Skip to main content
PatronPath

Privacy Policy

PatronPath is committed to protecting privacy. This policy explains how we collect, use, and disclose information related to our customers and website visitors. It does not apply to library patrons; we do not ask for or process patron Personal Data during pilots. For questions, contact privacy@patronpath.io.

Last updated: 2026-05-15

Who We Are, Scope & Roles

PatronPath simulates off-campus patron access to library e-resources and delivers HTML reports to library staff. Test execution runs from a dedicated physical server under PatronPath's direct administrative control and used exclusively for PatronPath operations.

Where we are based. PatronPath is provided by Pantomath Consultation Inc., a company based in British Columbia, Canada. This policy reflects obligations under PIPA (BC) and/or PIPEDA as applicable. For US customers, we align with relevant state privacy laws where they apply to our processing volumes.

Roles. For our business data, such as leads and support contacts, we act as a data controller. When we process library-provided test credentials solely to verify access, we act as a data processor. If you later instruct us to process any Personal Data, our Data Processing Addendum (DPA) will apply from that point forward. Participation in our beta program is also subject to our Beta Program Terms of Service.

Legal entity (Data Controller): Pantomath Consultation Inc.

What We Collect

  • Data you provide: name, work email, institution, and notes submitted through website forms or direct communication.
  • Service telemetry and reports: pass/fail status, timestamps, screenshots of the authentication/access journey, redirect and URL evidence, HTTP status codes, technical diagnostics, error classifications, and reproduce steps. Vendor-ready sections are designed to minimize sensitive details, including masking credential-like URL parameters where practical.
  • Testing credentials: library-provided dedicated non-patron test accounts, scoped for access verification only. Credentials are stored in a configuration file on an encrypted server volume. Reports do not include test-account passwords or PINs, but library-facing reports may include the dedicated test account identifier or barcode when needed for troubleshooting.
  • Website analytics (optional): limited aggregate metrics; no third-party advertising cookies.

Pilot scope: We do not ask for or process patron names, emails, card numbers, account IDs, or other patron identifiers during pilots.

How We Use Information

  • Provide scheduled checks and HTML access-verification reports.
  • Troubleshoot issues and improve coverage and reliability.
  • Respond to requests and provide support.
  • Send service communications and, with consent where required, marketing.
  • Analyze site usage to improve our website and documentation.

Legal Bases

We process data under the following bases: performance of a contract, legitimate interests for service reliability and communications, and consent where required.

Retention

  • During an active pilot, credentials, reports, screenshots, URLs, timestamps, and diagnostics are retained as needed to deliver access-verification results.
  • Upon pilot completion, cancellation, or written library request, active test credentials and test-result data are deleted within 48 hours, unless the library requests retention.
  • PatronPath does not maintain backup copies of credentials or pilot test-result data.
  • Copies already delivered to the library, vendor, or their email systems are outside PatronPath's control.

Sharing

  • Sub-processors (delivery/ops): providers used for email, secure file delivery, productivity tools, or engagement administration. See /legal/subprocessors. Test execution runs on the dedicated PatronPath server, with no third-party execution provider or contractor used to run tests.
  • Report delivery: reports are delivered as HTML files by email to designated library contacts. Where requested, PatronPath can use a library-selected secure delivery method.
  • Vendors you engage: reports, screenshots, or vendor-ready evidence you forward to vendors are at your discretion.
  • Legal: we may disclose information if required by law, with notice where permissible.

We do not sell or share personal information as defined by applicable law.

Cookies & Tracking

We use essential cookies for site functionality and may use optional analytics cookies for aggregate metrics. If analytics are enabled, we display a consent banner and honor Global Privacy Control (GPC). You can update choices anytime on our Cookies page.

Your Rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or export your personal information. To exercise these rights, email privacy@patronpath.io. We may need to verify your identity.

  • Canada (PIPA/PIPEDA): access/correction rights and complaint routes via relevant privacy commissioners.
  • EEA/UK (GDPR): access, rectification, erasure, restriction, portability, objection; international transfers safeguarded via SCCs or equivalent where applicable.
  • United States: where applicable, rights to know/access, delete, and correct. If our processing volumes do not meet a particular law's thresholds, we will still make reasonable, verified efforts to honor requests. We do not sell/share personal information or use targeted advertising.

International Transfers & Data Location

PatronPath is operated by Pantomath Consultation Inc., a Canadian company based in British Columbia. Pilot data may be processed using PatronPath-controlled infrastructure and standard business tools for communication and report delivery. Current providers are listed at /legal/subprocessors. Where required, we use contractual safeguards, including our DPA and, if applicable, EU Standard Contractual Clauses and the UK Addendum.

Security

We use administrative and technical measures appropriate to the pilot, including a dedicated physical server under PatronPath's direct administrative control, encrypted server storage, strong authentication, and least-privilege access. The pilot is configured for test-only flows and does not require patron Personal Data. See our Security page for details.

Changes to This Policy

We may update this policy from time to time. We will update the Last updated date above and notify customers of material changes where appropriate.

Contact

Email: privacy@patronpath.io

Address: Pantomath Consultation Inc., Unit 230, 11180 Bridgeport Road, Richmond, BC V6X 1T2, Canada

Disclaimer: This policy describes PatronPath's current privacy practices for pilots and is provided for general information. It is not legal advice.