Privacy Policy

Watchcraftbest.com (“Watchcraftbest Inc.”, “we”, “us”, “our”) operates a Canada-based software-as-a-service platform that enables craft studios and independent makers to track workshop hours, raw-material usage, finished-goods inventory, and customer orders under a monthly subscription. This Privacy Policy sets out how we handle personal information belonging to subscribers, their staff, suppliers, and site visitors.

Privacy Policy

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and equivalent provincial legislation.

What We Collect

Account identifiers: name, business email, province, preferred language, MFA secret
Workshop data: project timesheets, material SKUs, product photos, order ledgers, customer shipping details
Payment metadata: tokenised card reference, billing address, tax numbers
Device telemetry: IP address, browser build, login timestamps, error traces
Support artefacts: chat transcripts, call recordings, feedback

Why We Collect

We use this data to:

Calculate material depletion and inventory suggestions
Generate purchase recommendations and sales tax reports
Produce invoices and analytics to improve ergonomics
Send product or security notices and meet legal/audit obligations

Storage & Retention

Transaction archives and production logs: 7 years or CRA audit window
Diagnostic logs: retained for 12 months
Encrypted snapshots: 35-day rolling expiry

Accuracy & Access

Authorized administrators can view, export, or modify data via Settings → Data Console or by contacting privacy@watchcraftbest.com.

Consent

Consent is gathered expressly at sign-up and when linking tools. Implicit consent applies to essential operational logs. Withdrawal of consent may impact services and is clarified prior to action.

Accountability

Our Privacy Officer conducts annual audits and responds to data inquiries within 30 days.

GDPR

If you are in the European Economic Area (EEA), Watchcraftbest Inc. is:

Controller: for profile and billing data
Processor: for workshop and order data uploaded by users

Legal bases include:

Contract necessity (Art. 6(1)(b))
Legitimate interest (Art. 6(1)(f))
Legal obligation (Art. 6(1)(c))

EEA users may contact dpo@watchcraftbest.com to exercise data rights or file complaints with their supervisory authority.

Cookie Policy

4.1 Types of Cookies

Essential: session, CSRF, and load-balancer tokens
Preference: remembers dashboard settings like units, themes
Analytics: Matomo cookies (with IP truncation)
Marketing: optional, shown only after opt-in

4.2 How to Disable Cookies

Most browsers allow you to delete or block cookies. Disabling essential cookies will prevent login. Preference and analytics cookies can be declined via the consent banner or “Do Not Track.” Marketing cookies are opt-in and can be disabled under Account → Privacy.

Transfer to Third Parties

We do not sell personal information. Disclosures only occur with:

Canadian cloud hosts (Montréal and Calgary)
PCI-DSS Level 1 payment processors
Chartered Professional Accountants (for anonymised audits)
Legal/regulatory bodies as required
Law enforcement when necessary for fraud/public safety

All vendors sign Data-Processing Agreements aligned with PIPEDA and, where applicable, the EU Standard Contractual Clauses.

Data-Security Measures

AES-256-GCM encryption with tenant keys in FIPS 140-2 Level 3 HSMs
TLS 1.3 with Perfect Forward Secrecy
Zero-trust segmentation per workspace
WebAuthn MFA with role-based access
Hourly incremental & nightly full backups with 15-minute RPO
Ongoing vulnerability scanning, quarterly pen tests, annual SOC 2 Type II audit
Breach notifications within 72 hours of confirmation

Effective Date

This Privacy Policy takes effect on 13 June 2025 and replaces all earlier versions. Material changes will be announced by email and in-app at least 30 days in advance.