BLACKSTART is operated by C3K Solutions (Mannville, Alberta). This policy explains what personal information we collect, why we collect it, who we share it with, and your rights under Alberta’s Personal Information Protection Act (PIPA) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
When you submit the contact form at /contact, we collect and store the following in our database:
| Field | Why it’s collected |
|---|---|
| Name | To address you in follow-up correspondence |
| Email address | To respond to your inquiry and, if applicable, to grant subscriber access |
| Company | To understand your organization’s procurement context |
| Role / title | To tailor the response to your seniority and function |
| Interest level | To prioritize follow-up |
| HTTP referrer | To understand how you found us (populated automatically by your browser) |
| User agent string | Spam/bot filtering |
| Source path | Which page you submitted from, for internal analytics |
When C3K Solutions grants you subscriber access, a user account is created in our authentication provider (Supabase). The following information is stored:
| Field | Notes |
|---|---|
| Email address | Your login identifier; used to deliver magic links and account emails |
| Password | Stored as a bcrypt hash only — never in plaintext |
| Magic-link state | One-time token; invalidated immediately on first use |
subscription_status | active or inactive — controls access to the operator console |
granted_at | ISO timestamp of when access was granted |
granted_by | Email address of the admin who granted access (always jory@c3ksolutions.com) |
notes | Free-form audit note added by the admin (e.g. company name, billing reference, date) |
has_password | Boolean flag used to route first-time sign-in to the password-setup screen |
When you sign in, your authenticated session is stored as a JSON Web Token (JWT)
in your browser’s localStorage. This token is used to authenticate requests to
the BLACKSTART operator console and expires automatically. We do not use cookies for session management.
We do not set marketing cookies, ad-tracking pixels, or behavioural analytics scripts. We do not collect payment card details — billing is handled outside this platform via Stripe Invoicing or e-transfer.
We use personal information for the following purposes:
We do not use personal information for advertising, profiling, or sale to third parties.
We use the following third-party service providers. Each receives only the minimum data required to perform their function.
Authentication, database storage, and file storage are provided by Supabase, Inc. Your subscriber account data and contact-form submissions are stored on Supabase infrastructure hosted within the European Union. Supabase’s privacy practices are described at supabase.com/privacy. Supabase processes data under a Data Processing Agreement (DPA) that includes Standard Contractual Clauses for EU data transfers.
Transactional emails (magic links, access confirmations) are sent via Resend, Inc.
Resend receives your email address and the content of each transactional message.
Email is sent from the verified domain c3ksolutions.com.
Resend’s privacy policy is at resend.com/legal/privacy-policy.
This site is hosted on Cloudflare Pages and served through Cloudflare’s global edge network. Cloudflare processes your IP address and request metadata for routing, DDoS protection, and Web Application Firewall (WAF) purposes. Cloudflare may collect aggregate, anonymized traffic analytics. Cloudflare’s privacy policy is at cloudflare.com/privacypolicy.
This site loads typefaces from Google Fonts CDN (fonts.googleapis.com /
fonts.gstatic.com). When your browser fetches a font file, your IP address
is disclosed to Google. Google’s font service privacy practices are described at
developers.google.com/fonts/faq/privacy.
If this disclosure concerns you, you may use a browser extension that blocks Google Fonts
requests — the site remains fully functional.
| Data | Retention period |
|---|---|
| Contact form submissions | Retained indefinitely as a business record unless you request deletion. Deletion requests are honoured within 30 days. |
| Active subscriber accounts | Retained until you request account deletion or your subscription is terminated. Deletion requests are honoured within 30 days. |
| Revoked subscriber accounts | When a subscription is revoked, the account is set to subscription_status: inactive. The associated audit metadata (granted_at, granted_by, notes) is preserved for billing and dispute-resolution purposes. You may request deletion of this data. |
| Browser localStorage (session JWT) | Persists until you sign out, clear your browser storage, or the token expires. Revocation invalidates the token server-side immediately regardless of local storage state. |
Under Alberta’s Personal Information Protection Act (PIPA) and Canada’s PIPEDA, you have the right to:
To exercise any of these rights, contact us at jory@c3ksolutions.com. We will respond within 30 days. We may ask you to verify your identity before processing a request.
We implement reasonable technical safeguards to protect personal information:
No security measure is perfect. If you discover a vulnerability, please disclose it responsibly to jory@c3ksolutions.com.
The “Last updated” date at the top of this page reflects the most recent revision. We will notify active subscribers by email before making any material change to this policy. Continued use of BLACKSTART after a change takes effect constitutes acceptance of the revised policy.
Privacy questions, access requests, and deletion requests should be sent to:
C3K Solutions
Mannville, Alberta, Canada
jory@c3ksolutions.com