Supply Watch
Last updated: April 30, 2026. This is a pre-launch draft of our Privacy Policy. We will engage legal counsel for a formal review before public launch. The current text is intended to govern data practices during our pre-launch period and reflects the commitments we intend to keep.

Privacy Policy

Effective: April 30, 2026

1. About This Policy

This Privacy Policy describes how Ahead by a Century Technologies Ltd. ("Company", "we", "us", "our"), a British Columbia corporation, collects, uses, and protects personal information when you use SupplyWatch (the "Service").

We are committed to protecting personal information in accordance with the British Columbia Personal Information Protection Act (PIPA) and the Canadian federal Personal Information Protection and Electronic Documents Act (PIPEDA). By using the Service, you consent to the practices described in this Policy.

2. Information We Collect

We collect information only as necessary to provide the Service.

(a) Account Information. Provided via Clerk (our authentication provider). Includes name, email, organization, role, and optional phone number. We do not have access to your password.

(b) Usage Information. Metadata generated as you use the Service, including timestamps, browser type, IP address (approximate city-level location), and diagnostic data captured by Sentry. We also collect decisions you record on alerts (for example, acknowledged, dismissed, or escalated).

(c) Supplier Information. Business identifiers for entities you monitor, including names, websites, country, and registration numbers. We also collect public-source signals about Suppliers, including news articles, regulatory filings, and other publicly available company-level information. We do not collect personal information about individuals at your Suppliers.

3. How We Use Information

Pursuant to PIPA's purpose-specification principle, we use information solely to:

  • Deliver and maintain the Service (authentication, signal ingestion, alert delivery, decision recording);
  • Communicate with you regarding account updates and important notices;
  • Provide technical and customer support;
  • Detect, prevent, and respond to security incidents, fraud, and abuse;
  • Comply with legal and regulatory obligations;
  • Improve the Service: we use anonymized and aggregated data to benchmark signals, develop features, and build detection models. We use commercially reasonable de-identification practices and strictly prohibit re-identification.

4. How We Share Information

We do not sell your personal information. We share data only in these limited circumstances.

(a) Service Providers (Subprocessors). We use the following providers to help deliver the Service. Each is bound by contract to use information only on our instructions and to safeguard it.

ProviderPurposeData Shared
ClerkAuthentication and identityName, email, role, optional phone
VercelFrontend hostingBrowser requests, IP address
RailwayBackend application and databaseAll Customer Data
ResendTransactional email deliveryEmail address, alert and digest content
SentryError monitoringDiagnostic information, configured to exclude Customer Data

We will provide at least 30 days' notice before adding or replacing a subprocessor that handles Customer Data.

(b) Legal and Safety. We may disclose information if required by law (for example, a valid subpoena or court order) or where we reasonably believe disclosure is necessary to protect rights, property, or safety, or to investigate fraud or security incidents.

(c) Business Transfers. In the event of a merger, acquisition, or sale of substantially all of our assets, your information may be transferred as part of that transaction, subject to the recipient maintaining the protections of this Policy.

5. Data Storage, Retention, and Deletion

Location. Customer Data is stored on infrastructure located in Canada and the United States.

Portability. You may export your Customer Data in a standard machine-readable format (CSV or JSON) via workspace settings at any time.

Deletion. Upon workspace cancellation, all associated Customer Data is permanently deleted within seven (7) days. During this seven-day window, you may reactivate your account to undo the deletion.

Retention. We retain anonymized, aggregated data indefinitely for the purposes described in Section 3. We retain limited audit logs (security events and, when billing is enabled, billing records) for as long as required by law or for legitimate business purposes.

6. Security and Safeguards

We implement administrative, technical, and physical safeguards designed to protect personal information from loss, unauthorized access, use, disclosure, alteration, or destruction. Current measures include:

  • Industry-standard encryption at rest and in transit (TLS);
  • Role-based access control (RBAC) and least-privilege internal access;
  • Logical isolation of data at the workspace level;
  • Audit logging of administrative access;
  • Routine review of service-provider security posture.

Audit Status. We do not currently hold a SOC 2, ISO 27001, or similar third-party audit certification. We will update this Policy if our audit status changes.

Breach Notification. Pursuant to BC PIPA Section 34, if a security incident creates a real risk of significant harm, we will notify you and the Office of the Information and Privacy Commissioner for British Columbia (OIPC) without unreasonable delay.

7. Your Rights and Accountability

Privacy Officer. We have designated a Privacy Officer accountable for our compliance with PIPA. You may contact them at privacy@supplywatch.io.

Under PIPA, you have the right to:

  • Access the personal information we hold about you;
  • Request correction of personal information you believe is inaccurate or incomplete;
  • Withdraw consent to our collection, use, or disclosure of your personal information, subject to legal or contractual restrictions;
  • Request deletion of your personal information by cancelling your workspace (see Section 5);
  • File a complaint with our Privacy Officer or with the Office of the Information and Privacy Commissioner for British Columbia.

We will respond to all requests within thirty (30) days as required by PIPA.

8. Children

The Service is intended for business use by adults. We do not knowingly collect personal information from individuals under the age of majority in their province (19 in British Columbia). If we become aware that we have collected such information, we will delete it.

9. Cookies and Tracking

We use the minimum cookies and tracking technologies needed to operate the Service:

  • Session cookies maintained by Clerk to keep you signed in;
  • Limited cookies for fraud and abuse detection;
  • Diagnostic information captured by Sentry, configured to exclude Customer Data.

We do not use third-party advertising cookies, behavioural tracking, or cross-site analytics.

10. Changes to This Policy

We may update this Policy from time to time. For material changes, including changes to the service providers that handle Customer Data, expansion of the purposes for which we use personal information, or changes to your rights, we will notify you at least thirty (30) days before the effective date by email or through the Service. Your continued use of the Service after the effective date constitutes acceptance.

11. Contact

Privacy Officer
Ahead by a Century Technologies Ltd.
Vancouver, BC, Canada
privacy@supplywatch.io

You may also file a complaint with the Office of the Information and Privacy Commissioner for British Columbia at oipc.bc.ca.

For terms of use, see our Terms of Service.