How we treat your data.
Short version: carefully.

1. Who we are

BrkrOps™ Inc. is a Canadian corporation based in Edmonton, Alberta. We provide enterprise Windows Server / PKI consulting and publish the Truvald™ product. We are the "data controller" responsible for personal information collected through the brkrops.ca website.

Mailing and inquiries: admin@brkrops.ca.

2. What we collect, and why

2.1 Contact form

If you submit the contact form on the Support page, we receive: your name, email address, subject, the Truvald™ version you reported (optional), and your message. These are emailed to admin@brkrops.ca via Resend so we can reply. They are not added to any mailing list.

2.2 Free tool downloads

Each free PowerShell-tool download (CA backup, certificate notifier, etc.) is counted on the server using a small beacon containing the requested filename, a truncated IP address and your browser's User-Agent. This lets us see which tools are popular and detect abuse. We do not link these events to any identity.

Your browser also keeps a local count of your own downloads in localStorage under keys like brkrops_dl_<filename>. This information never leaves your machine — it's there only if you ever want to inspect it. Clearing your browser storage removes it.

2.3 Browser-based tools

The Tools page hosts:

• Certificate Inspector — parses a pasted PEM certificate using JavaScript inside your browser. The certificate never leaves your browser.
• Password / PIN Generator — uses your browser's crypto.getRandomValues(). The generated value is never sent anywhere.
• PEM ↔ Base64 Converter — runs entirely in your browser.
• Domain Certificate Lookup — queries the public crt.sh Certificate Transparency log. The domain name you type is sent to crt.sh, not to us. We do not log the lookup or store the result.

2.4 Language preference

Your chosen interface language (EN/FR) is stored in localStorage as pref_lang. It never leaves your browser.

2.5 Page-visit log (browser-local)

For our own diagnostic curiosity, the site script keeps a small visit log in your browser's localStorage under brkrops_visit_log (capped at the last 200 entries). This data never leaves your browser; clear your site storage to remove it.

2.6 Consulting engagements

If you reach out about a consulting project, we will exchange the information needed to scope and deliver it (typically by email and, with your consent, in shared documents you control). That information is governed by the engagement contract we sign with you, not by this website privacy policy.

3. Service providers we share data with

We use a small number of service providers strictly to operate the website. Each receives only the minimum data needed for its function.

• Resend — transactional email delivery for the contact form. Resend processes the message on its way to admin@brkrops.ca and is governed by its own privacy policy. It does not use your information for marketing.
• crt.sh — a public Certificate Transparency log operated by Sectigo. Only the domain name you type into the lookup tool is sent. They publish CT data; we don't control their retention.

We do not use Google Analytics, Meta Pixel, Hotjar, FullStory, or any other third-party analytics, ad, or session-replay tracker on this site.

4. Where your data lives, and for how long

The brkrops.ca site is hosted on infrastructure located in Canada.

• Contact-form emails sit in our admin inbox under our standard email-retention practice (typically 24 months).
• Download-tracking entries are retained for 12 months for abuse-detection purposes, then aggregated into anonymous counts.
• localStorage data sits in your browser until you clear it.
• Resend-side records are governed by Resend's own retention policy.

5. Your rights

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Alberta's Personal Information Protection Act (PIPA), you have the right to:

• Know what personal information we hold about you.
• Request a copy of it.
• Ask us to correct it if it is inaccurate.
• Ask us to delete it, subject to legal and contractual retention requirements.
• Withdraw consent for any optional processing.
• File a complaint with the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner of Alberta if you believe we have mishandled your data.

Email admin@brkrops.ca. We will respond within 30 days.

6. How we protect data

• All traffic to brkrops.ca is served over HTTPS with modern TLS.
• The contact form is rate-limited and validated server-side before forwarding to email.
• Admin access to the host and inbox is restricted to a small number of named administrators, using SSH keys and multi-factor authentication.
• Free tool downloads are Authenticode-signed where applicable so you can verify their origin.

No system is perfectly secure. If we ever discover a breach affecting your personal information, we will notify affected users without unreasonable delay and report it as required under PIPEDA's mandatory breach-notification rules.

7. Cookies and local storage

We don't use tracking cookies. The website uses your browser's localStorage for:

• pref_lang — your selected interface language.
• brkrops_page_visits_*, brkrops_page_first_*, brkrops_visit_log — local-only visit counts, never transmitted.
• brkrops_dl_*, brkrops_dl_log — local-only counts of your downloads, never transmitted.

Clearing your browser storage removes all of them. No cookies are set for advertising or cross-site tracking.

8. Children's privacy

This site is intended for IT professionals. It is not directed at, and we do not knowingly collect personal information from, anyone under 16.

9. Changes to this policy

If we make material changes to how we handle personal information, we will update the "Last updated" date at the top of this page and, where appropriate, notify affected users by email.

10. Contact

Privacy questions, access requests, complaints, or just feedback on this policy: admin@brkrops.ca.

BrkrOps™ Inc.
Edmonton, Alberta, Canada