1. Introduction
Business Registration Center Inc., operating as BRC Host (“BRC Host,” “we,” “us,” or “our”), is committed to protecting the privacy and personal information of our customers, website visitors, and anyone who interacts with our services.
This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and your rights regarding your information. This policy applies to all BRC Host services, including our website, hosting plans, domain registration, addon products, and customer support interactions.
BRC Host operates under and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. Where provincial privacy legislation provides greater protection, we comply with the higher standard.
2. Definitions
“Personal Information” means information about an identifiable individual, as defined under PIPEDA. This includes but is not limited to name, email address, phone number, mailing address, payment information, and IP address.
“Customer Data” or “Content” means all data stored on BRC Host’s servers by the Customer, including website files, databases, email messages, and backups. Customer Data is owned by the Customer and is not accessed by BRC Host except as described in this policy.
“Service Data” means technical and usage data generated through the Customer’s use of BRC Host services, including server logs, resource usage metrics, and support ticket records.
3. Information We Collect
3.1 Information You Provide Directly
When you create an account, purchase services, or contact support, you provide:
Account registration: Full name, email address, phone number, mailing address, company name (if applicable).
Billing information: Payment method details (credit card number, expiration date, CVV). Payment information is collected and processed by Stripe and is not stored on BRC Host’s servers (see Section 6).
Domain registration: Registrant name, organization, address, email, and phone number as required by ICANN and the applicable domain registry. WHOIS privacy protection is applied by default to mask this information from public WHOIS lookups.
Support interactions: Information you provide in support tickets, phone calls, and emails, including screenshots, login credentials shared for migration purposes, and descriptions of technical issues.
3.2 Information Collected Automatically
When you use BRC Host’s website or services, we automatically collect:
Server and access logs: IP addresses, browser type, operating system, referring URLs, pages visited, timestamps, and request data for the BRC Host website. These logs are used for security monitoring, troubleshooting, and abuse prevention.
Resource usage data: CPU, RAM, I/O, and bandwidth consumption for hosted accounts, collected through CloudLinux and cPanel for account management and resource monitoring.
Email metadata: Sender, recipient, timestamps, and message sizes for email accounts hosted on BRC Host. BRC Host does not read the content of customer email messages.
3.3 Information from Third Parties
Payment verification: Stripe may provide transaction confirmation, payment status, and fraud detection signals.
Domain registration: NameSilo provides registration confirmation, transfer status, and WHOIS data.
4. How We Use Your Information
BRC Host uses personal information for the following purposes:
Providing services: Creating and managing your account, provisioning hosting plans, registering domains, activating addon products, performing site migrations, and delivering customer support.
Billing and payments: Processing payments, issuing invoices and receipts, sending renewal reminders, managing refunds, and resolving billing disputes.
Communication: Sending service-related notifications (outage alerts, maintenance schedules, resource usage warnings, security alerts), billing communications (payment confirmations, renewal reminders, failed payment notices), and account-related updates (terms changes, policy updates).
Security and abuse prevention: Monitoring for unauthorized access, malware, spam, phishing, and other activities that violate the Acceptable Use Policy. Investigating and responding to security incidents.
Service improvement: Analysing aggregate, anonymized usage patterns to improve server performance, plan offerings, and support processes. BRC Host does not use personal information for automated decision-making or profiling.
Legal compliance: Responding to lawful requests from Canadian law enforcement or regulatory authorities, complying with court orders, and fulfilling obligations under Canadian law.
5. Legal Basis for Processing (PIPEDA Principles)
BRC Host collects and processes personal information in accordance with the ten fair information principles established under PIPEDA:
Accountability: BRC Host has designated a Privacy Officer responsible for compliance with this policy and PIPEDA. Contact information is provided in Section 15.
Identifying purposes: We identify the purpose for collecting personal information at or before the time of collection. The purposes are described in Section 4.
Consent: We obtain your consent to collect, use, and disclose your personal information. By creating an account and using our services, you consent to the collection and use described in this policy. You may withdraw consent at any time, subject to legal or contractual restrictions (see Section 10).
Limiting collection: We collect only the personal information necessary for the purposes identified. We do not collect information indiscriminately.
Limiting use, disclosure, and retention: Personal information is used only for the purposes for which it was collected, or with your consent, or as required by law. Information is retained only as long as necessary (see Section 9).
Accuracy: We make reasonable efforts to ensure personal information is accurate, complete, and up-to-date. You may update your information at any time through your account settings or by contacting support.
Safeguards: We protect personal information with security measures appropriate to the sensitivity of the information (see Section 8).
Openness: This policy is publicly available on the BRC Host website. We will answer questions about our privacy practices upon request.
Individual access: You have the right to access your personal information held by BRC Host and to request corrections (see Section 10).
Challenging compliance: You may challenge BRC Host’s compliance with this policy by contacting our Privacy Officer (Section 15). If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada.
6. Payment Processing and Stripe
BRC Host uses Stripe as its payment processor. When you enter payment information (credit card number, expiration date, CVV), that information is transmitted directly to Stripe and is not stored on BRC Host’s servers.
Stripe is certified as a PCI Level 1 Service Provider, the highest level of certification under the Payment Card Industry Data Security Standard (PCI DSS). Stripe’s privacy policy governs its handling of your payment data.
BRC Host receives from Stripe: transaction confirmation or failure status, the last four digits of the card used, card type (Visa, Mastercard, American Express), and billing address for tax calculation purposes. BRC Host does not receive or store full card numbers.
7. Data Storage and Canadian Data Residency
7.1 Where Your Data Is Stored
All Customer Data (website files, databases, email messages, and backups) is stored on a dedicated server located in a data centre in Montreal, Quebec, Canada, operated by WHC.ca. Customer Data does not leave Canada.
Account management data (your name, email, phone number, billing records, support ticket history) is stored on BRC Host’s systems, hosted in Canada.
7.2 Why This Matters
Canadian data residency means your data is subject to Canadian privacy law, specifically PIPEDA and applicable provincial legislation. Your data is not subject to foreign access laws such as the United States CLOUD Act or Patriot Act.
For businesses in regulated sectors (healthcare, legal services, financial advising, government contracting), Canadian data residency may be a compliance requirement. BRC Host’s infrastructure is designed to meet this requirement.
7.3 Third-Party Data Processing
Certain third-party services integrated with BRC Host may process limited data outside of Canada:
Stripe (payment processing): Processes payment transactions. Stripe stores payment data on its own infrastructure, which may include servers outside Canada. Stripe complies with PIPEDA and GDPR.
Cloudflare (CDN and DDoS protection): When CDN is enabled, cached copies of your website’s static content (images, CSS, JavaScript) may be temporarily stored on Cloudflare’s global network to improve load times for visitors in different regions. Your origin data remains in Canada.
NameSilo (domain registration): Processes domain registration data (registrant name, address, email) as required by ICANN. NameSilo is a US-based registrar. WHOIS privacy is enabled by default to minimize public exposure of registrant data.
Let’s Encrypt (SSL certificates): Processes domain validation data (domain name, server IP) to issue SSL certificates. No personal information is shared with Let’s Encrypt beyond domain and server identifiers.
Addon product providers (Titan Mail, SiteLock, SpamExperts, Sectigo): If you purchase addon products, the respective provider may process data as required to deliver the service. Each provider’s privacy policy governs their handling of your data.
BRC Host ensures that any third-party service provider receiving personal information provides a comparable level of protection as required by PIPEDA.
8. Data Security
BRC Host implements the following security measures to protect personal information and Customer Data:
Server security: Imunify360 security suite with malware scanning, intrusion detection, and proactive defence. CageFS filesystem isolation prevents cross-account access. DDoS protection at the network level. Regular security patches and updates managed by WHC.ca.
Access controls: Role-based access to server infrastructure. Administrative access restricted to authorized BRC Host personnel. Multi-factor authentication required for administrative server access.
Encryption: Free SSL/TLS encryption on all hosted websites. Encrypted connections (HTTPS) for the BRC Host website and client portal. Encrypted email transmission supported (STARTTLS).
Backups: Daily automated backups stored in a secure, off-site location within Canada. Premium Backup customers receive backups every 6 hours with 30-day retention.
Payment security: Credit card data handled exclusively by Stripe (PCI DSS Level 1 certified). BRC Host does not store, process, or have access to full card numbers.
Personnel: BRC Host staff with access to customer systems are trained on privacy obligations and data handling procedures.
No security measure is absolute. BRC Host cannot guarantee that unauthorized access, data breach, or data loss will never occur. In the event of a data breach affecting personal information, BRC Host will notify affected customers and the Office of the Privacy Commissioner of Canada as required by the mandatory breach notification provisions of PIPEDA.
9. Data Retention
BRC Host retains personal information only as long as necessary for the purposes described in this policy or as required by law.
Active accounts: Personal information and Customer Data are retained for the duration of the account’s active status.
Cancelled accounts: Customer Data (website files, databases, emails) is retained for 30 days following the effective date of cancellation, then permanently deleted. Account records (name, email, billing history, support ticket history) are retained for 7 years following cancellation for tax, legal, and regulatory compliance purposes.
Terminated accounts (AUP or ToS violation): Customer Data may be deleted immediately upon termination. Account records are retained for 7 years.
Server and access logs: Retained for 90 days for security and troubleshooting, then deleted.
Support tickets: Retained for the duration of the account plus 2 years following account closure, then deleted.
Domain registration records: Retained as required by ICANN and the applicable domain registry’s policies, which may exceed BRC Host’s standard retention periods.
Backup data: Standard backups are overwritten on a 7-day rolling cycle. Premium Backup data is overwritten on a 30-day rolling cycle. Following account cancellation, backup data containing the account’s information is purged as part of the normal backup rotation.
10. Your Rights
Under PIPEDA, you have the following rights regarding your personal information:
10.1 Right of Access
You may request access to the personal information BRC Host holds about you. To make an access request, contact our Privacy Officer (Section 15). BRC Host will respond within 30 days of receiving a complete request. We may require verification of your identity before releasing information.
10.2 Right of Correction
If you believe your personal information is inaccurate or incomplete, you may request a correction. You can update most account information directly through your account settings. For information that cannot be updated through self-service, contact our Privacy Officer.
10.3 Right to Withdraw Consent
You may withdraw consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. Withdrawing consent may affect BRC Host’s ability to provide services. For example, withdrawing consent to process billing information will prevent BRC Host from processing payments, which may result in service suspension.
To withdraw consent, contact our Privacy Officer with a specific description of the consent being withdrawn.
10.4 Right to Deletion
You may request deletion of your personal information. BRC Host will comply with deletion requests unless retention is required by law, necessary to complete a transaction, or needed to maintain backup integrity during the normal backup rotation cycle.
Account deletion requests result in permanent removal of Customer Data and anonymization of account records (name and contact details replaced with anonymized identifiers; billing history retained in anonymized form for tax compliance).
10.5 Right to Complain
If you are not satisfied with BRC Host’s response to a privacy concern, you may file a complaint with the Office of the Privacy Commissioner of Canada:
Office of the Privacy Commissioner of Canada 30 Victoria Street Gatineau, Quebec K1A 1H3 1-800-282-1376 www.priv.gc.ca
11. Cookies and Tracking
11.1 BRC Host Website
The BRC Host website uses cookies for the following purposes:
Essential cookies: Session management, authentication, and security. These cookies are necessary for the website to function and cannot be disabled.
Analytics cookies: BRC Host may use privacy-respecting analytics (no third-party tracking pixels or advertising cookies) to understand aggregate website usage patterns such as page views, traffic sources, and visitor geography. Analytics data is aggregated and anonymized.
BRC Host does not use advertising cookies, retargeting pixels, or cross-site tracking technologies on its website.
11.2 Customer Websites
Cookies set by websites hosted on BRC Host are the responsibility of the respective website owner. BRC Host does not set, control, or access cookies on customer websites.
11.3 Cookie Management
You can control cookie behaviour through your browser settings. Disabling essential cookies may prevent you from logging in to the BRC Host client portal or managing your account.
12. Marketing Communications
BRC Host sends service-related communications (billing notices, renewal reminders, maintenance alerts, security notifications) as a necessary part of providing the service. These are not marketing messages and cannot be opted out of while services are active.
BRC Host may send promotional or educational communications (product announcements, blog content, feature updates) to customers who have opted in. You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting support. Opting out of marketing communications does not affect service-related communications.
BRC Host does not sell, rent, or share customer email addresses with third parties for marketing purposes.
13. Children’s Privacy
BRC Host services are not directed at individuals under the age of 18. BRC Host does not knowingly collect personal information from children. If BRC Host becomes aware that personal information has been collected from a child under 18, the information will be deleted promptly.
14. Changes to This Policy
BRC Host reserves the right to update this Privacy Policy. Material changes will be communicated to customers by email at least 30 days before the changes take effect. The “Version” and “Date” at the top of this document reflect the most recent revision.
Continued use of BRC Host services after the effective date of a policy change constitutes acceptance of the revised policy.
15. Contact Information
Privacy Officer
Business Registration Center Inc., operating as BRC Host
Email: info@brchost.ca
Phone: 123-456-7890
Address: 102-1270 Central Parkway West Mississauga ON L5C 4P4 Canada
For general support inquiries, use the support ticket system or call during business hours (9 AM to 8 PM EST, Monday to Friday).
For privacy-specific inquiries, access requests, correction requests, consent withdrawal, or complaints, contact the Privacy Officer directly at the email address above.
Contact Us
