Privacy Policy — Miskulin Technologies

1 Introduction

Miskulin Technologies ("we," "us," or "our") operates a multi-vertical software-as-a-service (SaaS) platform serving businesses across North America. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use our websites, applications, and related services (collectively, the "Services").

Our Services include, but are not limited to, industry-specific platforms such as TillTrack (agriculture), FreytHub (fleet management), CrewVault (field service), WardPulse (nursing and healthcare), OreSync (mining), ClosingDesk (real estate), BudLedger (cannabis compliance), and additional vertical solutions. Each platform may collect information specific to its industry requirements.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, you must discontinue use of our Services.

2 Information We Collect

2.1 Account Information

When you create an account or register for our Services, we collect:

Full name and business name
Email address and phone number
Business address and jurisdiction
Job title, role, and department
Authentication credentials (passwords are stored using industry-standard hashing)
Billing information (processed through our secure third-party payment processor)

2.2 Usage Data

We automatically collect information about your interactions with our Services, including:

Pages and features accessed, along with frequency and duration of use
Actions taken within the platform (such as records created, reports generated, and workflows completed)
Search queries entered within the Services
Error logs and performance data
Referral URLs and navigation paths
Timestamps and session identifiers

2.3 Device and Technical Information

We collect technical information about the devices and systems you use to access our Services:

IP address and approximate geographic location
Browser type, version, and language preferences
Operating system and device type
Screen resolution and viewport dimensions
Time zone and locale settings

2.4 Industry-Specific Data

Depending on the vertical platform you use, we may collect and process additional categories of data. This includes, but is not limited to, agricultural records, fleet and vehicle data, field service reports, patient or client health information, mining operational records, real estate transaction data, and regulated cannabis compliance records. Please refer to Sections 8 and 9 for details on health and cannabis data.

3 How We Use Your Data

We use the information we collect for the following purposes:

3.1 Service Delivery

Providing, operating, and maintaining our platform and Services
Processing transactions and managing your account
Authenticating users and enforcing role-based access controls
Delivering industry-specific features, workflows, and compliance tools
Providing customer support and responding to inquiries

3.2 Service Improvement

Analyzing usage patterns to improve platform performance and user experience
Identifying and resolving technical issues, bugs, and errors
Developing new features and platform capabilities
Conducting internal research and analytics

3.3 Communications

Sending account-related notifications (password resets, security alerts, billing reminders)
Providing platform updates, release notes, and feature announcements
Delivering marketing communications (with your consent and opt-out available)
Responding to your requests and support tickets

3.4 Safety and Compliance

Detecting, preventing, and addressing fraud, abuse, and security threats
Complying with applicable laws, regulations, and legal processes
Enforcing our Terms of Service and other agreements
Protecting the rights, property, and safety of Miskulin Technologies, our users, and the public

4 Data Sharing & Disclosure

Our Commitment

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not share your data with advertisers or data brokers.

We may share personal information only in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our platform, including cloud hosting providers, payment processors, email delivery services, and analytics tools. These providers are contractually obligated to use your data only to provide services to us and to maintain appropriate security measures.

4.2 Legal Requirements

We may disclose personal information if required to do so by law or in response to valid legal process, including court orders, subpoenas, or government requests. We will notify you of such requests where legally permitted.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify affected users before personal information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information for any other purpose disclosed to you at the time we collect it, or with your explicit consent.

5 Data Security

We implement robust technical and organizational security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption.
Access Controls: We employ role-based access controls (RBAC) and the principle of least privilege to limit access to personal information to authorized personnel only.
Authentication: We support multi-factor authentication (MFA) and use industry-standard password hashing algorithms.
Infrastructure Security: Our platform is hosted on enterprise-grade cloud infrastructure with SOC 2-compliant data centers, firewall protections, intrusion detection systems, and DDoS mitigation.
Regular Audits: We conduct periodic security assessments, vulnerability scans, and penetration tests to identify and remediate potential risks.
Incident Response: We maintain a formal incident response plan. In the event of a data breach, we will notify affected users and relevant authorities in compliance with applicable laws.

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining industry best practices.

6 PIPEDA Compliance (Canada)

Miskulin Technologies is headquartered in Saskatchewan, Canada, and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. Under PIPEDA, we uphold the following principles:

Accountability: We are responsible for personal information under our control and have designated a Privacy Officer to ensure compliance.
Identifying Purposes: We identify the purposes for which personal information is collected at or before the time of collection.
Consent: We obtain meaningful consent for the collection, use, and disclosure of personal information. You may withdraw consent at any time, subject to legal or contractual restrictions.
Limiting Collection: We limit the collection of personal information to what is necessary for the identified purposes.
Limiting Use, Disclosure, and Retention: We do not use or disclose personal information for purposes other than those for which it was collected, except with your consent or as required by law.
Accuracy: We take reasonable steps to ensure that personal information is accurate, complete, and up-to-date.
Safeguards: We protect personal information with security safeguards appropriate to the sensitivity of the data.
Openness: We make information about our privacy policies and practices readily available.
Individual Access: Upon request, we will inform you of the existence, use, and disclosure of your personal information and provide you access to that information. You have the right to challenge the accuracy and completeness of the data.
Challenging Compliance: You may challenge our compliance with these principles by contacting our Privacy Officer at the email address listed in Section 14.

7 US State Privacy Laws

For users located in the United States, we comply with applicable state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and similar legislation in other states.

7.1 Your Rights Under US State Laws

Depending on your state of residence, you may have the following rights:

Right to Know: The right to request information about the categories and specific pieces of personal information we have collected about you.
Right to Delete: The right to request the deletion of personal information we have collected, subject to certain exceptions.
Right to Correct: The right to request correction of inaccurate personal information.
Right to Opt-Out: The right to opt out of the sale or sharing of personal information. We do not sell your personal information.
Right to Non-Discrimination: The right not to be discriminated against for exercising your privacy rights.

7.2 Exercising Your Rights

To exercise any of these rights, please submit a request to investor@miskulintechnologies.com. We will verify your identity before processing your request and respond within the timeframe required by applicable law (typically 30 to 45 days).

8 Health Data (HIPAA/PHIPA)

Applies to WardPulse & WellnessIQ

This section applies specifically to health-related data processed through our WardPulse (nursing and healthcare) and WellnessIQ (wellness management) platforms.

Where our Services involve the collection, storage, or processing of Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA) in the United States, or Personal Health Information as defined by the Personal Health Information Protection Act (PHIPA) in Ontario, Canada, and equivalent provincial legislation, we implement the following additional safeguards:

Business Associate Agreements (BAAs): We enter into BAAs with covered entities where required, ensuring that PHI is handled in accordance with HIPAA regulations.
Enhanced Access Controls: Access to health data is restricted to authorized healthcare professionals and platform administrators with a legitimate need-to-know basis.
Audit Logging: All access to and modifications of health data are logged with timestamps, user identifiers, and action descriptions for audit trail purposes.
Data Minimization: We collect only the minimum necessary health information required to provide our Services.
Breach Notification: In the event of a breach involving PHI, we will notify affected individuals and the applicable regulatory authorities (including the U.S. Department of Health and Human Services) within the timeframes mandated by HIPAA and PHIPA.
De-identification: Where feasible, we use de-identified or anonymized health data for analytics and service improvement purposes.

Healthcare organizations using WardPulse or WellnessIQ are responsible for ensuring that their use of the platform complies with their own regulatory obligations. We provide the tools and infrastructure to support compliance, but ultimate responsibility for compliance with healthcare regulations rests with the covered entity.

9 Cannabis Data (Regulatory)

Applies to BudLedger

This section applies specifically to cannabis compliance data processed through our BudLedger platform.

Our BudLedger platform processes data subject to cannabis regulatory frameworks in Canada (under the Cannabis Act and provincial regulations) and in US states where cannabis operations are licensed. We implement the following protections for cannabis-related data:

Regulatory Compliance: We design our platform to support compliance with Health Canada reporting requirements, provincial licensing regulations, and applicable US state cannabis regulatory frameworks.
Seed-to-Sale Tracking: Data related to cultivation, processing, inventory, and point-of-sale is handled in accordance with regulatory requirements for traceability and auditability.
Restricted Access: Cannabis compliance data is accessible only to authorized personnel with appropriate licensing credentials and role-based permissions.
Data Retention: Cannabis data is retained in compliance with the minimum retention periods mandated by applicable cannabis regulations, which typically require retention for a minimum of two to seven years depending on jurisdiction.
Government Reporting: We may facilitate the transmission of required regulatory reports to government authorities on behalf of our clients, in accordance with applicable regulations and with client authorization.

10 Cookies & Tracking

We use cookies and similar tracking technologies to operate, enhance, and analyze our Services. The types of cookies we use include:

Strictly Necessary Cookies: Essential for the operation of our Services, including authentication, session management, and security features. These cookies cannot be disabled.
Functional Cookies: Used to remember your preferences, settings, and choices (such as language and display preferences) to enhance your experience.
Analytics Cookies: Used to collect aggregated, anonymized usage data to help us understand how our Services are used and to improve performance and functionality.

We do not use advertising or third-party marketing cookies. We do not participate in cross-site tracking or targeted advertising programs.

You can manage cookie preferences through your browser settings. Disabling certain cookies may limit the functionality of our Services. For more details, please see our Cookie Policy.

11 Data Retention & Deletion

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, to provide our Services, to comply with our legal obligations, and to resolve disputes. Specific retention periods are as follows:

Account Data: Retained for the duration of your account, plus a reasonable period after account closure (typically 90 days) to allow for reactivation or dispute resolution.
Usage Data: Retained in identifiable form for up to 24 months, after which it is anonymized or deleted.
Billing Data: Retained for a minimum of 7 years as required by Canadian and US tax and financial regulations.
Industry-Regulated Data: Retained in accordance with the specific regulatory requirements applicable to the relevant industry vertical (see Sections 8 and 9).
Support and Communication Data: Retained for up to 3 years after last contact for quality assurance and dispute resolution purposes.

You may request the deletion of your personal information at any time by contacting us at investor@miskulintechnologies.com. We will process deletion requests in accordance with applicable laws. Certain data may be retained where we have a legitimate legal basis, such as compliance with regulatory obligations or the establishment, exercise, or defense of legal claims.

12 Children's Privacy

Our Services are designed for use by businesses and their authorized employees. We do not knowingly collect personal information from individuals under the age of 18. Our Services are not intended for use by minors.

If we become aware that we have inadvertently collected personal information from an individual under the age of 18, we will take prompt steps to delete such information from our systems. If you believe that we may have collected information from a minor, please contact us immediately at investor@miskulintechnologies.com.

13 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Post the revised policy on our website
Send an email notification to registered users for material changes that significantly affect how we handle personal information
Where required by law, obtain your consent before applying material changes to the processing of your personal information

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Services after changes are posted constitutes your acknowledgment and acceptance of the updated policy.

14 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Miskulin Technologies — Privacy Office

Email: investor@miskulintechnologies.com
Address: Saskatchewan, Canada
Website: miskulintechnologies.com

We will acknowledge receipt of your inquiry within 5 business days and aim to provide a substantive response within 30 calendar days, or as otherwise required by applicable law.

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada (for PIPEDA matters), the applicable provincial privacy authority, or the relevant US state attorney general or privacy regulator.