Privacy Policy

Effective Date: June 2, 2026

Last Updated: June 2, 2026

Platform Domain: radar.frontlineagency.ca

Corporate Entity: Frontline Agency

Headquarters: Frontline Agency, 4205 Rue Jean-Talon Ouest, Suite 1002, Montreal, QC H4P 2T6, Canada

1. Introduction and Scope

Frontline Agency (operating as "Radar by Frontline", "we", "us", or "our") provides a secure, cloud-based data integration and middleware platform (the "Service"). The Service enables marketing agencies and business entities to safely retrieve, consolidate, and aggregate operational metrics from third-party customer relationship management (CRM) systems, field service management (FSM) platforms, call-tracking providers, and local SEO ranking engines, delivering a unified, aggregated data stream to your reporting dashboards.

This Privacy Policy describes how we collect, use, disclose, and safeguard personal information. It applies to our public website, our user dashboard, and our data connector endpoints.

We operate in compliance with applicable Canadian federal and provincial privacy legislations:

• The Personal Information Protection and Electronic Documents Act (PIPEDA, Canada).
• The Act respecting the protection of personal information in the private sector (Law 25, Quebec).
• Other provincial privacy frameworks relative to our users' jurisdictions.

2. Legal Roles: Data Controller vs. Data Processor

To ensure regulatory alignment under PIPEDA and Quebec Law 25, our data processing operations are divided into two distinct legal roles:

3. Personal Information We Collect (As a Data Controller)

We collect the minimum necessary information required to deliver, secure, and bill for the Service:

• Account Registration Data: Your name, business name, business email address, and account password. Authentication is managed through a secure, encrypted authentication gateway.
• Billing and Financial Logs: Your billing address, payment processor identifiers, subscription status, and payment history. All credit card processing is executed directly by our third-party, PCI-DSS compliant payment gateway (Stripe). We do not store or process raw payment card numbers on our infrastructure.
• Third-Party System Credentials: To connect your platforms, you must authorize access using OAuth 2.0 or by manually entering API credentials.
• Security Protocol: All third-party access tokens, refresh tokens, and API keys are encrypted at rest immediately upon ingest. We utilize industry-standard, authenticated cryptographic encryption algorithms. These credentials are decrypted only in memory when executing scheduled API synchronization cycles.

4. Third-Party Data We Process (As a Data Processor)

To generate your reports, the Service is authorized by you to query and process data from the platforms you actively connect. Our architecture supports multiple integration categories:

5. Data Processing and Caching Engine

A core function of the Service is the execution of our matching engine:

• Normalization: Incoming phone numbers from call-tracking platforms and customer phone records from CRM platforms are programmatically normalized to a standard international phone format to eliminate formatting discrepancies.
• Temporal Matching: Normalized caller IDs are matched in memory against newly created CRM customer files and invoice records. This matching is governed by a configurable attribution window.
• Aggregation: Matched records are aggregated into daily performance metrics (such as total calls, matched calls, match rate percentages, matched revenue, and average matched job values) relative to their marketing attribution source.
• Serving and Purging: These daily aggregated rows are saved to a secure relational database table. Raw, unaggregated end-customer personal information is kept only temporarily in cached staging tables to manage third-party API rate limits and protect partner API keys. This raw data is purged systematically once aggregation is complete.

6. Transparency: No Commercial Exploitation of Data

• We do not sell, rent, lease, trade, or distribute personal information or client customer data to third-party data brokers, advertisers, or outside entities.
• We do not use customer data or integration data to train proprietary machine learning models or artificial intelligence systems.
• All data processed by the Service is used exclusively to populate your private reporting dashboards.

7. Infrastructure and Cross-Border Transfers

The Service is hosted on secure cloud infrastructure managed by our database hosting partners on enterprise-grade servers:

• Hosting Jurisdiction: Our primary cloud storage, hosting databases, and encryption keys are maintained in secure data centers located in Canada and the United States.
• Law 25 Cross-Border Consent: For users and businesses operating within the province of Quebec, you acknowledge and agree that your personal information, API credentials, and integration data will be securely transferred, stored, and processed outside the province of Quebec. We conduct Privacy Impact Assessments (PIAs) on all cloud infrastructure partners to ensure their security practices meet or exceed the statutory requirements of Quebec's Law 25.

8. Data Retention and Account Deletion

• Account Credentials: Encrypted third-party tokens and API keys are stored for the duration of your active subscription.
• Dashboard Deletion: If you delete an integration or close your account, our system initiates an automated purge. All associated API credentials, configuration files, and cached metrics tables are permanently deleted from our databases within twenty-four hours. This action is irreversible.

9. Your Rights under PIPEDA and Quebec Law 25

If you are a subscriber operating in Canada, you hold explicit rights regarding your personal information:

• Right of Access: The right to request written disclosure of the personal information we hold about you.
• Right to Rectification: The right to request immediate correction of inaccurate or incomplete personal information.
• Right to Erasure (The Right to be Forgotten): The right to request the complete deletion of your account and personal profile.
• Right to Portability: The right to request that your personal account information be exported in a structured, commonly used electronic format.

To exercise any of these rights, contact our Data Protection Officer using the details below.

10. Designated Data Protection Officer (DPO)

In compliance with the mandatory provisions of Quebec’s Law 25, Frontline Agency has appointed a Data Protection Officer to supervise our information security practices and handle all privacy-related requests.