Log in Register ⚡ Features 🔍 How it works 💰 Pricing 🎬 Video ❓ FAQ 📲 Mobile App 🔒 Security 📖 Documentation ⬇️ Download
🔒 Privacy

Privacy Policy

How BookingFish collects, uses, and protects your personal data.

Updated on 18 avril 2026

This privacy policy describes how BookingFish.ca collects, uses, protects, and discloses the personal information of users of its online booking platform. By using BookingFish, you agree to the practices described below.

1. Data Controller

BookingFish.ca is operated by a Canadian company whose servers are located in Canada. For any questions regarding your personal data:

  • Email: support@bookingfish.ca
  • Response time: maximum 30 business days, in compliance with PIPEDA and Quebec's Law 25.

2. Data Collected by Role

2.1 Members (guides, outfitters, operators)

  • Full name, email address, phone number;
  • Business information (name, description, services offered);
  • Boat and vessel information (name, type, capacity);
  • Availability, time slots, and booking settings;
  • Stripe Express account identifier (for receiving payments);
  • IP address and session data for account security.

2.2 Clients making a booking

  • Full name, email address, phone number;
  • Date, time, type of outing, and number of participants;
  • Payment information processed directly by Stripe (BookingFish has no access to card data);
  • Communications exchanged via the booking form.

2.3 Navigation data

  • IP address, browser type, operating system;
  • Pages visited, session duration, referring URL;
  • This data is used exclusively for security and service improvement purposes.

3. Legal Basis and Purposes of Processing

BookingFish processes your data on the following legal bases:

  • Contract performance: processing necessary to create your account, manage your bookings, and process payments;
  • Consent: sending commercial communications (newsletters, promotions) — withdrawable at any time;
  • Legitimate interest: platform security, fraud prevention, service improvement;
  • Legal obligation: retention of financial data required by Canadian tax legislation.

4. Payments and Stripe Connect

BookingFish uses Stripe Connect Express as its payment gateway. This has important implications for your data protection:

  • Client payments are processed directly by Stripe and deposited into the member's bank account;
  • BookingFish has no access to the member's bank account — we do not act as a financial intermediary;
  • No credit card information passes through BookingFish's servers;
  • Stripe is certified PCI DSS Level 1, the highest security level for online payment processing;
  • Payment data is governed by Stripe's privacy policy.

5. Email Communications and SMTP-DKIM Security

BookingFish sends transactional emails (booking confirmations, reminders, notifications) through a secure infrastructure:

  • DKIM (DomainKeys Identified Mail): every email is digitally signed to guarantee its authenticity and prevent identity spoofing;
  • SPF (Sender Policy Framework): only authorized servers can send emails on behalf of BookingFish.ca;
  • DMARC: additional verification policy that protects recipients from fraudulent emails;
  • These measures ensure that emails you receive from BookingFish.ca are authentic and have not been tampered with.

In compliance with Canada's Anti-Spam Legislation (CASL), we only send commercial emails with your explicit consent. Every email includes a functional unsubscribe link. Transactional emails (related to your bookings) are sent as part of service delivery.

6. Platform Security Architecture

BookingFish was designed with a private space architecture, distinct from public marketplaces:

  • Private member space: only the member (guide/outfitter) accesses their dashboard, bookings, and client data. BookingFish does not expose your information to other members;
  • Encryption in transit: all communications between your browser and our servers are encrypted via TLS 1.2/1.3 (HTTPS);
  • Secure authentication: hashed passwords, secure sessions, protection against brute-force attacks;
  • Restricted guide access: guides associated with a member account have limited access, controlled by the member themselves;
  • Data separation: each member's data is isolated — one member cannot access another member's data.

7. Hosting and Data Location

All personal data collected by BookingFish is hosted on servers located in Canada. No transfer of personal data is made to foreign countries, in compliance with:

  • Quebec's Law 25 (Act to modernize legislative provisions respecting the protection of personal information);
  • PIPEDA (Personal Information Protection and Electronic Documents Act — Canada).

8. Data Retention

  • Active member accounts: data retained for the duration of the account;
  • After account closure: data anonymized or deleted within 90 days, unless otherwise required by law;
  • Financial data: retained for 7 years in accordance with Canadian tax requirements;
  • Booking history: retained for 3 years after the last booking for customer support purposes;
  • Security logs: retained for 12 months for fraud detection purposes.

9. Data Sharing

BookingFish never sells your personal data. Sharing is limited to the following situations:

  • Stripe: payment data necessary for transaction processing;
  • Infrastructure providers: hosting and email, under strict confidentiality agreements;
  • Between member and client: when a booking is made, the client's contact details are shared only with the relevant member for the purpose of confirming and managing the booking;
  • Legal authorities: only if required by a court order or Canadian legal obligation.

10. Cookies and Similar Technologies

BookingFish uses only essential cookies for functionality:

  • Session cookie: keeps you logged in during your visit;
  • Language cookie: remembers your language preference (FR/EN);
  • Security cookie: CSRF attack protection.

We use no advertising, tracking, or third-party analytics cookies (Google Analytics, Facebook Pixel, etc.).

11. Your Rights (PIPEDA / Law 25)

Under Canadian data protection legislation, you have the following rights:

  • Right of access: obtain a copy of all personal data we hold about you;
  • Right to rectification: correct inaccurate or incomplete data;
  • Right to deletion: request deletion of your account and personal data;
  • Right to portability: receive your data in a structured, machine-readable format;
  • Right to object: object to the processing of your data for certain purposes;
  • Right to withdraw consent: revoke your consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, write to support@bookingfish.ca. We will respond within 30 days.

12. Children's Privacy

BookingFish is not intended for persons under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with their data, please contact us immediately at support@bookingfish.ca for deletion.

13. Security Incidents and Data Breaches

In the event of a data breach likely to cause harm, BookingFish commits to:

  • Notify the Commission d'accès à l'information (CAI) within 72 hours of discovering the incident;
  • Inform affected individuals as soon as possible;
  • Document the incident and corrective measures taken;
  • Immediately implement the necessary fixes to limit damage.

14. Member Responsibilities

As a platform member, you agree to:

  • Collect client data only for your legitimate booking activities;
  • Not use the platform to collect data for purposes other than booking management;
  • Inform your clients that their contact details are transmitted via BookingFish for booking management;
  • Protect access to your account (password, guide access) and report any unauthorized access;
  • Not share your clients' data with third parties without their explicit consent.

15. Links to Third-Party Sites

BookingFish may contain links to external sites (Stripe, technical documentation, etc.). We are not responsible for the privacy practices of these sites. We encourage you to review their respective privacy policies.

16. Policy Changes

We reserve the right to modify this policy at any time. In the event of significant changes:

  • The update date will be refreshed at the top of this page;
  • Active members will be notified by email at least 30 days before the changes take effect;
  • Continued use of the platform after notification constitutes acceptance of the new terms.

17. Applicable Law and Jurisdiction

This policy is governed by the laws in force in Canada and the province of Quebec. Any dispute relating to the processing of your personal data will be submitted to the competent courts of Quebec. You may also file a complaint with the Commission d'accès à l'information du Québec or the Office of the Privacy Commissioner of Canada.

18. Contact and Data Protection Officer

For any questions, rights requests, or security incident reports: