Skip to main content
PatronPath

Privacy Policy

PatronPath (“we”, “us”) is committed to protecting your privacy. This policy explains how we collect, use, and disclose information related to our customers and website visitors. It does not apply to library patrons; we do not ask for or process patron Personal Data in the beta. For questions, contact privacy@patronpath.io.

Last updated: 2025-10-15

Who We Are, Scope & Roles

PatronPath simulates patron access to library e-resources and delivers screenshot-rich reports to library staff. During the current desktop-run beta, our service executes on a Pantomath-owned, encrypted workstation (no customer hosting).

Where we are based. PatronPath is provided by Pantomath Consultation Inc., a company based in British Columbia, Canada. This policy reflects obligations under PIPA (BC) and/or PIPEDA as applicable. For US customers, we align with relevant state privacy laws (e.g., CPRA/VCDPA) where they apply to our processing volumes.

Roles. For our business data (e.g., leads, support), we act as a data controller. When we process library-provided test credentialssolely to verify access, we act as a data processor. If you later instruct us to process any Personal Data, our Data Processing Addendum (DPA) will apply from that point forward. Participation in our beta program is also subject to our Beta Program Terms of Service.

Legal entity (Data Controller): Pantomath Consultation Inc.

What We Collect

  • Data you provide: name, work email, institution, and notes (e.g., via “Pilot Program” form).
  • Service telemetry (pilot): timestamps, visited URLs during simulated journeys, HTTP statuses, DOM selectors, and redacted failure screenshots. We minimize capture of personal data and enable redaction by default.
  • Testing credentials: library-provided test-only accounts (scoped for access verification only); stored securely (password manager or OS keychain) and never logged.
  • Website analytics (optional): limited aggregate metrics; no third-party advertising cookies.

Beta scope: We do not ask for or process patron names, emails, card numbers, account IDs, or other patron identifiers in the beta environment.

How We Use Information

  • Provide nightly checks and screenshot-rich failure reports.
  • Troubleshoot issues and improve coverage/reliability.
  • Respond to requests and provide support.
  • Send service communications and (with consent where required) marketing.
  • Analyze site usage to improve our website and documentation.

Legal Bases

We process data under the following bases: performance of a contract, legitimate interests (service reliability and communications), and consent where required (e.g., marketing).

Retention

  • Run logs (pilot): up to 90 days, then aggregate/anonymize or delete.
  • Screenshots (pilot): up to 30 days, then deleted.
  • Credentials: stored securely; deleted within 7 days of pilot end or on request.
  • Custom retention windows can be set during onboarding.

Sharing

  • Sub-processors (delivery/ops): providers used for email, secure file delivery, infrastructure, or productivity tools—see /legal/subprocessors. During the desktop beta, test execution runs on a Pantomath-owned workstation.
  • Vendors you engage: reports/screenshots you forward to vendors are at your discretion.
  • Legal: we may disclose if required by law, with notice where permissible.

We do not sell or share personal information as defined by applicable law.

Cookies & Tracking

We use essential cookies for site functionality and may use optional analytics cookies for aggregate metrics. If analytics are enabled, we display a consent banner and honor Global Privacy Control (GPC). You can update choices anytime on our Cookies page.

Your Rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or export your personal information. To exercise these rights, email privacy@patronpath.io. We may need to verify your identity.

  • Canada (PIPA/PIPEDA): access/correction rights and complaint routes via relevant privacy commissioners.
  • EEA/UK (GDPR): access, rectification, erasure, restriction, portability, objection; international transfers safeguarded via SCCs or equivalent where applicable.
  • United States (CPRA/VCDPA and similar): where applicable, rights to know/access, delete, and correct. If our processing volumes do not meet a particular law’s thresholds, we will still make reasonable, verified efforts to honor requests. We do not sell/share personal information or use targeted advertising.

You may also submit requests via email at privacy@patronpath.io.

International Transfers & Data Location

We are based in Canada and may process data in Canada and the United States using vetted sub-processors listed at /legal/subprocessors. Where required, we use contractual safeguards—our DPA and, if applicable, EU Standard Contractual Clauses and the UK Addendum—to protect cross-border transfers.

Security

We use administrative and technical measures appropriate to a desktop-run pilot, including full-disk encryption, least-privilege access, and redaction by default for screenshots. The beta is configured for test-only flows and does not require patron Personal Data. See our Security page for details.

Changes to This Policy

We may update this policy from time to time. We will update the “Last updated” date above and notify customers of material changes (e.g., email to admins).

Contact

Email: privacy@patronpath.io

Address: Pantomath Consultation Inc., Unit 230, 11180 Bridgeport Road, Richmond, BC V6X 1T2, Canada

Disclaimer: This policy describes PatronPath’s current privacy practices for the desktop-run beta and is provided for general information. It is not legal advice.