We have stashed various legal bits here so they can be found. Yay! But fear not for we have avoided legalese on this page.
We only collect what information is necessary for the provision of services to our customers. This will normally be the customer's name, contact details, and billing information. It may also include shipping information should physical items be involved. This basic customer information may be retained indefinitely as part of our business records. Additional information may be required for provision of specific services. Such information will only be retained as long as it is required for provision of those services.
Regardless what information we collect, we never share it with third parties except as required by law or as required to provide contracted services. This could, for example, be providing contact information to a domain registry or hosting provider when acting as your agent. We will be as transparent as possible about what we share, with who, and why.
In particular, it is worth noting that we will never sell our customer information to third parties.
Naturally, any non-disclosure agreements, contractual obligations, or legal obligations may supersede this general statement.
Any inquiries about our policies or your data can be directed to firstname.lastname@example.org.
Are we compliant with the GDPR? Maybe. Or Maybe not. We also don't particularly care if we are or not. As it stands, none of our customers are from the EU and we are not located in an EU country. Quite frankly, figuring out whether we comply with some foreign power's bureaucratic requirements isn't worth our time. Remember that regardless what the GDPR says, us doing business with an EU citizen doesn't magically make us subject to EU jurisdiction.
That does not mean we don't care about your privacy. See the above section on privacy and how to contact us. However, don't start your conversation demanding things under the GDPR. All that will do is frame things adversarially and make a constructive resolution far less likely.
Perhaps there is a treaty in force that provides the ability to enforce GDPR compliance. If so, and if you think you have a complaint about violation of the GDPR, be our guest to initiate whatever procedings you believe are appropriate. Remember, however, that you will need to convince a Canadian court with appropriate jurisdiction to enforce whatever judgement you obtain. If you do not do so, your demands will be ignored.