Privacy Policy

1. Introduction

Mendly ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what information we collect, how we use and share it, and the choices you have about your information. It applies to all users of mendly.ca and any associated Mendly applications (together, the "Platform").

This Policy is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c. 5) and applicable Nova Scotia privacy legislation, including the Freedom of Information and Protection of Privacy Act (FOIPOP) and the Personal Health Information Act where relevant. Marketing electronic communications are also subject to Canada's Anti-Spam Legislation (CASL, S.C. 2010, c. 23). By using the Platform, you consent to the practices described in this Policy.

2. Information We Collect

2.1 Information You Provide

• Account information: full name, email address, phone number, and profile photo.
• Service address and property details when booking.
• Job descriptions, photos, and notes submitted with bookings or service requests.
• Messages you send through the Platform's messaging system.
• Ratings and review text you submit.
• Pro applicants only: government-issued ID, trade licence numbers, insurance certificates, and RCMP criminal record check results.

2.2 Information We Collect Automatically

• Device type, operating system, and browser.
• IP address and approximate geographic location.
• Pages visited, features used, and session duration.
• Booking activity including searches, profile views, and completed bookings.

Payment information: Card numbers and CVV codes are entered directly into our payment processor's secure form and are never transmitted to or stored by Mendly's servers. We receive only a payment token and the last four digits of your card for display purposes.

3. How We Use Your Information

We use your information to:

• Create and manage your account.
• Facilitate bookings between Customers and Pros.
• Process payments and issue invoices.
• Verify Pro identities, trade licences, insurance, and criminal record status.
• Send booking confirmations, reminders, and receipts by email.
• Send service and account notifications through the Platform.
• Respond to support requests and resolve disputes.
• Enforce our Terms of Service and Safety standards.
• Analyse aggregate, anonymised usage data to improve the Platform.

We do not use your personal information for third-party advertising, and we do not sell or rent your personal information to any third party.

4. How We Share Information

4.1 Between Customers and Pros

When a booking is confirmed, we share the following with the assigned Pro: your first name, the service address, the scheduled date and time, and the job description. We do not share your email address, phone number, full last name, or payment details. All pre-booking communication between Customers and Pros happens through the Platform's messaging system, which protects both parties' direct contact information.

4.2 Service Providers

We share information with trusted third-party providers who help us operate the Platform:

• Payment processing — our payment partner handles card transactions. They are PCI DSS Level 1 certified and are not permitted to use your payment data for any other purpose.
• Database and hosting infrastructure — our servers store Platform data. Infrastructure is located in Canada or the United States under data processing agreements.
• Background check provider — our accredited screening partner conducts RCMP criminal record checks on Pros. Mendly retains only pass/fail results and the date of completion; full check reports are not stored by Mendly.
• Email delivery — a third-party email service delivers transactional emails on our behalf.

All service providers are bound by data processing agreements and are not permitted to use your information for their own commercial purposes.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or if we reasonably believe disclosure is necessary to protect the safety of any person.

4.4 Business Transfers

If Mendly is acquired by or merged with another entity, your personal information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a materially different privacy policy.

5. Cookies & Tracking

We use cookies and similar technologies to keep you logged in and to understand how the Platform is used. Specifically:

• Session cookies — required to keep you logged in across pages. These are deleted when you close your browser.
• Preference cookies — used to remember your settings (e.g., search filters). These persist across sessions.
• Analytics — we may use anonymised analytics to understand Platform usage. This data is aggregated and cannot be used to identify you individually.

You can disable cookies in your browser settings. Disabling session cookies will prevent you from logging in. We do not use third-party advertising cookies.

6. Your Rights Under PIPEDA

Under the Personal Information Protection and Electronic Documents Act, you have the following rights:

• Access — request a copy of the personal information we hold about you.
• Correction — request correction of inaccurate or incomplete information.
• Withdrawal of consent — withdraw consent for non-essential uses of your information. Note that withdrawing consent for essential uses (such as sharing your address with a confirmed Pro) may prevent us from completing the service.
• Deletion — request deletion of your account and personal information, subject to our legal retention obligations (see Section 7).
• Complaint — file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca if you believe we have mishandled your information.

To exercise any of these rights, contact our Privacy Officer at hello@mendly.ca. We will respond within 30 days.

7. Data Retention

We retain your personal information for as long as your account is active, and for a reasonable period afterward in case of disputes or legal obligations. Specifically:

• Account information — retained while your account is active. Deleted within 30 days of account deletion, unless legally required to retain.
• Booking records — retained for 7 years to comply with Canadian tax and commercial record-keeping requirements.
• Messages — retained for 2 years after the related booking is completed.
• Pro credential records — retained for 3 years after a Pro's account is closed.

To request account deletion, email hello@mendly.ca.

8. Security

We implement industry-standard safeguards to protect your personal information:

• TLS encryption for all data transmitted between your browser and our servers.
• Encrypted storage for data at rest.
• Role-based access controls — employees access only the data necessary for their function.
• Regular security reviews and dependency updates.

No system is completely secure. If we become aware of a security breach that likely affects your personal information, we will notify you in accordance with applicable law.

9. Third-Party Links

The Platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites. This Policy applies only to information collected by Mendly through the Platform.

10. Children

The Platform is not directed at individuals under 18 years of age, and we do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from someone under 18, we will delete it promptly.

11. Changes to This Policy

We may update this Policy from time to time. We will notify registered users by email when material changes are made. The "Last updated" date at the top of this page indicates when the Policy was most recently revised. Continued use of the Platform after changes take effect constitutes your acceptance of the revised Policy.

12. Contact & Complaints

For privacy-related questions, access requests, or concerns, contact our Privacy Officer:

• Email: hello@mendly.ca
• Mailing address: Mendly, Halifax, Nova Scotia, Canada

If you are not satisfied with our response, you have several options for escalation depending on the nature of your concern:

• Federal — privacy: Office of the Privacy Commissioner of Canada, priv.gc.ca — for PIPEDA complaints involving private-sector handling of your personal information.
• Provincial — Nova Scotia: Office of the Information and Privacy Commissioner for Nova Scotia, oipc.novascotia.ca.
• Spam / unsolicited email: Canadian Radio-television and Telecommunications Commission (CRTC), fightspam.gc.ca — for CASL violations.