Commissioner of Canada
9. Contact
For any privacy-related questions or requests, contact us at:
info@eastcoastwebcraft.ca
EastCoast WebCraft — Nova Scotia, Canada
This policy may be updated periodically. Material changes will be noted with an updated "Last updated" date above. Continued use of our website after changes constitutes acceptance of the revised policy.