Privacy policy.

1. Who we are

Dual A Solutions Inc. ("Dual A", "we", "us") is a Toronto based software company. We operate a data orchestration and attribution platform for multi location restaurant app operators. Our registered office is in Toronto, Ontario, Canada.

2. What we collect

• Contact data you submit through forms, email, or calls: name, business email, company, role, and any context you share in the message.
• Technical data about your visit: IP address, device and browser type, pages viewed, referrer, and timestamps.
• Operator data your team authorises us to process under a signed engagement agreement: POS events, campaign metadata, loyalty events, and webhook payloads. That data stays under your control and is governed by the DPA attached to your contract.

3. How we use it

• To respond to audit requests, demos, and support enquiries.
• To deliver the services agreed in an active contract.
• To understand how the public site is used, in aggregate, so we can improve it.
• To keep financial, tax, and compliance records as required by law.

4. Legal basis

For public site visitors we rely on your consent (PIPEDA implied or express, depending on context) and our legitimate interest in operating the site. For customer engagements we rely on the contract between you and Dual A. We do not sell personal information.

5. Cookies

Essential cookies keep the site working. Analytics and marketing cookies only load after you accept them through the banner or the cookie preferences link in the footer. You can change your choice at any time. Details of each cookie category are on the preferences modal.

6. Data residency & storage

Primary storage sits in Canada (AWS ca-central-1). Edge delivery and observability may route through global regions, but raw operator data does not leave Canada without an executed cross border data transfer agreement.

7. Sharing & subprocessors

We share information only with vetted subprocessors that support our operations (compute, email, observability, payments). The current list is maintained on the Security page. We do not share personal data for advertising, nor do we allow subprocessors to use your data for their own purposes.

8. Retention

Contact submissions are retained for 24 months after our last interaction. Operator data retention follows the contract. Financial records follow the statutory 7 year minimum for Canadian tax law.

9. Your rights

Under PIPEDA and equivalent laws you can request access to, correction of, or deletion of your personal information. Email privacy@dualasolutions.com and we will respond within 30 days.

10. CASL (electronic communications)

If you email us, fill in a form, or request an audit, you consent to transactional replies directly related to that enquiry. We do not add you to a marketing list without a separate express opt in. Every marketing email will carry an unsubscribe link and our physical mailing address, per CASL.

11. Security

Encryption in transit (TLS 1.3) and at rest (AES 256 GCM), per tenant envelope encryption, row level security in our databases, MFA for staff, and short lived production credentials. More detail on the Security page.

12. Changes to this policy

We update this policy when our practices change. Material changes are announced on this page with a new effective date.

13. Contact

Privacy questions: privacy@dualasolutions.com. General contact: hello@dualasolutions.com. Mail: Dual A Solutions Inc., Toronto, Ontario, Canada. Under PIPEDA you may also contact the Office of the Privacy Commissioner of Canada if you feel we have not addressed a concern adequately.