BG
BareGoldBack to home

Privacy Policy

Effective date: April 10, 2026

What We Collect

We collect the information necessary to provide our compliance analysis and document generation services. This includes:

  • Account information: email address, company name and address, Health Canada company code
  • Regulatory contacts: senior official and Quality Assurance Person (QAP) contact details as required for PLA submissions
  • Product data: product labels, ingredient lists, dosage forms, and health claims you provide for analysis
  • Payment information: processed securely through Stripe. We do not store credit card numbers on our servers

How We Use Your Data

Your data is used to provide the core BareGold service: performing compliance analysis against Health Canada databases, generating Product Licence Application documents and bilingual labels, processing payments, and communicating with you about your account and submissions. We do not sell your data or use it for advertising purposes.

Third-Party Processors

We rely on the following third-party services to operate BareGold:

  • Anthropic (Claude AI) — processes product label data for compliance analysis and document generation
  • Stripe — handles payment processing securely
  • Neon — hosts our PostgreSQL database
  • Vercel — hosts the frontend application
  • Railway — hosts the backend API

Each processor is bound by their own privacy and security policies and processes data only as needed to provide their respective services.

Data Retention

Your data is retained for as long as your account is active. If you request account deletion, all associated data will be removed from our systems within 30 days. Generated documents are stored to allow you to re-download them, but can be deleted upon request.

Data Security

We take reasonable measures to protect your data. All data is encrypted in transit using TLS and encrypted at rest. Our database enforces row-level isolation between users, ensuring that your product data is not accessible to other accounts. Access to production systems is limited to authorized personnel.

Your Rights Under PIPEDA

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to access the personal information we hold about you, request corrections to inaccurate data, and request deletion of your data. To exercise any of these rights, email us at info@baregold.ca. We will respond to requests within 30 days.

Cookies

BareGold uses minimal client-side storage. We store a JSON Web Token (JWT) in localStorage for authentication purposes. We do not use third-party tracking cookies, analytics scripts, or advertising pixels.

Changes to This Policy

We may update this Privacy Policy from time to time. When material changes are made, we will notify you via the email address associated with your account. We encourage you to review this policy periodically.

Contact

For questions about this Privacy Policy or your data, contact us at info@baregold.ca.