KlikBee — Legal documents
Privacy Policy
DRAFT version — 2026-06-18
This policy is currently under review by legal counsel and must be validated before KlikBee's public launch. All fields marked [TO BE COMPLETED] will be finalized by Pierre Savignac and counsel.
Version: 1.1-draft · Last updated: 2026-06-18 · Version française
1. Identity of the data controller
- Trade name: KlikBee
- Responsible person: Pierre Savignac
- Postal address: 5-910, chemin du Lac, Longueuil (Quebec) J4J 1W1
- General contact email: bonjour@klikbee.ca
- Privacy Officer (Person in Charge of Protection of Personal Information) email: confidentialite@klikbee.ca
2. Categories of personal information collected
2.1 Information about KlikBee users
- Identification: email, first name, last name, locale (language preference)
- Authentication: password (hashed with bcrypt, never stored in plain text)
- Technical metadata: IP address, user agent, connection timestamps
- Billing data: full name, billing address, Stripe identifier (Note: card numbers are never transmitted to or stored by KlikBee — they are processed directly by Stripe)
- (Optional) Phone number for SMS MFA
2.2 Information about contacts imported into the CRM
When a user imports contacts into their KlikBee CRM, the following data may be processed:
- Identification: first name, last name, email, phone, postal address
- Professional data: title, company, industry
- Tax data: NEQ, BN, GST/QST numbers if provided
- Notes and custom fields (free text): any content entered by the KlikBee user
Important: for imported contacts, the KlikBee customer (the SMB) is the data controller (Act 25, section 18.3). KlikBee acts as data custodian (processor).
2.3 Information generated by application usage
- Conversation history with the AI assistant (Claude)
- Audit logs (who did what and when)
- Active sessions (IP, user agent, timestamps)
3. Purposes of processing
- Provide the KlikBee service (CRM, automations, AI assistant)
- Authenticate and secure accounts
- Bill the service (via Stripe)
- Improve the product (anonymized analytics)
- Detect abuse and anomalies (security logs)
- Comply with legal obligations (retention required by law)
4. Legal basis for processing
- Contract performance: authentication, billing, service delivery
- Consent: use of the AI assistant, non-essential cookies
- Legitimate interest: security, abuse detection, fraud prevention
- Legal obligation: invoice retention (Canadian and Quebec tax regulations)
5. Third parties to whom information is disclosed
KlikBee relies on subcontractors to deliver its service. Personal information may be disclosed to the following entities:
| Subcontractor | Location | Purpose | Documentation |
|---|---|---|---|
| Supabase Inc. | (per configuration) USA or Canada (Montreal) | Database, authentication, file storage | supabase.com/privacy |
| Anthropic PBC | USA (California) | Artificial intelligence service (Claude) | anthropic.com/legal/privacy |
| Stripe Inc. / Stripe Payments Europe Ltd. | Ireland or USA | Payments and billing | stripe.com/privacy |
| Vercel Inc. | USA | Application hosting | vercel.com/legal/privacy-policy |
| Trigger.dev Inc. | USA | Background job execution | trigger.dev/legal/privacy |
| Upstash Inc. | Global / USA | Attack protection (rate-limit) | upstash.com/static/trust/privacy.pdf |
| Functional Software Inc. (Sentry) | USA | Error detection and monitoring | sentry.io/privacy |
| Canada Post / Loqate (GBG group) | Canada (Canada Post); processing by Loqate outside Canada (Australia, United States, United Kingdom) | Postal address autocomplete and validation | loqate.com/privacy |
| Resend, Inc. | USA | Transactional email delivery (account confirmation, invoices and quotes, exported accounting packages, account lifecycle notifications) — including attachments | resend.com/legal/privacy-policy |
| Plausible Insights OÜ (Plausible Analytics) | European Union (Germany) | Audience measurement for the klikbee.ca marketing site — no cookies and no persistent identifier | plausible.io/privacy |
Communication outside Quebec: KlikBee discloses personal information outside Quebec (primarily to the United States, and — for address validation — to Australia and the United Kingdom). A Privacy Impact Assessment (PIA / EFVP) was performed beforehand (Act 25, section 17). This assessment is available upon request to the Privacy Officer.
KlikBee never sells or rents personal information to third parties for marketing purposes.
6. Retention period
- Active user accounts: for the entire duration of the contract
- After termination: 30 days to allow recovery, then deletion
- Audit logs: 24 months (compliance and security)
- Session logs: 12 months
- Failed login attempts: 30 days
- Billing data: 7 years (Canadian federal tax obligation)
- Import files (CSV/XLSX): 90 days after import then automatic purge
7. Your rights
Under the Quebec Act respecting the protection of personal information in the private sector (Act 25), you have the following rights:
- Right of access: obtain a copy of the personal information about you
- Right of rectification: have inaccurate or incomplete information corrected
- Right to erasure: request the deletion of your information (subject to legal obligations)
- Right to data portability: receive your information in a structured, commonly used format
- Right to withdraw consent: withdraw consent at any time previously given
- Right to de-indexation: not applicable (KlikBee is not a search engine)
7.1 Exercising your rights
You may exercise your rights:
- From your account: Settings → My data (link to /mes-donnees)
- By email to: confidentialite@klikbee.ca
- By postal mail to: 5-910, chemin du Lac, Longueuil (Quebec) J4J 1W1
KlikBee will respond to your request within a maximum of 30 days. For complex requests, this period may be extended by a maximum of 30 additional days with notification.
7.2 In case of refusal or disagreement
If you believe your rights have not been respected, you may:
- Request an internal review by writing to the Privacy Officer
- File a complaint with the Commission d'accès à l'information du Québec (CAI): cai.gouv.qc.ca
- Initiate civil legal action
8. Security measures
KlikBee implements technical and organizational measures to protect your personal information, including:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Multi-factor authentication (MFA) available
- Strict isolation between organizations (Row-Level Security in PostgreSQL)
- Continuous monitoring and anomaly detection
- Strong password policy (minimum 12 characters with character classes)
- Audit log of all sensitive actions
- Regular penetration testing
9. Breach notification
In case of a privacy breach presenting a serious risk of harm to data subjects, KlikBee undertakes to:
- Notify the Commission d'accès à l'information as soon as possible(generally < 24h)
- Notify affected individuals
- Document the breach in an internal register
10. Cookies and similar technologies
KlikBee uses cookies for:
- Essential (always active): authentication, session, language preferences, security (CSRF)
- Analytics (with consent): anonymized audience measurement
- Marketing (with consent): not currently used
You may manage your consent at any time through the consent banner at the bottom of the page.
11. Minors
KlikBee is intended for businesses and is not designed for persons under 14 years of age. No personal information is knowingly collected from a minor without parental consent.
12. Modifications to this policy
KlikBee may modify this privacy policy to reflect legal or operational changes. Users will be notified by email at least 30 days before substantial changes take effect.
13. Effective date
- Effective date: [TO BE COMPLETED on public launch]
- Last updated: 2026-06-18 (DRAFT version)
- Version: 1.1-draft
14. Contact
For any questions about this policy or your personal information:
- Privacy Officer email: confidentialite@klikbee.ca
- Postal mail: 5-910, chemin du Lac, Longueuil (Quebec) J4J 1W1