Privacy Policy
Last updated: June 22, 2026
Emicode ("we", "us") is a web development studio based in Winnipeg, Manitoba, Canada. This policy explains what personal information we collect through emicode.ca, why we collect it, and how we handle it. We follow the Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada's Anti-Spam Legislation (CASL).
What we collect
- Contact form data — name, email, phone number, company name, and the project details you choose to share when you submit the project brief or request a callback.
- Marketing attribution — when you arrive from an ad or a link, we record campaign parameters (UTM tags, click IDs) and the referring site, so we know which channels work.
- Technical data — standard server logs (IP address, browser type, pages requested) kept for security and troubleshooting.
- Preferences — your colour-theme choice and your cookie-consent decision are stored in your browser's local storage; marketing-attribution data is stored in session storage. See Cookies and analytics below for exactly which cookies we set and how analytics works.
Why we collect it
- To respond to your inquiry and prepare a quote — this is the only reason we ask for contact details.
- To understand which marketing channels bring visitors, so we can spend our advertising budget sensibly.
- To keep the site secure and reliable.
- To send occasional service emails if you have contacted us — every such email contains a working unsubscribe link, honoured immediately, as CASL requires.
What we never do
- We never sell, rent, or trade your personal information.
- We never share your data with third parties for their marketing.
- We never use your phone number or email for purposes other than the inquiry you sent it for, unless you explicitly agree.
Cookies and analytics
We keep tracking to a minimum. There are three layers, and only the last one ever involves your consent:
- Essential cookies — a session cookie and a security (CSRF) token. They are required for the site to function and to protect form submissions, are set for every visitor, and under privacy law need no consent. They carry no marketing data.
- Cookieless, first-party analytics — to see roughly how many people visit and which pages are useful, we run our own first-party analytics. It sets no cookies, never tracks you across other websites, and stores no name, email, or device identifier. It does record your IP address alongside the page you viewed — we use this only to measure traffic and to spot obvious bots, abuse, and suspicious patterns. This data is visible only to us in the admin analytics dashboard, is never used to build a profile of you or for advertising, and is never shared or sold. These records are kept for at most 30 days and then deleted automatically. Because it is first-party and sets no cookies, it runs as basic audience-and-security measurement without a separate consent banner.
- Google Analytics — only if you agree — where Google Analytics is active, your first visit shows a cookie banner. Nothing from Google loads and no Google cookies are set unless you choose Accept. You can decline with a single click (Reject), and change your choice at any time through the Cookie settings link in the footer. With your consent, Google Analytics helps us measure traffic and the campaigns that bring visitors; it is provided by Google LLC, which may process the data in the United States under the EU–US Data Privacy Framework. Declining changes nothing about your use of the site, and our own cookieless analytics works the same either way.
Where your data lives and how long we keep it
Inquiry data is stored in our own database on infrastructure we manage. We keep it for as long as needed to handle your inquiry and any resulting engagement, after which it is deleted on request or during periodic clean-ups. Server logs rotate automatically. For obvious bot or spam traffic, we may block specific IP addresses at the application layer; such a block simply denies access and is not used to profile you or for advertising. We use a small number of infrastructure providers (hosting, email delivery, content delivery network) to operate the site. They process data on our behalf under their own privacy and security obligations and are not permitted to use it for anything else.
Your rights
You may ask us at any time to show you the personal information we hold about you, correct it, or delete it. Email contact@emicode.ca and we will respond within a reasonable time, normally a few business days. You may also complain to the Office of the Privacy Commissioner of Canada if you believe we have mishandled your information.
Changes to this policy
If we change this policy, the new version will be published on this page with an updated date. Material changes will be noted prominently.
Contact
Privacy questions: contact@emicode.ca.