1. Who We Are

Island Workflow provides workflow, automation, website, ecommerce, AI assistant, and related business services. In this policy, “Island Workflow,” “we,” “us,” and “our” refer to Island Workflow and the services we provide through islandworkflow.ca, our online store, contact channels, client onboarding, support work, and connected applications, including any LinkedIn application we operate.

For privacy questions or requests, contact our privacy officer at [email protected].

2. What This Policy Covers

This policy explains how we collect, use, disclose, retain, safeguard, and dispose of personal information when you visit our website, contact us, purchase or inquire about a product or service, participate in a readiness session, receive support, connect a third-party account, or use an Island Workflow application.

This policy does not apply to third-party websites or services that we do not control. When you use platforms such as LinkedIn, WooCommerce payment providers, email providers, analytics providers, hosting providers, Twilio, Telnyx, or other tools, their own privacy terms may also apply.

3. Personal Information We Collect

Depending on how you interact with us, we may collect:

• Contact information, such as name, business name, email address, phone number, mailing or billing address, and role or title.
• Account and order information, such as WooCommerce account details, product selections, invoices, transaction records, support history, and communications about purchases.
• Workflow and business information, such as tools used, lead sources, forms, call or message examples, FAQs, documents, calendars, CRM fields, approval rules, and operational notes shared for a readiness session, build, or support engagement.
• Technical information, such as IP address, browser type, device information, pages visited, referring URLs, cookie identifiers, logs, and approximate location inferred from technical data.
• LinkedIn application information, if you authorize our LinkedIn app, such as your LinkedIn member identifier, name, profile information, email address, organization or page information, permissions granted, access tokens, refresh tokens, and usage logs, depending on the permissions you approve and LinkedIn makes available.
• Communications, such as emails, form submissions, meeting notes, support requests, chat messages, attachments, call summaries, and feedback.

We do not intentionally collect sensitive personal information unless it is necessary for a specific service you request or you choose to provide it. Please do not send sensitive information unless we have agreed it is needed and have confirmed an appropriate handling process.

4. How We Collect Information

We collect information directly from you, from your authorized representatives, through forms and checkout pages, during meetings and support work, through files or systems you choose to connect, through cookies and similar technologies, and through third-party platforms when you authorize a connection or when they provide information needed to deliver a service.

5. Why We Use Personal Information

We use personal information for reasonable business purposes, including to:

• Respond to inquiries and provide quotes, readiness sessions, builds, support, and related services.
• Set up, operate, troubleshoot, secure, and improve websites, ecommerce, workflow systems, AI assistants, integrations, and applications.
• Process orders, payments, refunds, invoices, tax records, and customer accounts.
• Configure approved workflows, knowledge bases, integrations, reporting, reminders, and human-review rules.
• Operate a LinkedIn application after you authorize access, including authentication, requested app functions, permission management, diagnostics, and compliance with platform terms.
• Communicate about services, support, updates, security, billing, policy changes, and administrative matters.
• Maintain records, prevent fraud or misuse, enforce agreements, protect systems, and comply with legal or regulatory obligations.

We limit collection, use, and disclosure to what is reasonably necessary for the identified purpose, unless you consent to another use or the law allows or requires it.

6. Consent and Your Choices

By using our website, submitting information, purchasing services, connecting an account, or authorizing an application, you consent to the handling of personal information described in this policy. You may withdraw consent where legally permitted, but doing so may limit our ability to provide certain services.

You can control cookies through your browser settings. You can revoke LinkedIn application access through LinkedIn’s account settings or by contacting us. You can unsubscribe from non-essential marketing emails using the unsubscribe link where provided or by contacting us.

7. LinkedIn Application Data

If you connect a LinkedIn account or authorize an Island Workflow LinkedIn application, we only request permissions needed for the app’s stated purpose. We use LinkedIn data to provide the functions you requested, maintain the integration, troubleshoot issues, keep security and compliance records, and meet LinkedIn platform requirements.

We do not sell LinkedIn member data. We do not use LinkedIn data for unrelated advertising or profiling unless you have clearly authorized that use and the platform permits it. We do not disclose LinkedIn data except to service providers working on our behalf, as needed to provide the app, as required by law, or with your consent.

If you revoke access or request deletion, we will delete or de-identify LinkedIn data that is no longer required, subject to legal, security, audit, billing, backup, and dispute-resolution retention needs.

8. AI and Automation

Island Workflow may use AI tools to help draft, summarize, route, classify, document, or support workflows. We design client workflows with human-review boundaries, especially for legal, financial, emergency, medical, regulated-product, tenant, bylaw, quote, project, or other sensitive decisions.

When client information is processed through third-party AI or automation providers, we use it only for the agreed service purpose and apply reasonable safeguards and access controls. We do not intentionally use client confidential information to train public AI models unless expressly agreed in writing.

9. Cookies, Analytics, and Similar Technologies

Our website may use cookies, analytics, logs, ecommerce session tools, security tools, and similar technologies to operate the site, remember preferences, support checkout, understand site performance, prevent abuse, and improve services. You may disable cookies in your browser, but some website or checkout features may not work properly.

10. Payment and Ecommerce Information

Purchases may be processed through WooCommerce and third-party payment providers. We may receive order, billing, shipping, product, tax, status, and transaction information needed to complete and support the purchase. Payment card or payment account information is handled by the payment provider according to its own terms and security practices.

11. When We Share Information

We may share personal information with:

• Service providers that help us operate hosting, email, forms, ecommerce, payments, analytics, security, backups, communications, AI tools, automation tools, SMS/voice providers, CRM, project management, and support systems.
• Client-approved platforms and integrations needed to deliver a workflow or application.
• Professional advisors, insurers, auditors, or legal representatives when reasonably necessary.
• Authorities, regulators, courts, or other parties when required or permitted by law.
• A successor organization if our business is sold, merged, reorganized, or transferred, subject to appropriate confidentiality and legal safeguards.

We require service providers to use information only for the work they perform for us and to apply reasonable safeguards appropriate to the information and service.

12. Storage and Cross-Border Processing

Personal information may be stored or processed in Canada, the United States, or other jurisdictions where we or our service providers operate. Information processed outside your province or country may be subject to the laws of that jurisdiction, including lawful access requests by courts, law enforcement, or government authorities.

13. Retention and Disposal

We keep personal information only as long as reasonably necessary for the purposes described in this policy, including providing services, maintaining records, resolving disputes, meeting legal or tax obligations, enforcing agreements, maintaining security, and supporting backups. When information is no longer required, we delete, de-identify, overwrite, or securely dispose of it using reasonable methods.

14. Safeguards

We use reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the information, such as access limits, authentication, secure configuration, provider controls, backups, and operational security practices. No system is perfectly secure, so we cannot guarantee absolute security.

15. Access, Correction, and Deletion Requests

You may request access to personal information we hold about you, ask us to correct inaccurate information, withdraw consent where legally permitted, or request deletion of information that is no longer required. We may need to verify your identity before responding. We may decline or limit a request where the law permits or requires, such as where information relates to another person, legal privilege, security, fraud prevention, tax records, billing records, backups, or an active dispute.

To make a request, contact [email protected].

16. Children

Our services are intended for businesses and adults. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will take reasonable steps to delete it where appropriate.

17. Changes to This Policy

We may update this policy from time to time. The effective date above shows when this version took effect. Material changes will be posted on this page, and where appropriate we may provide additional notice.

18. Contact and Complaints

If you have questions, concerns, or complaints about how Island Workflow handles personal information, contact us at [email protected]. We will review and respond within a reasonable time.

If you are not satisfied with our response, you may contact the privacy regulator that applies to your situation, such as the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia.