Privacy policy

1. Introduction and scope

RoastCraft Inc. (“RoastCraft,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, the British Columbia Personal Information Protection Act (PIPA). This Privacy policy describes how we collect, use, disclose, retain, and safeguard personal information when you visit roastcraft.pro, submit enquiries through our contact form, communicate with us by email or telephone, visit our Vancouver showroom, or engage our equipment and service offerings.

This policy applies to personal information collected through digital and offline channels controlled by RoastCraft Inc. It does not apply to third-party websites linked from our pages, manufacturer portals, or social media platforms operated by others. We encourage you to review privacy statements on any external site you visit.

RoastCraft is a commercial specialty coffee roasting equipment supplier. We do not operate consumer food-delivery applications or restaurant reservation systems. Personal information we collect relates primarily to business contacts at roasteries, importers, cupping labs, and allied trade professionals evaluating or purchasing roasting machinery.

2. Accountability

RoastCraft Inc. is accountable for personal information under its control. We have designated a privacy contact responsible for compliance with this policy and PIPEDA principles. You may reach our privacy office at [email protected] or by mail at 1190 Hamilton Street Suite 310, Vancouver BC V6B 2P5, Canada. General business enquiries may be directed to [email protected] or +1 (604) 555-2847 during Mon–Fri 09:00–17:00 Pacific Time.

We train staff who handle contact form submissions, client correspondence, and service scheduling on privacy obligations. Third-party processors engaged for hosting, email delivery, or analytics must contractually commit to comparable protection standards and process data only on documented instructions.

3. Identifying purposes

We identify and document purposes for collection before or at the time personal information is gathered. Primary purposes include:

• Responding to equipment enquiries, sample roaster quotes, installation scheduling requests, and general questions submitted via our contact form or email;
• Providing showroom demonstrations, remote specification consultations, installation, warranty service, spare-parts fulfilment, and roast-profile review services;
• Processing purchase orders, invoices, and service contracts with commercial clients;
• Maintaining internal records of communications, quotes, and equipment serial numbers for support continuity;
• Operating and securing roastcraft.pro, including fraud prevention via honeypot fields and server logging;
• Complying with legal, tax, and regulatory obligations applicable to a British Columbia corporation;
• Improving website content and catalogue navigation through aggregated analytics where consent is granted.

We will not use personal information for materially different purposes without obtaining additional consent or as permitted by law.

4. Consent

PIPEDA requires meaningful consent for collection, use, and disclosure of personal information, subject to limited exceptions. When you submit our contact form, you must actively check the consent box confirming that you agree to our collection and use of the information provided to respond to your enquiry. The consent checkbox is not pre-selected. Without consent, we cannot process your form submission and will redirect you to reconfirm.

For optional website cookies, we obtain consent through the cookie banner (Accept all, Reject all, or Customise) as described in our Cookie policy. Consent records are stored for six months.

You may withdraw consent for non-essential processing by contacting [email protected]. Withdrawal may limit our ability to provide certain services — for example, we cannot respond to an equipment quote without a valid email address. Withdrawal does not affect processing already completed lawfully or information retained where required by law.

5. Limiting collection

We collect only personal information reasonably necessary for identified purposes. Contact form fields include name, email address, subject selection, and message body. A hidden honeypot field (“website”) helps detect automated spam; legitimate users never complete this field. We do not require telephone numbers or postal addresses for initial web enquiries, though you may voluntarily include them in your message.

Server logs may automatically capture IP addresses, browser user-agent strings, timestamps, and requested URLs for security and troubleshooting. Analytics tools, when enabled with consent, collect pseudonymous usage metrics rather than direct identifiers unless you voluntarily identify yourself in a form during the same session.

6. Limiting use, disclosure, and retention

Personal information is used only for purposes described in this policy or with fresh consent. We do not sell, rent, or trade contact lists to data brokers or unrelated marketers. Disclosure to third parties occurs only when necessary:

• Service providers: Hosting providers, email infrastructure, analytics processors (with consent), and payment processors under confidentiality agreements;
• Equipment manufacturers: Serial numbers and install addresses shared when warranty registration or parts orders require manufacturer involvement;
• Professional advisers: Lawyers, accountants, or insurers bound by confidentiality;
• Legal requirements: Courts, regulators, or law enforcement when compelled by valid legal process;
• Business transitions: Successor entity in a merger or asset sale, subject to continued protection commitments.

Contact form submissions and related correspondence are retained for up to seven years after last meaningful interaction unless a longer period is required for warranty, tax, or litigation holds. Server logs rotate on a shorter schedule, typically 90 days. Analytics aggregates may persist in de-identified form per processor policy.

Personal information is stored primarily on Canadian infrastructure. Where processors operate outside Canada, we assess risks and apply contractual safeguards. Contact data from web forms is not intentionally transferred to jurisdictions lacking adequate protection without disclosure here and appropriate controls.

7. Accuracy

We rely on you to provide accurate contact details. If your email address or business affiliation changes, notify us so quotes, install schedules, and warranty records remain correct. You may request correction of inaccurate personal information we hold; we will amend records promptly and notify relevant third parties where appropriate.

8. Safeguards

RoastCraft implements administrative, technical, and physical safeguards proportionate to sensitivity and volume of data held. Measures include TLS encryption for website traffic, access controls limiting employee visibility to enquiry data, secure handling of mail server credentials, and periodic review of hosting configurations. No method of transmission or storage is completely secure; we cannot guarantee absolute security but commit to reasonable industry practices for a small commercial equipment supplier.

Employees access personal information only when job duties require it. Portable devices used for client communication should employ passcodes and current operating system patches.

9. Openness

This Privacy policy is publicly available at roastcraft.pro/privacy.php. We summarise key practices in plain language on our contact page and link to this document from the cookie banner and footer. Material updates change the Last updated date above. Significant changes affecting how we use previously collected information will be communicated where practicable.

10. Individual access and challenges

You have the right to request access to personal information we hold about you and to receive an account of how it has been used or disclosed, subject to legal exceptions. Access requests should be sent to [email protected] with sufficient detail to verify identity. We respond within thirty days unless an extension is permitted under PIPEDA, in which case we will notify you.

If you believe information is inaccurate or incomplete, you may request amendment. If we disagree, we will note your challenge on file. You may also challenge our compliance with PIPEDA principles by contacting us first; unresolved concerns may be referred to the Office of the Privacy Commissioner of Canada.

11. Children

RoastCraft services commercial clients and industry professionals. Our website and contact channels are not directed at children under thirteen. We do not knowingly collect personal information from children. If you believe a child has submitted data through our form, contact [email protected] and we will delete it promptly.

12. Cookies and electronic identifiers

Details of cookies, consent mechanics, and browser controls appear in our Cookie policy. IP addresses in server logs may constitute personal information under Canadian law; we use them for security and diagnostics and delete them according to retention schedules above.

13. Changes to this policy

We review this Privacy policy periodically and update it when practices, technology, or legal requirements change. The Last updated date reflects the most recent revision. Continued use of roastcraft.pro after posting constitutes acknowledgement where consent is not separately required.

14. Contact

Privacy Officer, RoastCraft Inc.
Email: [email protected]
Mail: 1190 Hamilton Street Suite 310, Vancouver BC V6B 2P5, Canada
Phone: +1 (604) 555-2847