Privacy Policy
How Hardcopy Crisis Systems handles your data — including the Primary Data Vault used by the Alberta Estate Tactical SOP. Plain language. No buried clauses.
Who We Are
Hardcopy Crisis Systems is a small Canadian publisher of field manuals for crises — estate administration, insurance disputes, and similar situations where Canadians need a structured workflow without a $400/hour lawyer on retainer.
This policy covers two surfaces:
- The marketing site at hardcopycrisis.com — where you read about the manuals and buy them
- The Primary Data Vault at vault.hardcopycrisis.com — the companion web app shipped with the Alberta Estate Tactical SOP for capturing estate asset inventories
What We Collect
On the marketing site
Browsing hardcopycrisis.com doesn't require an account. We collect minimal information:
- Standard server logs — IP address, browser type, pages visited, timestamps. Held by Cloudflare for traffic and security purposes.
- Contact form submissions — the name, email, and message you send through our contact form. Processed via Formspree.
- Purchase data — when you buy a manual, payment is processed by Stripe. Stripe collects payment details directly; we receive only your name, email, and the fact that you purchased a specific product.
In the Primary Data Vault
The Vault is designed for Operators capturing estate asset inventories. When you use it, the following data is created and stored:
- Estate records — the name you give the estate, the date created, sync codes generated
- Asset records — descriptions, valuations, categories, locations, notes that you enter for each asset
- Photos — images you capture or upload of assets
- Device identifiers — the Vault uses anonymous device tokens to associate captures from multiple phones to the same estate session via sync code
The Vault does not require you to create an account. There is no email signup, no password, no login. Everything is associated with the sync code you generate when you create an estate.
How We Use Your Data
We use the data described above for the following purposes only:
- To deliver the products you bought — purchase email triggers download link delivery
- To run the Vault — your captures, photos, and asset entries are stored so you and your sync-code helpers can access and export them
- To respond to you — when you contact us, we use your email to reply
- To keep the system working — server logs help us diagnose outages, abuse, and security issues
We do not use your Vault data to train AI models. We do not profile you for advertising. We do not sell your data to anyone for any reason.
Where Your Data Lives
Hardcopy Crisis Systems does not run its own data centers. We rely on three named third-party providers, each handling a specific layer:
| Provider | What lives there | Region |
|---|---|---|
| Cloudflare | Marketing site (HTML/CSS), file downloads (R2 object storage), DNS routing, server logs | Global edge / CDN |
| Vercel | The Vault application code (React/Next.js runtime). No estate data is stored on Vercel — only the app that talks to Supabase. | North America |
| Supabase | Estate records, asset records, photos. Postgres database + object storage. This is where your Vault data actually lives. | North America |
| Stripe | Payment processing for manual purchases. Card numbers never touch our infrastructure. | Global, regulated by FINTRAC (Canada) |
| Formspree | Contact form submission processing. | United States |
Each provider has its own privacy policy and security controls. By using our services you also become subject to those providers' policies for the relevant data.
Sync Codes & The Vault
The Vault uses an 8-character sync code as the access mechanism for an estate session. Anyone who knows the sync code for a given estate can:
- Add new asset captures to that estate
- View all existing captures, photos, and valuations
- Export the inventory as a GA2-ready PDF
Sync codes function like passwords. You are responsible for who you share the sync code with. If you give the sync code to a sibling, a helper, or a witness, they will have full read and write access to that estate's Vault contents until the estate is closed.
The SOP recommends recording sync codes on the printed Vault Password & PIN Log (Folder 05) and keeping it in your physical Originals Locker — not in a shared digital channel.
How Long We Keep It
Different data has different retention windows:
- Vault estate & asset data — retained as long as the estate session is active. You can request permanent deletion at any time (see Section 08).
- Vault photos — same as above. Stored in Supabase object storage. Deletion of an estate also removes its associated photos.
- Purchase records — retained for 7 years as required by Canada Revenue Agency record-keeping rules for sales tax and audit purposes.
- Contact form submissions — retained in Formspree for 60 days, then auto-purged. We may copy your message into our email if it requires a longer-running response.
- Server logs — Cloudflare retains standard request logs per their default policy (typically 30 days).
Who We Share With
We do not sell, rent, lease, trade, or transfer your data to any third party for marketing or commercial purposes. Period.
The only circumstances under which your data is disclosed:
- Service providers (above) — Cloudflare, Vercel, Supabase, Stripe, Formspree process specific data on our behalf as described in Section 04.
- Legal compulsion — if served with a valid Canadian court order, subpoena, or other binding legal demand, we will comply with the minimum required disclosure and (where legally permitted) notify you first.
- Sync code holders — anyone with whom you share a Vault sync code will see that estate's data. This is not a privacy breach by us — it is the sharing model you authorized when you generated the code.
Your Rights
Under Canadian privacy law (PIPEDA federally, Alberta's Personal Information Protection Act provincially), you have the right to:
- Access — request a copy of the personal information we hold about you
- Correction — request that we correct inaccurate information
- Deletion — request that we delete your Vault estate, photos, asset records, and any associated data
- Withdraw consent — stop using the Vault and request closure of any active estate sessions
- Complaint — file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the Office of the Information and Privacy Commissioner of Alberta (oipc.ab.ca) if you believe we have mishandled your data
To exercise any of these rights, email hello@hardcopycrisis.com with your request and the sync code (if applicable) for the estate in question. We respond within 30 days.
Security
We protect your data using the security controls available through our providers:
- HTTPS/TLS encryption on all data in transit
- Database-level row security policies in Supabase that restrict each estate's data to holders of the matching sync code
- No long-lived authentication tokens stored on our servers
- Cloudflare's standard DDoS and bot protection on our public surfaces
No system is 100% secure. If we ever discover a security incident affecting your data, we will notify you within 72 hours of discovery using the email associated with your purchase or — for unidentified Vault users — by posting a notice prominently on this site and on vault.hardcopycrisis.com.
Minors
The Hardcopy Crisis Systems products are designed for adults handling adult responsibilities (executor duties, insurance disputes). We do not knowingly collect personal information from anyone under the age of 18. If you become aware that a minor has provided personal information through our services, contact us at hello@hardcopycrisis.com and we will delete it promptly.
Changes To This Policy
We may update this policy as our services evolve, infrastructure changes, or legal requirements shift. When we do:
- We update the EFFECTIVE date at the top of this document
- For material changes (new types of data collected, new sharing recipients, weakened user rights), we post a prominent notice on the site for at least 30 days
- This page always reflects the current policy
Contact Us
Questions about this policy, your data, or your rights:
Hardcopy Crisis Systems — Privacy
For privacy-related requests, deletion requests, or anything else covered in this policy, send us an email. We respond within 30 days.
hello@hardcopycrisis.comFor complaints not resolved by us, you can contact:
- Office of the Privacy Commissioner of Canada — priv.gc.ca · 1-800-282-1376
- Office of the Information and Privacy Commissioner of Alberta — oipc.ab.ca · 1-888-878-4044