Legal

Privacy Policy

Effective May 14, 2026. Last updated May 14, 2026.

1. Overview

This Privacy Policy explains how ZRP Software ("we", "us", or "FloorSimple") collects, uses, discloses, and protects personal information in connection with the FloorSimple software-as-a-service platform, including the FloorSimple website at getfloorsimple.com and the application accessed through our domains (collectively, the "Service").

We are a Canadian company based in Alberta. Our handling of personal information is governed by Alberta's Personal Information Protection Act ("PIPA Alberta") and, where applicable, the federal Personal Information Protection and Electronic Documents Act ("PIPEDA"). If you access the Service from outside Canada, additional laws may apply to your information; we describe those situations below.

This Privacy Policy is part of, and is subject to, our Terms of Service, including the disclaimers and the limitation of liability set out in those Terms. Where applicable privacy law imposes obligations on us that cannot be limited by contract, those obligations apply to the extent required by law and the rest of these documents continues in full effect.

2. Who we are and who this policy covers

FloorSimple is a business tool used by flooring shops to manage quotes, jobs, invoices, payments, and customer records. This policy applies to two different groups of people:

Shop accounts. Owners, staff, and invited users of a flooring shop that signs up for FloorSimple. For the personal information of these users, FloorSimple is the organization responsible for the information.
End customers of a shop. Homeowners, property managers, contractors, and other people whose details a shop enters into FloorSimple to quote, invoice, schedule, or communicate with them. For this information, FloorSimple acts as a service provider on behalf of the shop. The shop is the organization responsible for that information and is responsible for: deciding what to collect; ensuring it has a lawful basis and any required consent to collect, use, and share it; giving end customers any notice required by law (including the shop's own privacy practices); handling access, correction, and deletion requests from end customers; setting retention periods that comply with the laws that apply to the shop; and complying with anti-spam, telemarketing, and consumer-protection laws when sending messages through the Service.

If you are an end customer of a shop that uses FloorSimple and you want to access, correct, or delete information the shop holds about you, please contact the shop directly. We have included additional details for end customers in Section 11.

3. Information we collect

3.1 Information you give us

Account information. Your email address, password (stored only as a salted, iterated cryptographic hash, never in clear text), first and last name, and, if you choose to add them, phone number, job title, department, and a profile photo.
Shop information. Business name, business address, currency, timezone, reply-to email, optional SMS sender number, and notification quiet-hours.
Customer records you enter. Information about your shop's customers, including names, addresses, email addresses, phone numbers, contact roles, property and jobsite details, residential or commercial profile information (e.g., property type, square footage, year built, business legal name, business tax identifier), notes, payment terms, and credit limits.
Financial documents. Quotes, invoices, line items, totals, taxes, due dates, internal notes, and payments you record. We do not store payment card numbers; payment cards are tokenized by our payment processors (see Section 6).
Files and attachments. Profile photos and any documents or images you upload (for example, jobsite photos or PDF attachments).
Support communications. Messages you send to us when you ask for help or report a problem.

3.2 Information collected automatically

Service usage and security logs. Server logs covering requests to the Service, including IP address, user agent, request paths, response codes, and timestamps, used for security monitoring, debugging, and abuse prevention.
Authentication metadata. Last sign-in time, session identifiers stored in secure, HttpOnly cookies, and records of password reset and invitation tokens (tokens are short-lived and not stored in clear text).
Notification delivery records. When FloorSimple sends an email or text message on your behalf, we log the recipient address, the subject and body content, delivery status, provider message identifier, any error message returned by the delivery provider, and any consent changes. This log lets you confirm what was sent, prove delivery, and handle unsubscribes.
Integration sync records. When you connect QuickBooks Online or a payment processor, we log the records pushed or received and any errors, so failures can be diagnosed and audited.

3.3 Information from third parties

Payment processors. When a customer pays an invoice through Stripe (or another connected processor), the processor sends us a confirmation containing the payment amount, currency, status, and a processor reference identifier. We do not receive card numbers.
QuickBooks Online. If you connect a QuickBooks Online company file, we receive the company name, realm identifier, and tax and item identifiers we need to keep your invoices, customers, and payments in sync.
Delivery providers. Our email and SMS providers return delivery and bounce information so we can tell you whether a message reached its recipient.

Sensitive categories. FloorSimple is a business tool and is not intended to be used to collect health information, government-issued identifiers (other than business tax identifiers used for invoicing), biometric data, or information about a person's racial or ethnic origin, political opinions, religion, sexual orientation, or trade union membership. Please do not enter that kind of information into the Service.

4. How we use your information

We use personal information for the following purposes:

To provide the Service. Create and authenticate your account, store your shop's records, send quotes and invoices on your behalf, schedule jobs, accept payments, and synchronize data with the integrations you enable.
To communicate with you. Send service messages (such as password resets, security alerts, invoice receipts, and billing notices) and respond to your support requests.
To deliver messages on your behalf. Send emails and text messages to recipients you designate (for example, your customers) and keep a delivery log so you can audit what was sent.
To keep the Service safe. Detect, prevent, and investigate fraud, abuse, security incidents, and violations of our terms.
To improve the Service. Diagnose problems, measure reliability, and decide which features to build or improve.
To meet legal obligations. Comply with applicable laws, including tax, accounting, anti-fraud, and records-retention obligations, and respond to lawful requests from government authorities.

We do not sell personal information (as the term "sell" is used in applicable privacy laws), we do not share personal information for cross-context behavioural advertising, and we do not show third-party advertising in the Service. We do not use your shop's records or your customers' records to train artificial intelligence models that are made available to anyone other than your shop, and we do not market unrelated products to your customers based on those records.

5. Legal basis and consent

Under PIPA Alberta and PIPEDA, we collect, use, and disclose personal information with your consent or as otherwise permitted or required by law. The form of consent depends on the sensitivity of the information and the context:

Express consent is obtained when you sign up for an account, when you enable an integration (such as QuickBooks Online or Stripe), and when you opt in to marketing communications.
Implied consent applies where you have voluntarily provided information for a clear purpose, such as entering a customer's address so we can include it on the invoice you are about to send.
Without consent only in the limited circumstances permitted by PIPA Alberta and PIPEDA, such as for legal proceedings, an emergency that threatens someone's life or health, or where authorized by law.

You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice, by contacting us at privacy@getfloorsimple.com. Withdrawing consent may mean we are no longer able to provide some or all of the Service.

If you are accessing the Service from the European Economic Area, the United Kingdom, or another jurisdiction with additional legal-basis requirements (for example the GDPR's six lawful bases), our processing typically relies on the performance of a contract with you (our customer), our legitimate interest in running and improving the Service, your consent where required, and compliance with legal obligations.

6. Service providers and sharing

We share personal information only with the service providers we need to operate the Service, and only to the extent each provider needs it. We require each provider to handle information in line with this policy and applicable law.

Provider	Purpose	Information shared
Amazon Web Services (AWS)	Application hosting and file storage. Database and file storage are located in the Canada (Central) region.	All Service data, including account, shop, and customer records.
Stripe	Payment processing for FloorSimple subscriptions, and customer-facing payment links sent from your shop.	Account email, shop name, payment amounts, currency, and processor identifiers. Card numbers are entered into Stripe directly and never reach FloorSimple.
Intuit (QuickBooks Online)	Optional two-way accounting sync when you connect a QuickBooks Online company file.	Customer names, addresses, invoice and payment details, tax codes, and item codes.
PayPal and Square	Optional payment processors if you choose to enable them.	Connection tokens (encrypted at rest) and the payment metadata needed to reconcile payments.
Postmark	Transactional email delivery (invoices, quotes, reminders, password resets, and other notifications).	Recipient email address, sender details, subject line, and message body.
Twilio	Text-message delivery, if your shop enables SMS notifications.	Recipient phone number, sender number, and message body.

We may also disclose personal information:

to comply with applicable law or a lawful order issued by a court, regulator, or other authority of competent jurisdiction;
to investigate suspected fraud or violations of our terms, protect the security of the Service, or protect the rights or safety of FloorSimple, our customers, or others; and
in connection with a corporate transaction such as a financing, merger, acquisition, or sale of assets, in which case we will require the recipient to honour the commitments in this policy.

Third-party websites and integrations you choose to use. The Service may link to, or interoperate with, websites and services we do not operate (for example, when you click through to a payment processor's hosted page, when you authorize a QuickBooks Online connection, or when an end customer follows a link in a message you send). Once you (or your end customer) leave the Service or interact directly with a third party, this Privacy Policy no longer applies to that interaction. We are not responsible for the privacy practices, content, or security of those third parties, and we encourage you to review their privacy policies before sharing information with them.

7. Where your data is stored and processed

The Service's primary application database and file storage are located in the Canada (Central) region operated by Amazon Web Services. Some of the service providers listed in Section 6 are headquartered in or process personal information in the United States or other jurisdictions outside Canada (for example, Stripe, Intuit, Postmark, and Twilio).

When personal information is processed outside Canada, it may be subject to the laws of the country in which it is processed, including laws that allow government access. We use contractual safeguards (such as data processing agreements and, where applicable, the European Commission's Standard Contractual Clauses) with these providers to require a comparable level of protection.

8. How we protect your information

We use safeguards designed to protect personal information against unauthorized access, use, disclosure, alteration, and destruction. These safeguards currently include:

encryption of network traffic in transit using TLS (HTTPS);
encryption of uploaded files at rest using industry-standard server-side encryption, with files served only through short-lived, presigned URLs;
encryption of third-party access tokens (for example, the tokens we hold for QuickBooks Online, Stripe, PayPal, and Square) using authenticated symmetric encryption;
storage of account passwords only as salted, iterated cryptographic hashes;
session cookies marked HttpOnly, Secure, and SameSite=Lax, and cross-site request forgery (CSRF) protection on form submissions;
least-privilege access controls for the small number of personnel who can access production systems, with access scoped to the data needed for a specific task; and
logging of administrative actions and integration sync activity for after-the-fact review.

The specific algorithms, providers, and controls we use may change as we update our safeguards.

No method of transmission over the Internet or method of electronic storage is completely secure. To the maximum extent permitted by applicable law, we make no warranty, express or implied, that personal information stored on or transmitted through the Service will remain free from unauthorized access, loss, alteration, or destruction, and our liability for any security incident is limited as set out in our Terms of Service. If we become aware of a breach of security safeguards involving personal information under our control that creates a real risk of significant harm to an individual, we will notify the affected individuals and the appropriate regulators in accordance with applicable law (including, where applicable, PIPA Alberta, PIPEDA, and Quebec's Law 25).

9. Data retention and deletion

We keep personal information only for as long as it is needed to provide the Service, comply with our legal and contractual obligations, resolve disputes, and enforce our agreements.

Active accounts. Account, shop, customer, quote, invoice, payment, and notification records are kept for as long as your account is active.
Records deleted inside the Service. When you delete a customer, quote, invoice, or payment from within FloorSimple, that record is hidden from your workspace but retained in the database (a "soft delete") so that historic financial records remain auditable. You can request permanent deletion by emailing privacy@getfloorsimple.com, subject to the limits below.
Closed accounts. If you close your account, we will delete or de-identify personal information within a reasonable period after closure, except where we are required to retain it (for example, financial and tax records that we or you must keep for a statutory period, typically six years in Canada).
Logs and backups. Operational logs and encrypted backups are retained on a rolling basis and are overwritten in the normal course of operation.

10. Your rights

Subject to applicable law, you have the following rights regarding the personal information we hold about you as the holder of a FloorSimple account:

Access. Request a copy of the personal information we hold about you and information about how it is used and disclosed.
Correction. Ask us to correct information that is inaccurate, incomplete, or out of date. Most account information can be edited directly in the application.
Withdrawal of consent. Withdraw your consent to our continued collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice.
Deletion / account closure. Close your account and ask us to delete or de-identify your personal information, subject to the retention limits described in Section 9.
Portability. Export your data in a machine-readable format. Data export is available on every plan.
Complain. Lodge a complaint with the Office of the Information and Privacy Commissioner of Alberta (oipc.ab.ca) or, where PIPEDA applies, the Office of the Privacy Commissioner of Canada (priv.gc.ca). We ask that you give us a chance to address your concerns first.

To exercise any of these rights, email us at privacy@getfloorsimple.com. We will respond within 30 days, or let you know if we need more time. We may need to verify your identity before acting on a request.

If you are in Quebec, the European Economic Area, the United Kingdom, or another jurisdiction with additional rights (such as the right to object to certain processing, the right to restrict processing, or the right to information about automated decision-making), those rights also apply to the extent required by local law.

11. If you are a shop's customer

If a flooring shop has sent you a quote, invoice, payment link, or appointment notification from FloorSimple, your information is held in the shop's FloorSimple workspace. The shop decides what to collect, how it is used, and how long it is kept. FloorSimple processes that information on the shop's behalf.

To access, correct, or delete information about you, contact the shop directly.
To unsubscribe from a shop's emails or text messages, use the unsubscribe link in the message, the manage-preferences link on a public document, or contact the shop.
If you cannot reach the shop or are not satisfied with the shop's response, email us at privacy@getfloorsimple.com and we will do our best to help.

Public quote and invoice links sent to you contain a signed token that expires after 90 days, and any shop can rotate that token to invalidate earlier copies of the link.

12. Cookies and tracking

We use a small number of cookies and similar technologies, all of which are strictly necessary to operate the Service:

a session cookie that keeps you signed in;
a CSRF cookie that protects forms against cross-site request forgery; and
a small number of preference cookies in local storage (for example, your selected theme).

We do not use advertising cookies, cross-site tracking pixels, or third-party marketing analytics. If that ever changes, we will update this policy and, where required, ask for your consent before placing non-essential cookies.

13. Children's privacy

FloorSimple is a business tool intended for use by adults. We do not knowingly collect personal information from anyone under the age of majority in their province of residence. If you believe we have collected information from a minor, please contact us at privacy@getfloorsimple.com and we will delete it.

14. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify account holders by email or through an in-app notice at least 30 days before the changes take effect, except where a shorter notice period is required by law. The "Effective" date at the top of this page shows the current version. Continuing to use the Service after a change means you accept the updated policy.

15. Contact us

For any privacy question or to exercise the rights described in Section 10, please contact our Privacy Officer:

ZRP Software

Attn: Privacy Officer

Email: privacy@getfloorsimple.com

General support: support@getfloorsimple.com