Cultivation Management Suite · Built for Audit · Canada-First
Cultivation Management Suite · Built for Audit · Canada-First
KiP Ai CMS (the "Service") is committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based cannabis cultivation management platform.
Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service.
When you create an account with KiP Ai CMS, we collect personal information including your name, email address, password (encrypted), phone number, and organization or facility name. We also collect your physical address and, if applicable, your cannabis cultivation license information.
As you use the Service, we collect operational data from your cultivation facility, including facility layout information, sensor data, cultivation parameters, growth metrics, harvest records, and related facility management information. This data is essential to provide the core features of the Service.
We automatically collect information about how you interact with the Service, including login times, pages accessed, features used, time spent in the application, browser type, IP address, and device information. This helps us understand user behavior and improve the Service.
When you subscribe to the Service, we collect billing information including your billing address and payment method details. Payment processing is handled securely by Stripe, and we do not store your complete credit card information on our servers.
If you contact our support team, we collect and retain copies of your communications, including emails, support tickets, and chat logs, for the purpose of providing customer support and improving our services.
We use cookies, web beacons, and similar tracking technologies to enhance your experience, maintain session information, and gather analytics data. See Section 8 for more details.
We use your facility data and account information to provide, maintain, and improve the Service, including monitoring your cultivation operations, generating analytics reports, and delivering AI-powered insights tailored to your facility.
We use your billing information to process subscription payments, manage your account, send billing statements, and handle refund or dispute requests.
We analyze aggregated and anonymized usage data to understand platform usage patterns, identify performance issues, optimize features, and develop new capabilities that benefit all users.
With your consent, we use facility and cultivation data to power our AI-driven features, including predictive analytics, optimization recommendations, and anomaly detection. Your data is processed securely and only used to enhance features you have enabled.
We use your contact information to respond to support requests, send important service updates, notify you of changes to our policies, and communicate about your account. You may opt out of non-essential communications at any time.
We use your information as required by law, including to comply with legal obligations, respond to government requests, protect the safety and security of our users, and enforce our Terms of Service.
Your data is stored on Google Cloud Platform (GCP) and Firebase services. These are industry-leading cloud infrastructure providers with robust security measures. Your facility data, account information, and related personal information are stored in data centers located in North America, specifically in Canadian and United States regions.
Your data is stored on Google Cloud (Firebase + Firestore) infrastructure in the United States (nam5 multi-region). KiP applies PIPEDA-aligned data-handling controls — encryption at rest and in transit, soft-delete audit trails on destructive operations, and daily Firestore exports for disaster recovery. Canadian data-residency migration is roadmapped as a prerequisite for LP Pro tier availability.
We maintain automatic backups of your data to ensure continuity of service and protection against data loss. Backups are stored securely using the same protections as your primary data.
We use Stripe to securely process your subscription payments. Stripe is a certified PCI DSS Level 1 service provider and complies with international payment processing standards. We do not share your full credit card details with anyone.
We use Google Analytics to collect aggregated, anonymized information about how users interact with our Service. Google Analytics does not identify individual users and respects privacy standards. You can opt out of Google Analytics tracking through your browser settings or opt-out extensions.
We use Sentry to monitor application errors and performance issues. Sentry may collect error logs and stack traces to help us identify and fix bugs. Error logs are retained for 30 days and do not contain sensitive personal information.
With your explicit consent, facility images and media you upload are processed using Google Gemini AI for plant health analysis, anomaly detection, and growth insights. Only images you choose to upload for analysis are sent to Gemini, and this data is not used to train Gemini models beyond improving that specific feature.
We do not sell, rent, or lease your personal information to third parties. We only share information with third-party service providers as necessary to deliver the Service, and we require them to maintain the same level of privacy protection.
As long as your subscription is active, we retain your facility data, cultivation records, analytics, and account information to provide continuous service. This data is essential for the ongoing operation of your account.
Upon your request to delete your account, we immediately remove your personal information from active systems. Your facility data is retained in secure backups for 30 days in accordance with our standard data retention policy, and then permanently deleted. After 30 days, your data is no longer accessible or retrievable.
Support tickets and communication records are retained for two years for quality assurance, compliance, and dispute resolution purposes.
Aggregated, anonymized data that cannot identify individuals may be retained indefinitely for analytics, research, and service improvement purposes.
If we receive a legal request or court order, we may retain data longer than normally specified to comply with legal obligations.
You have the right to request access to all personal information we hold about you. You can request this by contacting privacy@kipai.ca. We will provide you with a copy of your information within 30 days.
You have the right to request that we correct any inaccurate or incomplete personal information. You can update most information directly in your account settings, or request corrections by contacting us.
You have the right to request that we delete your personal information, subject to certain exceptions (such as information required by law or for dispute resolution). Your data will be deleted within 30 days of your request, except where we have a legal obligation to retain it.
You have the right to opt out of non-essential communications, marketing emails, and certain data uses. You can manage your communication preferences in your account settings or by contacting us.
For any processing based on your consent (such as AI image analysis), you may withdraw consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent given before withdrawal.
To exercise any of these rights, contact us at privacy@kipai.ca with a clear description of your request and proof of identity. We will respond to your request within 30 days.
We use the following types of cookies:
You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Please note that disabling essential cookies may prevent you from using certain features of the Service.
Our third-party service providers (Google Analytics, Stripe, Sentry) may also set cookies on your device. Consult their privacy policies for information about their cookie practices.
All data transmitted between your device and our servers is encrypted using TLS/SSL (Transport Layer Security) protocols. This ensures that your information cannot be intercepted during transmission.
Sensitive data stored on our servers, including facility data and account information, is encrypted at rest using industry-standard AES-256 encryption.
Your password is hashed using bcrypt, a strong cryptographic hashing algorithm. We do not store passwords in plain text, and we cannot recover your password. If you forget your password, we provide a secure password reset process.
We use secure, session-based tokens to maintain your authenticated state. These tokens are securely stored and have expiration times to minimize unauthorized access risk.
We implement role-based access controls to ensure that employees and contractors can only access the data necessary to perform their job functions. All internal access is logged and audited.
We conduct regular security assessments and penetration testing to identify and remediate vulnerabilities.
While we implement comprehensive security measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, and you use the Service at your own risk.
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information and terminate the child's access to the Service.
Your information is primarily stored in North American data centers. If we transfer your information internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or other mechanisms approved by Canadian privacy regulators.
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of significant changes by email or by posting a prominent notice on the Service. Your continued use of the Service after any modifications constitutes your acceptance of the updated Privacy Policy.
If you have concerns about how we handle your personal information or believe we have violated your privacy rights under PIPEDA, you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC).
For inquiries or complaints, contact us first at privacy@kipai.ca. If you are not satisfied with our response, you may escalate to the OPC.
If you have questions about this Privacy Policy or our privacy practices, please contact us:
KiP AI Privacy Team
Email: privacy@kipai.ca
Mailing Address:
KiP AI
Ontario, Canada