Last Updated: February 28, 2026
Compliant with PIPEDA, BC PIPA, CASL, and GDPR
Octopus Creative Inc. (“Company”), a corporation registered in British Columbia, Canada, operates the ChamberRM v3 platform (“Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information.
Account Holders: Name, email address, business name, payment and billing information (processed by Stripe — we do not store full card details), event content, brand settings, and communication preferences.
Attendees: Name, email address, phone number, ticket selections, and any optional information provided during registration (e.g., dietary needs, accessibility requirements).
Log data (IP address, browser type, pages visited), device information, usage data (features used, interactions), and cookies as described in our Cookie Policy.
SSO providers (name, email, account identifiers), payment processors (transaction status), and calendar feeds (imported event data).
Service Delivery: Account management, event registration processing, transactional emails, public event pages, and payment processing.
Service Improvement: Usage analysis, bug fixing, and feature development based on aggregated data.
Communications: Service notices, support responses, and promotional messages (with consent, per CASL).
Safety: Fraud prevention, abuse detection, email monitoring, and platform security.
Legal: Compliance with applicable laws and lawful government requests.
For users in the EEA, we process personal information based on: contractual necessity (providing the Service), legitimate interests (improvement and security), consent (marketing and non-essential cookies), and legal obligation (regulatory compliance).
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database & storage | US (AWS) |
| Vercel | Application hosting | Global CDN |
| Stripe | Payment processing | US |
| Mailgun | Email delivery | US |
When you register for an event, the event organizer receives your registration information. We may disclose information if required by law. We do not sell, rent, or trade personal information to third parties.
| Data Type | Retention |
|---|---|
| Active account data | Duration of subscription |
| Cancelled account data | 90 days post-cancellation |
| Payment records | 7 years (legal/tax) |
| Server logs | 90 days |
| Email delivery logs | 30 days |
| Analytics (aggregated) | Indefinite (non-identifiable) |
We implement encryption in transit (TLS/SSL) and at rest, access controls, database-level row security policies for multi-tenant isolation, and regular security assessments. While we strive to protect your information, no method of electronic storage is 100% secure.
You may access your personal information, correct inaccuracies, withdraw consent for certain processing, and challenge compliance by filing a complaint with the Office of the Privacy Commissioner of Canada.
You additionally have the right to erasure, data portability, restriction of processing, objection to processing based on legitimate interests, and lodging a complaint with your local data protection authority.
To exercise your rights, contact us at privacy@octopuscreative.ca. We respond within 30 days.
The Service is hosted in the United States. For transfers from the EEA, we rely on Standard Contractual Clauses and service provider data processing agreements.
The Service is not directed to individuals under 18. We do not knowingly collect personal information from children.
Material changes will be communicated at least 30 days before they take effect.
Octopus Creative Inc. — Privacy Officer
Email: privacy@octopuscreative.ca
Province of British Columbia, Canada
Complaints: Office of the Privacy Commissioner of Canada · BC OIPC
Related policies: Terms of Service · Cookie Policy · Acceptable Use Policy
© 2026 Octopus Creative Inc. All rights reserved.