PlanRelevé — Privacy Policy

Service: PlanRelevé (the "Service"), a cloud plan take-off and estimating platform, also referred to as PlanTagger.

Provider: Infotech Canada, a business registered in the Province of Québec, located in Joliette, Québec, Canada ("Infotech Canada", "we", "us", "our").

Website: planreleve.comApplication: app.planreleve.com

Effective date: 6 July 2026
Last updated: 12 July 2026

This English version is provided for convenience. The French version ("Politique de confidentialité") is the official version and prevails in the event of any discrepancy.


1. About this Policy

This Privacy Policy explains how Infotech Canada collects, uses, discloses, retains and protects personal information when you use PlanRelevé. It is written to comply with:

"Personal information" means any information that relates to a natural person and allows that person to be identified, directly or indirectly.

PlanRelevé is a business-to-business service. It is not directed to consumers or to children (see Section 14).

2. Two roles — please read

Personal information moves through PlanRelevé in two distinct ways, and our responsibilities differ for each:

  1. Information we collect to run the Service (e.g., the email address you use to sign in, billing metadata, security logs). For this information, Infotech Canada determines the purposes and acts as the enterprise responsible for it under Law 25. This Policy governs that information.
  2. Content you upload (electrical, fire-protection, security and telecom plans and related documents, together "Customer Content"). These files may contain personal information about third parties — for example, client names, site addresses, or the stamps of architects and engineers. For this information, your organization decides why and how it is processed, and Infotech Canada acts on your organization's behalf and instructions as a service provider. Your organization is responsible for having the authority and any consents required to upload it. Our handling of Customer Content is also governed by the Terms of Service and the data-protection commitments in it.

3. Person in charge of the protection of personal information

In accordance with section 3.1 of Law 25, Infotech Canada has designated a person responsible for the protection of personal information:

Person in charge of the protection of personal information
Infotech Canada, Joliette, Québec, Canada
Email: info@it-ca.tech

You may contact this person to exercise your rights (Section 11), ask questions about this Policy, or make a complaint.

4. Personal information we collect, and why

We practise data minimization: we collect only what we need to provide the Service. Notably, a user account stores your email address only — we do not ask for or store your name, telephone number, photo, or job title.

CategoryWhat it includesPurpose
Account & identityEmail address; hashed password (argon2id); organization membership and roles; email-verification status; and whether two-factor authentication is required (an organization-level setting)Create and secure your account; authenticate you; apply your permissions
Security stateFailed-login counter and temporary lockout; session revocation timestamp; one-time codes (stored only as a hash) for 2FA; a hashed "trusted device" tokenProtect accounts against unauthorized access
Customer ContentThe plans and documents you upload, and everything derived from them (renders, take-offs, exports). May contain third-party personal informationProvide the take-off, estimating and export features you use (processed on your organization's instructions)
Usage & activity logsAudit-log entries: the acting user's email and ID, the action performed, the affected project/organization, and a timestamp. Application logs (technical events)Security, traceability, troubleshooting, and legal compliance
Billing metadataStripe customer and subscription identifiers, plan, seat count, and storage-usage measurementsManage your subscription, seats, taxes and invoices
AI-feature metadataFor each AI request: the feature used, model, token counts, cost, latency, and success/error status. Copilot chat: the text of your conversations with the assistant and any price-list files you attach to itProvide and meter the optional AI features you enable; let you revisit your assistant conversations
CookiesA session cookie, a language-preference cookie (lang), and a "trusted device" cookieKeep you signed in, remember your language, and reduce repeated 2FA prompts (see Section 13)

What we do NOT collect: We do not record your IP address or browser user-agent in our audit logs. We use no advertising, analytics or tracking technologies of any kind (no Google Analytics, no pixels, no third-party trackers). We do not sell or rent personal information, ever.

5. Consent

6. How we use personal information (purposes)

We use personal information only to:

  1. provide, operate, secure and maintain the Service;
  2. authenticate users and enforce access permissions;
  3. manage subscriptions, seats, storage metering, taxes and billing;
  4. provide customer support and respond to your requests;
  5. provide the optional AI features you have enabled;
  6. detect, prevent and respond to fraud, abuse and security incidents; and
  7. comply with legal obligations and enforce our Terms.

We do not use personal information for purposes incompatible with those above without obtaining your consent.

7. Third-party service providers (sub-processors)

We rely on a small number of service providers to operate the Service. We disclose to them only the information they need, under contractual confidentiality and security obligations. We do not authorize them to use your information for their own purposes.

ProviderRoleLocation of processingPersonal information involved
Amazon Web Services (AWS)Cloud hosting, storage (S3), transactional email (AWS SES, or a configured SMTP relay)Canada — ca-central-1 (Montréal) for the application and your stored files. Some ancillary AWS services (e.g., the marketing site's CDN/CloudFront, and optional application-log monitoring) may operate outside ca-central-1All account data and Customer Content — but files are encrypted by us before storage, so AWS storage holds ciphertext only
StripePayment processing and subscription billingUnited States (Stripe account established in Canada)Organization/owner email, subscription and seat data, storage-usage measurements. Card details are entered directly with Stripe; we never receive or store them
Microsoft (Entra ID / Microsoft Graph)Optional single sign-on (SSO)United States / globalOnly if you sign in with Microsoft: your email, name and tenant identity from your sign-in. We do not retain Microsoft access tokens
DeepInfraAI inference for optional AI featuresUnited States (see Section 8)Only if AI is enabled: the queries, structured data, text and any files you submit to AI features; and, only under the second toggle, plan/specification content
SearXNG (self-hosted) + outbound web requestsWeb-search and page-fetch tools used by the AI assistantOur own infrastructure; outbound requests reach the public websites/search engines the assistant queriesOnly the text of the search queries the assistant issues on your instruction

We keep an up-to-date list of sub-processors and will update this Policy when it changes materially.

Certifications and contractual commitments of our sub-processors. Our "adequate protection" assessment (Section 8) relies in part on the recognized security certifications and data-processing agreements (DPAs) of each of our sub-processors:

8. Communication of personal information outside Québec

Some of our service providers process personal information outside Québec — principally in the United States (Stripe, Microsoft, DeepInfra) and, for certain ancillary services, elsewhere. In accordance with section 17 of Law 25, before communicating personal information outside Québec we assess whether the information would receive adequate protection, taking into account the sensitivity of the information, the purposes, the protective measures (including contractual clauses), and the legal framework of the destination.

Where your data is stored, in plain terms:

Note on AI provider data handling. According to our AI provider's terms (DeepInfra), data submitted to AI features is processed in the United States; it is not sold or used to train models, and is retained only briefly, if at all, for debugging purposes. The provider states that it complies with SOC 2 and ISO/IEC 27001 standards. AI features remain disabled by default and require your explicit consent.

9. Automated processing and artificial intelligence

PlanRelevé offers optional, assistive AI features (for example, part search, estimate checks, and a project assistant). These features suggest information for a human to review; they do not make decisions about you that produce legal effects or similarly significant effects based exclusively on automated processing. A qualified person in your organization remains responsible for reviewing and approving any estimate, quantity or specification.

If we ever introduce a feature that makes a decision about an individual based exclusively on automated processing, we will inform the individual as required by section 12.1 of Law 25, including of the personal information used, the principal factors leading to the decision, and the right to have it reviewed and to submit observations.

10. Retention and destruction

When personal information is no longer required for the purposes for which it was collected, we destroy or anonymize it in accordance with applicable law.

11. Your rights

Subject to the conditions and exceptions in applicable law, you have the right to:

How to exercise your rights. Contact the person in charge at info@it-ca.tech. We may need to verify your identity before responding. If you are a member of a customer organization, some requests may be handled through your organization's administrator, who controls the Customer Content; we will assist as required by law. We will respond within 30 days.

Complaints. If you are dissatisfied with our response, you may lodge a complaint with the applicable regulator:

12. Confidentiality incidents (security breaches)

We maintain measures to detect and respond to confidentiality incidents (unauthorized access to, use of, loss of, or communication of personal information). In accordance with sections 3.5 to 3.8 of Law 25, we:

13. Cookies and similar technologies

PlanRelevé uses only strictly necessary / functional cookies. It does not use advertising, analytics, profiling or cross-site tracking cookies.

CookiePurposeDuration
Session cookieKeeps you signed in; marked Secure in production and inaccessible to scriptsSession
langRemembers your interface language (FR/EN)Up to 1 year
pt_trusted_deviceLets you skip repeated 2FA prompts on a device you trusted30 days

Your browser also stores small non-personal preferences locally (e.g., light/dark theme, symbol-palette favourites); these never leave your device. You can clear cookies and local storage in your browser at any time; doing so may sign you out or reset preferences.

14. Children and minors

PlanRelevé is a professional, business-to-business tool. It is not directed to children or minors, and we do not knowingly collect personal information from anyone under the age of majority. Accounts are intended for authorized users of business customers.

15. Security measures

We protect personal information with technical and organizational safeguards, including:

No system is perfectly secure, but we work to protect your information proportionately to its sensitivity.

16. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date and, where appropriate, notify you. Your continued use of the Service after an update constitutes acknowledgement of the revised Policy.

17. Contact us

Infotech Canada — PlanRelevé
Email: info@it-ca.tech
Joliette, Québec, Canada