Legal

Privacy Policy

How Bedrock Safeguard Inc. collects, uses, and protects your personal information.

Summary: We collect minimal data, store it on Canadian infrastructure, never sell it, and you can request deletion at any time. We do not use cookies. We comply with PIPEDA.

1. Who We Are

Bedrock Safeguard Inc. is a Canadian cybersecurity firm based in Ontario, Canada. We provide threat intelligence tools and services to protect businesses from cyber threats. This privacy policy explains how we handle personal information collected through our website at bedrocksafe.ca and our free security tools.

Data Controller: Bedrock Safeguard Inc., Ontario, Canada
Privacy Contact: mike@bedrocksafe.ca

2. What Personal Information We Collect

Information You Provide

  • Contact form submissions: Name, email address, company name, inquiry type, and message content when you contact us through our website.
  • Breach Scanner: Email addresses submitted for breach checking. If you consent to monitoring, your email is stored for ongoing breach alerts.
  • Security Score: Domain names submitted for scanning. If you provide your email for report delivery, that email is stored temporarily.
  • Threat Lookup: IP addresses, domains, or file hashes you submit for analysis.

Information Collected Automatically

  • Hashed IP addresses: We hash your IP address for analytics purposes. We do not store raw IP addresses. The hash is one-way and cannot be reversed to identify you.
  • Basic page analytics: Pages visited, timestamps, and referrer information. This data is aggregated and anonymized.
  • Tool usage metadata: Which tools you use, query types (not the queries themselves for anonymous lookups), and timestamps.

Information We Do Not Collect

  • We do not use cookies, tracking pixels, or browser fingerprinting.
  • We do not use Google Analytics or any third-party analytics service.
  • We do not collect payment information through this website.

3. Why We Collect This Information

We collect personal information for the following purposes:

  • Provide security assessment services: To run breach checks, security scans, and threat lookups that you request.
  • Respond to inquiries: To reply to your contact form submissions and consultation requests.
  • Breach monitoring: If you opt in, to notify you of new data breaches affecting your email address.
  • Improve our tools: Aggregated, anonymized analytics help us understand which tools are most useful and how to improve them.
  • Security and abuse prevention: Hashed IPs help us detect and prevent abuse of our free tools (rate limiting).

4. How We Store and Protect Your Data

  • Canadian infrastructure: All data is processed and stored on servers located in Canada. We do not transfer your personal information outside of Canada for storage.
  • Encryption: Data is encrypted in transit (TLS 1.2+) and at rest on our servers.
  • Hashed IPs: IP addresses are hashed using a one-way algorithm before storage. We cannot reverse these hashes to identify individual users.
  • Access controls: Access to personal information is restricted to authorized personnel only.
  • No plaintext passwords: We never store, transmit, or have access to your passwords. Breach scanner results come from third-party breach databases and contain only metadata about breaches, not actual credentials.

5. How Long We Retain Your Data

  • Analytics data (hashed IPs, page views): Retained for 90 days, then automatically deleted.
  • Tool results cache: Cached for 24 hours to improve performance, then automatically purged.
  • Contact form submissions: Retained until your inquiry is resolved, then for up to 12 months for follow-up purposes.
  • Breach monitoring emails: Retained for as long as you remain opted in. You can opt out at any time by contacting us.
  • Security Score reports: Retained for 30 days for your reference, then deleted.

6. Third-Party Services

When you use our tools, we query the following third-party threat intelligence services on your behalf:

  • Shodan (shodan.io) — For IP address and port scanning data
  • VirusTotal (virustotal.com, operated by Google) — For malware and reputation analysis
  • GreyNoise (greynoise.io) — For IP classification and noise analysis
  • abuse.ch (ThreatFox, MalwareBazaar, URLhaus) — For threat intelligence data

When you submit a query through our tools, the indicator (IP, domain, or hash) is sent to these services via their APIs. These services have their own privacy policies governing how they handle the data. We do not send your personal information (name, email) to these services — only the indicator you chose to look up.

We do not sell, rent, or share your personal information with any third party for marketing or advertising purposes.

7. Cookies

Bedrock Safeguard does not use cookies. Our website operates entirely cookie-free. We use privacy-respecting, server-side analytics that do not require cookies, tracking pixels, or browser fingerprinting. No consent banner is needed because there are no cookies to consent to.

8. Your Rights

Under PIPEDA and applicable Canadian privacy law, you have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of any inaccurate personal information.
  • Deletion: Request deletion of your personal information from our systems.
  • Withdraw consent: Withdraw your consent for breach monitoring or other optional data processing at any time.
  • Complaint: File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

To exercise any of these rights, contact us at mike@bedrocksafe.ca. We will respond to all privacy requests within 30 days.

9. PIPEDA Compliance

Bedrock Safeguard Inc. complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal privacy law governing the collection, use, and disclosure of personal information by private-sector organizations.

We adhere to the 10 fair information principles set out in Schedule 1 of PIPEDA:

  • Accountability: Mike Heintzman, CEO, is accountable for compliance with these principles.
  • Identifying Purposes: We identify the purposes for which personal information is collected at or before the time of collection.
  • Consent: We obtain meaningful consent for the collection, use, and disclosure of personal information.
  • Limiting Collection: We limit collection to what is necessary for identified purposes.
  • Limiting Use, Disclosure, and Retention: Personal information is used only for stated purposes and retained only as long as necessary.
  • Accuracy: We keep personal information as accurate, complete, and up-to-date as necessary.
  • Safeguards: We protect personal information with security safeguards appropriate to the sensitivity of the information.
  • Openness: This privacy policy makes our practices readily available.
  • Individual Access: You can request access to your personal information.
  • Challenging Compliance: You can challenge our compliance by contacting us directly or the Office of the Privacy Commissioner.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically. Continued use of our website and tools after changes constitutes acceptance of the updated policy.

11. Contact for Privacy Inquiries

If you have any questions, concerns, or requests regarding this privacy policy or our data handling practices, please contact:

Mike Heintzman
Privacy Officer, Bedrock Safeguard Inc.
Email: mike@bedrocksafe.ca
Location: Ontario, Canada

You may also contact the Office of the Privacy Commissioner of Canada if you have concerns about how your personal information is being handled.

Last updated: April 10, 2026