Effective Date: April 4, 2026
This Privacy Policy explains how DoAllFloors ("DoAllFloors", "we", "us", or "our") collects, uses, discloses, and protects personal information in connection with our marketing website at https://doallfloors.com, our software-as-a-service application at https://app.doallfloors.com (the "Service"), and any related services.
DoAllFloors is a Canadian business. This Policy is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. If you are located outside Canada, additional terms may apply as described below.
DoAllFloors operates DoAllFloors, a business management platform built for flooring contractors.
Registered address: 435 Dewdney Avenue, Regina, Saskatchewan, Canada, S4N 0G1
Privacy contact (Privacy Officer): info@doallfloors.com
Website: https://doallfloors.com
This Policy covers personal information processed in two distinct contexts:
Marketing Website Visitors & Prospects. Individuals who visit our marketing website, submit contact or beta signup forms, or otherwise communicate with us.
Service Users. Employees, contractors, and administrators of flooring businesses that subscribe to DoAllFloors (each a "Customer"), as well as individuals (such as homeowners, project contacts, and suppliers) whose information Customers enter into the Service.
Where a Customer uploads or inputs personal information about third parties (for example, their own customers, leads, employees, or vendors), the Customer is the "controller" of that information and we act as a "processor" or "service provider" on the Customer's behalf. Our handling of that information is governed by our agreement with the Customer (including our Data Processing Addendum). Individuals with questions about information in a Customer account should contact that Customer directly in the first instance.
When you submit our contact form or beta signup form we collect:
First and last name
Email address
Company name
Phone number (beta signup only)
Team/installer size (beta signup only)
Topic and free-text message content
This information is transmitted via our email delivery provider (Resend) and delivered to our internal inbox.
When you create an account or use the Service, we collect account and profile information, including:
Name, email address, and phone number
Hashed password and authentication tokens (we never store passwords in plain text)
Role within your organization (e.g., admin, salesperson, installer)
Avatar image (if uploaded)
Notification and dashboard preferences
Login timestamps and session metadata
The Service is designed for flooring contractors to run their businesses. Customers may enter or upload content that includes personal information about themselves and about third parties, such as:
CRM contacts (first name, last name, email, phone, mobile, mailing address, city, province, postal code, notes, tags)
Opportunities, activities, calls, emails, meetings, site visits, and notes
Floor plans, room drawings, material selections, quotes, change orders, and invoices
Photos uploaded from job sites
Timesheet entries (installer clock-in/clock-out times, break minutes, notes, and approval history)
Warehouse, staging, purchase order, and vendor records
Documents shared through the Service
If a Customer connects a third-party integration, we process the data exchanged with that integration. Current integrations include:
QuickBooks Online (Intuit) — we store encrypted OAuth access and refresh tokens and exchange customers, invoices, vendors, purchase orders, and products with your QBO company file. Your use of QuickBooks Online is governed by Intuit's own terms and privacy policy.
Email delivery (Resend) — transactional and notification emails are sent via our email provider.
Claude / Anthropic (optional AI assistant) — if a Customer enables the Claude MCP integration, specific Service data requested by an authorized user may be sent to Anthropic to generate answers. Anthropic processes this data under its own terms; we do not allow third-party AI providers to train their models on Customer content.
When you use our website or Service we automatically collect limited technical information:
IP address and approximate location (derived from IP)
Browser type, operating system, device identifiers
Pages visited, referring URLs, and timestamps
Error logs and diagnostic data
Authentication and refresh token metadata (for session management and security)
We do not knowingly collect:
Payment card numbers on our website or in the Service (payments, when applicable post-beta, will be handled by a third-party payment processor)
Government-issued identification numbers
Health information
Precise GPS coordinates (timesheet entries record time and notes, not location data, unless the Customer explicitly enables a feature that does so)
Personal information from children under 16
We use personal information for the following purposes, each with a lawful basis under PIPEDA and, where applicable, other laws:
To provide, operate, secure, and maintain the Service (performance of contract)
To authenticate users, manage sessions, and prevent unauthorized access (legitimate interest / security)
To respond to contact form submissions, beta signup requests, and support inquiries (legitimate interest / to take steps at your request)
To send transactional and service notifications (performance of contract)
To improve, debug, and develop new Service features (legitimate interest)
To comply with legal, tax, and regulatory obligations (legal obligation)
To enforce our Terms of Service and protect the rights, property, and safety of DoAllFloors, our Customers, and others (legitimate interest)
With your consent, to send product updates, newsletters, or marketing communications (consent — you can unsubscribe at any time)
For individuals protected by laws that require a specific legal basis (such as the EU/UK GDPR or Quebec's Law 25), we rely on: performance of a contract, compliance with a legal obligation, consent, and our legitimate interests in operating and improving our business, as balanced against your rights.
We do not sell personal information. We share personal information only as follows:
With our Customers. If you are an end user within a Customer's account, your activity, timesheets, content, and profile are visible to that Customer's administrators.
With service providers (sub-processors). We use carefully selected vendors to host and operate the Service. Current sub-processors include: [Railway] (application hosting), [PostgreSQL database provider], [Resend] (email delivery), [Intuit QuickBooks Online] (financial sync, only if connected by the Customer), and [Anthropic] (AI assistant, only if enabled). An up-to-date list is available on request.
For legal reasons. We may disclose personal information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
In a business transaction. If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred as part of that transaction, subject to continued protection.
With your consent. We may share information for any other purpose disclosed to you with your consent.
Our infrastructure providers may store and process information in Canada and the United States. When we transfer personal information outside your jurisdiction, we rely on contractual safeguards with our service providers to protect it. Personal information processed outside Canada may be subject to the laws of those jurisdictions, including lawful access by foreign governments.
We retain personal information only as long as necessary to fulfill the purposes for which it was collected, including to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.
Account and profile data: retained for the duration of the subscription and for up to [90] days after termination, after which it is deleted or anonymized unless a longer period is required by law.
Customer content (CRM, projects, quotes, invoices, photos, documents, timesheets): retained for the duration of the subscription. Customers can export or request deletion at any time, subject to the retention provisions of their subscription agreement.
Marketing form submissions: retained for up to [24] months unless you request earlier deletion.
Security, audit, and backup logs: retained for up to [12] months.
Financial records (invoices, tax data): retained for [7] years as required by Canadian tax law.
We take reasonable technical and organizational measures to protect personal information, including:
Encryption of data in transit (HTTPS/TLS) and at rest for sensitive fields, including encryption of QuickBooks OAuth tokens
Password hashing using industry-standard algorithms (passwords are never stored in plain text)
Role-based access control, with separation of duties between administrators, salespeople, installers, and warehouse roles
Refresh token rotation and server-side session revocation
Audit logging of sensitive actions
Regular security updates to our software and dependencies
No system is perfectly secure. If we become aware of a breach of security that creates a real risk of significant harm to affected individuals, we will notify them and the Office of the Privacy Commissioner of Canada (and other authorities where required by law) without unreasonable delay.
Subject to applicable law, you have the right to:
Access the personal information we hold about you
Correct inaccurate or incomplete information
Withdraw consent (where we rely on consent), subject to legal or contractual restrictions
Request deletion of your personal information
Request a copy of your information in a portable format
Lodge a complaint with the Office of the Privacy Commissioner of Canada (www.priv.gc.ca) or, for Quebec residents, the Commission d'accès à l'information
To exercise any of these rights, contact us at info@doallfloors.com. If your information is stored in a Customer's account, please contact that Customer directly; we will support them in responding to your request.
Our website and Service use cookies and similar technologies for essential functionality (authentication, session management, security), preferences, and basic analytics. We use strictly necessary cookies without prior consent, and will request consent for any non-essential cookies where required by law. You can control cookies through your browser settings.
The Service is not directed to individuals under 16 and we do not knowingly collect personal information from children. If we learn we have collected information from a child under 16 without appropriate consent, we will delete it.
We do not make decisions with legal or similarly significant effects based solely on automated processing of your personal information. If a Customer enables the optional Claude (Anthropic) AI assistant, that assistant can answer questions about Service data when requested by an authorized user; it does not make autonomous decisions about you.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Effective Date" at the top of this Policy and, where appropriate, by additional notice (such as a banner on the website or an email). Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
If you have any questions, concerns, or complaints about this Policy or our privacy practices, please contact our Privacy Officer:
Email: info@doallfloors.com
Mail: DoAllFloors, 435 Dewdney Avenue, Regina, Saskatchewan, Canada, S4N 0G1
We will respond to your inquiry in accordance with applicable law, typically within 30 days.