Privacy Policy

Effective Date: June 16, 2025 at 5:08 PM (America/Toronto)

Definitions

“Personal Information” means any information relating to an identified or identifiable natural person. “Processing” means any operation performed on Personal Information (collection, storage, use, disclosure, deletion, etc.). “Necessary Cookies” are strictly required for site functionality. “Analytics Cookies” are used to measure and improve performance. “Marketing Cookies” enable personalized advertising or promotions. “Consent” means a freely given, informed, specific, and unambiguous indication of a user’s wishes. “Member” refers to a Plain Harmony customer operating their own site via the Platform. “Visitor” refers to an end-user visiting Member sites or Platform pages.

Data Controller

MD79 Inc., incorporated in Quebec, Canada, is the data controller for personal data processed at the platform level (plainharmony.com and related services).

Scope

This Privacy Policy applies to MD79 Inc.’s processing of Personal Information in connection with the Plain Harmony SaaS platform (plainharmony.com and Member custom domains). Individual Members operate their own sites; for data collected directly by Member sites (e.g., newsletter subscriptions, service purchases), the Member typically acts as data controller. This policy governs MD79 Inc.’s role as controller or processor for platform-level functions and guidance on features affecting data handling.

Information We Collect

We collect various categories of Personal Information when you use the Platform or visit Member sites, including but not limited to:

  • Account & registration data: name, email address, billing details, language preference, authentication credentials (securely stored or via third-party OAuth), and related settings.
  • Usage data: pages and features accessed, timestamps, IP address, device/browser information, logs, performance metrics, error reports, and diagnostic data to maintain and improve services.
  • Payment and billing data: payment identifiers (e.g., Stripe customer ID), transaction history, billing address, invoicing information, collected when processing payments on behalf of Members or the Platform.
  • Cookie and tracking data: choices and preferences regarding Necessary, Analytics, and Marketing cookies as provided via consent interface; first-party and third-party cookie identifiers as enabled by your consent.
  • Newsletter subscription data: email address, subscription preferences, and consent records when you subscribe to newsletters on the Platform or Member sites.
  • Communications data: correspondence and support inquiries you send to us (via email, chat, or support forms), including any attachments or information you provide.
  • Support and feedback data: information volunteered when contacting support or providing feedback, to address issues and improve the Platform.

Cookies and Tracking

We use cookies and tracking technologies. Necessary Cookies are enabled by default; Analytics and Marketing Cookies require your explicit consent. You can manage or withdraw your consent at any time via the cookie preferences interface.

  • Necessary Cookies: strictly required for core functionality (e.g., authentication, session management, security features). These cannot be disabled via the consent interface without affecting basic operation.
  • Analytics Cookies: used to collect aggregated, anonymized data on usage patterns for performance monitoring, feature improvement, and troubleshooting. Activated only if you consent.
  • Marketing Cookies: used for personalized marketing, advertising, or remarketing via third-party services. Activated only if you consent.

You may change or withdraw your cookie preferences at any time via the cookie settings interface accessible on all pages.

How We Use Personal Information

We use Personal Information to:

  • Provide, operate, and maintain the Platform and related services.
  • Authenticate and manage user accounts.
  • Process payments, billing, and invoicing for Platform subscriptions and Member transactions.
  • Communicate account-related notifications, updates, and security alerts.
  • Provide customer support and respond to inquiries.
  • Analyze usage patterns, improve features, and develop new functionality.
  • Send newsletters or marketing communications only if you have opted in; transactional messages (e.g., password resets, billing notices) are sent as necessary.
  • Comply with legal obligations, protect rights, and defend against legal claims.

Sharing and Disclosure

We do not sell Personal Information. We may share Personal Information in the following circumstances:

  • With service providers and subprocessors under contract (e.g., payment processors, hosting providers, email delivery, analytics services) to perform services on our behalf.
  • With affiliates or subsidiaries of MD79 Inc. when necessary for Platform operations.
  • With Members when required to provide Member features (e.g., giving Member access to newsletter subscriber emails that you approved).
  • With legal authorities or third parties when required by law, regulation, legal process, or to protect rights, property, or safety of MD79 Inc., our users, or others.
  • In connection with a merger, acquisition, or sale of assets, provided that the acquirer agrees to maintain the confidentiality and use of Personal Information in accordance with this policy and applicable law.

Third-Party Services

The Platform or Member sites may integrate third-party services (e.g., payment gateways, analytics tools, marketing platforms). Those services may collect data under their own policies. We require such third parties to adhere to appropriate data protection standards and contractual obligations. Please review third parties’ privacy policies when using related features.

International Data Transfers

Personal Information may be transferred to, stored, and processed in jurisdictions outside your own (e.g., servers or service providers in other countries). We implement appropriate safeguards—such as Standard Contractual Clauses or equivalent measures—to ensure compliance with applicable data protection laws (e.g., GDPR, Loi 25, PIPEDA).

Security

We implement reasonable technical and organizational measures to protect Personal Information against unauthorized access, disclosure, alteration, or destruction (e.g., encryption in transit and at rest, access controls, regular security assessments). However, no security measure is perfect; while we strive to safeguard your data, we cannot guarantee absolute security. Report any suspected breach or vulnerability promptly to [email protected].

Data Retention

We retain Personal Information only as long as necessary to fulfill the purposes described (e.g., account management, legal obligations, dispute resolution). Specific retention periods:

  • Account data: retained while your account is active and for a period thereafter as required by law or legitimate business needs.
  • Cookie consent records: retained for at least the period required by applicable laws (e.g., GDPR/Loi 25: multiple years).
  • Billing and transaction records: retained as required by financial and tax regulations.
  • Support and communication records: retained for as long as needed for quality assurance and legal compliance.
After the retention period, Personal Information is securely deleted or anonymized.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Information:

  • Right of access: obtain confirmation and a copy of personal data we hold about you.
  • Right of rectification: correct inaccurate or incomplete personal data.
  • Right to deletion: request erasure of personal data when processing is no longer necessary or lawful basis no longer applies.
  • Right to data portability: receive your personal data in a structured, commonly used format and transfer it to another controller when technically feasible.
  • Right to withdraw consent: withdraw consent at any time for processing based on consent; withdrawal does not affect lawfulness of prior processing.
  • Right to object: object to processing based on legitimate interests or direct marketing.
  • Right to restriction of processing: request limited processing when accuracy is contested, processing is unlawful but you oppose deletion, or pending verification for portability.

To exercise these rights, contact us at [email protected]. We will verify your identity and respond within applicable legal timeframes. Certain jurisdictions may grant additional rights (e.g., right to de-indexation under Loi 25).

California Privacy Rights

If you are a California resident, you have specific rights under the CCPA/CPRA, including: right to know categories of personal data collected, right to request deletion, right to opt-out of sale of personal data (though we do not sell data), and right to non-discrimination for exercising these rights. To exercise rights, contact [email protected]. We do not sell personal data as defined under CCPA.