← Back to getblotter.com

Privacy Policy

Last updated: July 13, 2026

Blotter ("Blotter", "we", "us") provides an incident-reporting service for the private security industry, available at getblotter.com (the "Service"). This policy explains what personal information we collect, why we collect it, how we use, store, and protect it, and the choices and rights you have. It is written to align with the Personal Information Protection and Electronic Documents Act (PIPEDA) and its ten fair information principles, and with substantially similar Canadian provincial privacy legislation.

1. The two kinds of people this policy covers

Because of what Blotter does, personal information reaches us in two distinct ways:

2. What we collect

Account and business information

Report content

Technical information

We deliberately collect no more than the Service needs. We do not run advertising trackers or third-party analytics on the Service, and we do not buy, sell, rent, or trade personal information. Ever.

3. Why we collect it (identified purposes)

We do not use your information for purposes beyond these without first obtaining consent.

4. AI processing — and what it does not do

When a report is generated or a follow-up is reviewed, the text provided by the author is processed by a large language model operated by Anthropic (the maker of Claude) through its commercial API, to rewrite the text into objective language or to identify missing facts. Three commitments matter here:

5. Where your information is stored

The Service is hosted on infrastructure operated by Netlify, with data stored in a managed PostgreSQL database (Neon), currently located in the United States. AI processing by Anthropic also occurs in the United States. This means personal information handled by the Service is stored and processed outside Canada and may be subject to the laws of the jurisdictions where it is held, including lawful access by authorities in those jurisdictions.

We use contractual and technical safeguards with our service providers to require a level of protection comparable to this policy. Customers who require Canadian data residency should contact us at support@getblotter.com to discuss options.

6. Who we share information with

We share personal information only with the service providers required to run the Service:

Beyond service providers, we disclose personal information only if required by law (for example, a court order or other lawful demand), or with consent. Within the Service itself, report content is visible according to role: report authors see their own reports, and supervisors and administrators of the same company see their company's reports.

7. Retention — and why reports are different

Incident reports exist to serve as reliable records, sometimes years after the fact. Finalized reports are therefore append-only by design: their content is locked at signature, and later information is added as attributed, timestamped addenda. We retain report records for as long as the customer's account remains active, because premature deletion would defeat the evidentiary purpose for which customers use the Service.

8. Safeguards

9. Breach notification

If a breach of security safeguards creates a real risk of significant harm to an individual, we will notify affected customers and individuals as soon as feasible and report to the Office of the Privacy Commissioner of Canada, as required by PIPEDA's breach-reporting provisions, and we will keep records of all breaches.

10. Your rights: access, correction, and withdrawal of consent

11. Cookies and local storage

The Service uses browser session storage to keep you signed in and local storage to save unfinished report drafts on your own device. We do not use advertising cookies or cross-site tracking.

12. Children

The Service is a business tool and is not directed at or intended for use by children.

13. Changes to this policy

If we change this policy, we will post the updated version here with a new "last updated" date, and for material changes we will notify customers by email before the changes take effect.

14. Contact and complaints

Questions, access requests, and complaints can be directed to our privacy contact at support@getblotter.com. We will investigate every complaint and respond. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.

This policy describes our practices in plain language and is intended to align with PIPEDA. It does not constitute legal advice to you, and nothing in it creates rights or obligations beyond those in applicable law and our agreements with customers.