Our Privacy Policy

Last Revision:
May 20th, 2018


​Although just a small coalition of Child Passenger Safety Technicians ​based in Saskatchewan, we value and respect your privacy with the utmost of care and attention. As such, we found it necessary to address that in a Privacy Policy. ​​We have included a TL;DR section to keep it short and sweet, but want to give you the ability to see all the specifics below that.

​This policy ​is in effect for and governs the domain https://saskseats.ca. It does not take into account our activity or presence on Facebook or JotForm (we use this to collect submissions from you for clinics, training sessions, etc). You can view Facebook's Privacy Policy here and JotForm's Privacy Policy here.

​TL;DR (Too Long, Didn't Read):
​The SaskSeats team strives to protect and uphold your privacy online. We do our best to collect as little information as possible and work to keep the information we do keep about you secure to the best of our abilities. We store 2 cookies on your system (more about this below) but these cookies do not contain any personally identifying information. We do not collect your full IP address but we ​do have the ability to track which pages you view/click​. This information is ​anonymized however and not linked to a specific individual identity (IP address anonymization in our analytics software - see below). We do not process payment/financial information or store ​sensitive login information like passwords or security questions for individuals outside of our administration team. The login information we do keep for our administration team is stored in encrypted/hashed format (specially: bcrypt using PHP's `password_hash()` function)​. ​​This information is thus inaccessible to our admin team and to attackers during a potential server breach.

How our website ​works to protect you:
​No, that is not a joke. Our website does have measures in place to protect the people viewing it. First and foremost, the domain https://saskseats.ca ​uses TLS (Transport Layer Security) to create an encrypted connection between our server and your browser. This means that everything you do once you have reached our website is not view-able by an outside party ​who may be trying to eavesdrop. This party could be another person on the same WiFi network as you, or it could be your Internet service provider. We also force an encrypted connection when you visit our website from all operating systems and devices (HSTS headers). This does not stop ​an onlooker from seeing that you visited our website (we cannot protect your DNS requests), but it does protect the activity you do while on our website (pages you click, the contact submission form, etc). 

​Information our website collects from you:
​​Our nginx server that handles the website configurations has been set with the flag access_log off; This means that the server will not log any access ​requests and won't see who you are (your IP address) or what device you are connecting from. We have kept error logging on however so we can of course debug server issues​. ​Our admin portal used by our team to login does log access attempts ​via a plugin​, but this logging does not concern you as a viewer of our website and only works to keep our site secure from attackers.

​We currently have ​analytical tracking disabled but do have hopes of enabling this in the future. The analytics platform we will be using is Matamo (formerly Piwik) and is hosted on our own server without third party access. It allows us to strip the last 2 bytes of the IP address it records so instead of seeing ​42.53.64.75, we would only see ​42.53.xx.xx ​We don't want to know the specifics of who is connecting to our website, just how ​much outreach our information is getting so we can better streamline the content we are offering and to whom we are offering it.

​Currently (as of May 2018), our ​server only delivers 2 cookies to users visiting our website. The first cookie is "_wpfuuid" which is used by our WordPress Form plugin. It does not store any personally identifying information, and is only used on the plugin backend to organize the form submissions. The second cookie is "_cfduid" which is used by CloudFlare ​so they can offer their security settings to our server (as we share a CloudFlare IP with many other ​websites). This helps to keep our site secure and online during an attack. It, like the first cookie, does not contain any personally identifying information about the users connecting to our site.

​Information our website does not collect about you:
+ Your ​full IP address, which could identify you to an attacker or third party
+ Any login information (unless you are a part of our team and administrate the website)
+ ​Any financial information (we don't currently offer the ability to pay/donate for services online)

Information our team collects from you:
​​There are instances where our team will be collecting information from you. This could be via a form submission on the contact us page, in an email sent to one of our ​team's email addresses (safety@saskseats.ca), or even in a JotForm submission - although that doesn't apply to this privacy policy directly. This information is only ever collected at your discr​etion. You of course do not have to contact us if you are concerned with any of the following data collected.
The information collected in these situations may contain (but not be limited to):
+ ​The name you provide us
+ ​The email address you provide us
+ The phone number you provide us
+ The location you provide us
+ Information about your vehicle/car seats that you provide to us
+ Information you provide to us about your children (weight, height, age, etc)
+ Pictures of your vehicle and/or children (we recommend their faces are always blurred)

How our team stores the information collected from you:
​When collecting information from you (as noted above) it is important to us that this information remain secure while in our hands. As such, we have a very strict set of individuals who are able to access and/or view this information. ​We ensure that ​any ​websites/services with our accounts storing this information outside of our ​own server are protected to the best of our abilities. We do this by ​administering strong password policies among our team, enabling two-factor authentication wherever possible, and limiting access to only the core admin members of ​SaskSeats. None of this information is ever made public without your consent.​​​ 

​Should this document need amending:
​As noted above, our team values your privacy. We want you to feel safe when ​accessing our services, both in-person, and when online. So should you have questions regarding this privacy policy, how we collect/use/store/share any information we collect, or how we could improve the quality of this document, we encourage you to reach out to us via our primary email at safety@saskseats.ca. Please include "Privacy Policy" somewhere in the subject line so ​your email doesn't get lost in the inbox. ​

Best wishes,
​Your team at SaskSeats - Child Passenger Safety