Privacy Policy

Last updated: January 12, 2026

This Privacy Policy explains how Warmli ("Warmli," "we," "us") collects, uses, shares, and protects personal information when you use Warmli (the "Service"), including our website at warmli.ca, any embedded forms/widgets, and any related pages or applications.

If you are using the Service on behalf of a business (a "Business Customer"), you represent that you have authority to bind that organization to this Privacy Policy.

1) Who We Are

Controller (when we operate the Service and our marketing site):
Warmli
Email: privacy@warmli.ca

Important note about "lead" data:
When a person submits information to a form or landing page created by one of our Business Customers, that Business Customer typically decides why and how that lead information is used. In those cases, we generally act as a service provider/processor for the Business Customer. See Section 10 ("Business Customers & end users").

2) What Information We Collect

We collect information in three main ways: (A) information you provide, (B) information collected automatically, and (C) information we receive from Business Customers or integrations.

A) Information You Provide

Depending on how the Service is used, we may collect:

• Account information: name, email, password (if you create an account), role/title, company name.
• Billing information (if applicable): billing contact details and transaction metadata. (Payment card details are typically handled by our payment processor, not stored directly by us.)
• Support communications: messages you send us, including attachments, and any feedback or survey responses.

B) Lead Information Submitted Through Forms (Lead Data)

Our Service may collect information that a lead submits, which can include:

• Name, email, phone number
• Business name, address, and other business details
• Message content and form responses (including custom fields)
• Preferred contact method, appointment preferences, or qualification questions

C) Information Collected Automatically (Usage Data)

When you use the Service, we may automatically collect:

• Device and connection data: IP address, browser type, device identifiers, operating system, language, approximate location (derived from IP).
• Usage data: pages viewed, actions taken, time stamps, referral URLs, and interactions with forms/widgets.
• Log data: diagnostic and performance logs (including error reports).

Cookies and Similar Technologies

We may use cookies, pixels, local storage, and similar technologies to:

• Keep you signed in
• Remember preferences
• Measure performance and usage
• Support analytics

You can control cookies through your browser settings and, where available, our cookie banner/preferences tool.

3) How We Use Information

We use personal information to:

• Provide and operate the Service (forms, lead delivery, dashboards, automations)
• Authenticate users and prevent fraud/abuse
• Communicate with you (service messages, updates, security alerts)
• Provide customer support and troubleshoot issues
• Improve and maintain the Service (analytics, testing, feature development)
• Comply with legal obligations and enforce our terms

Marketing communications: If we send marketing emails, we will provide an unsubscribe method. Marketing email practices are structured around consent and unsubscribe requirements under CASL (Canada's Anti-Spam Legislation).

4) How We Share Information

We may share personal information in the following circumstances:

A) With Business Customers (Lead Routing)

If you submit information through a form or landing page created by a Business Customer, we will share that Lead Data with that Business Customer and anyone they authorize (e.g., their CRM or email inbox).

B) With Service Providers (Processors)

We use vetted vendors to host, store, and support the Service. These providers process data on our behalf under contractual obligations:

• Cloud hosting & database: Google Cloud / Firebase
• Analytics: Google Analytics
• Scheduling/video meeting integrations: Google Calendar / Google Meet

C) Legal Requirements

We may disclose information if required to do so by law or if we believe disclosure is necessary to:

• Comply with legal process
• Protect rights and safety
• Investigate fraud/security incidents

D) Business Transfers

If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.

5) Data Retention

We retain personal information only as long as needed to:

• Provide the Service
• Meet legal, accounting, or reporting obligations
• Resolve disputes and enforce agreements

Account data: Retained while your account is active, and for 12 months after closure (unless law requires otherwise).
Lead Data: Retained according to the Business Customer's settings or contract; Business Customers may delete/export leads at any time.
Logs/security data: Retained for 90 days for security and debugging.

6) Security

We use administrative, technical, and organizational safeguards designed to protect information (e.g., access controls, encryption in transit, least-privilege access, monitoring). No system is 100% secure, so we cannot guarantee absolute security.

7) International Data Transfers

Your information may be processed in countries other than where you live (for example, where our servers or vendors operate). We take steps to protect data in transfers, such as contractual protections and vendor security reviews.

8) Your Rights and Choices

Depending on where you live, you may have rights such as:

• Accessing the personal information we hold about you
• Requesting correction or updating information
• Requesting deletion (where applicable)
• Withdrawing consent (where processing is based on consent)
• Objecting to certain processing or requesting restriction
• Receiving a copy of your data (portability), in some regions

Canada (PIPEDA)

In Canada, private-sector organizations commonly structure privacy compliance around PIPEDA principles (consent, limiting collection, safeguards, access, etc.). PIPEDA generally applies to commercial activities across Canada.

California (CCPA/CPRA)

If you are a California resident, you may have rights to know, delete, and correct certain information, and to opt out of "selling" or "sharing" personal information.

Do Not Sell or Share: We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

9) Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided information, contact us at privacy@warmli.ca.

10) Business Customers & End Users

If You Are a Business Customer (Our Customer)

You control the Lead Data you collect using the Service. You are responsible for:

• Providing appropriate notices to leads
• Obtaining consent where required
• Ensuring your use of Lead Data complies with applicable law

We process Lead Data on your behalf to provide the Service, and we will handle it according to our agreements and this Privacy Policy.

If You Are an End User (a Lead Submitting a Form)

If you submit your information to a Business Customer using our Service, your information will be provided to that Business Customer. Their privacy practices will apply to how they use your information. To exercise rights regarding that Business Customer's use of your data, contact them directly.

11) Third-Party Links and Integrations

The Service may connect to third-party websites or services (e.g., CRMs, scheduling tools, social platforms). Their privacy practices are governed by their own policies. We are not responsible for third-party privacy practices.

12) Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date and may provide additional notice if required.

13) Contact Us

For privacy questions or requests, contact:
Email: privacy@warmli.ca

Sensitive Information

We do not intentionally collect sensitive personal information (e.g., government IDs, precise geolocation, health info). Please do not submit sensitive information through forms unless specifically requested by the Business Customer and legally permitted.

Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects.