Privacy Policy

How Ohmix collects, uses, and protects your personal information.

Ohmix Platform — Privacy Policy

Version 1.0|Effective: April 6, 2026

This Privacy Policy describes how Ohmix ("we," "us," "our," or the "Provider") collects, uses, discloses, and protects your personal information when you use the Ohmix platform, including the EPR Engine and EV Ready Plan Workflow modules (collectively, the "Platform"). We are committed to protecting the privacy and confidentiality of all personal information entrusted to us. This policy has been developed in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), the British Columbia Personal Information Protection Act (PIPA), and other applicable Canadian privacy legislation. By creating an account and using the Platform, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with the practices described herein, you should not use the Platform.

We collect the following categories of personal information: Account Information: - Full name, email address, and login credentials (via OAuth authentication) - Professional licence type (P.Eng, AScT, CET), licence number, and regulatory body - Company name, address, phone number, and email - Errors and omissions (E&O) insurance status and policy number - Professional seal/stamp image (if uploaded) - Company logo (if uploaded) Project Data: - Building addresses, strata plan numbers, and property descriptions - Electrical infrastructure data (transformer ratings, panel schedules, meter configurations) - Utility account numbers and consumption data (BC Hydro CDR data, Ontario LDC data) - Site photographs and electrical drawings - EV charging infrastructure specifications and parking data - Single line diagrams created or uploaded through the Platform Strata Manager and Client Information: - Names, email addresses, and phone numbers of strata managers and property contacts - Service agreement details, signatures, and correspondence - Survey responses submitted through intake forms Financial Information: - Stripe customer identifiers for payment processing - Subscription and billing history (processed by Stripe; we do not store credit card numbers) Technical Information: - IP address, browser type, and user agent string (collected during Terms of Service acceptance) - Session data and authentication tokens - Platform usage patterns and feature interactions Generated Content: - Electrical Planning Reports (EPRs) and EV Ready Plans (EVRPs) - AI-generated draft content, calculations, and analysis results - Report revision history and compliance checklist status

We use your personal information for the following purposes: Platform Operation and Service Delivery: - To create and manage your user account and authenticate your identity - To enable the creation, editing, and generation of EPR and EVRP reports - To perform electrical calculations, load analyses, and compliance checks - To auto-populate report fields, title blocks, and professional certifications - To process and store utility consumption data for capacity analysis - To generate and store single line diagrams and site documentation Payment Processing: - To process subscription payments and per-project fees through Stripe - To manage billing history and subscription status - To issue refunds or credits when applicable Communication: - To send platform notifications regarding project status, report generation, and system updates - To deliver intake surveys and service agreements to strata managers on your behalf - To respond to support inquiries and technical issues AI-Assisted Features: - To provide AI-generated draft content for report sections using the Ohmix AI feature - To analyze uploaded drawings and documents for data extraction - To generate alternative EV charging scenarios and recommendations - To detect anomalies and flag potential issues in infrastructure data Legal and Compliance: - To maintain records of Terms of Service acceptance, including version, timestamp, and IP address - To comply with applicable laws, regulations, and professional standards - To enforce our Terms of Service and protect against misuse Platform Improvement: - To analyze aggregate, de-identified usage patterns to improve Platform features - To identify and resolve technical issues and bugs - To develop new features and capabilities

Under PIPEDA and PIPA, we process your personal information based on the following legal grounds: Consent: By creating an account and using the Platform, you provide express consent for the collection and use of your personal information as described in this policy. You may withdraw your consent at any time by contacting us, subject to legal or contractual restrictions and reasonable notice. Contractual Necessity: Certain personal information is required to provide the services you have subscribed to, including account management, report generation, and payment processing. Legitimate Interests: We may process limited technical data (such as IP addresses and usage patterns) for security, fraud prevention, and Platform improvement purposes, where such processing does not override your privacy rights. Legal Obligations: We may process personal information to comply with applicable laws, regulatory requirements, or valid legal processes.

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances: Service Providers: - Stripe, Inc. — for payment processing. Stripe's privacy policy governs their handling of your payment data. We do not store credit card numbers, CVVs, or full card details on our servers. - Cloud Infrastructure Providers — for hosting, data storage, and content delivery. All data is stored on servers located in Canada or the United States. - AI Service Providers — for AI-assisted features such as draft generation and document analysis. Only the minimum necessary data is transmitted, and providers are contractually bound to confidentiality. Strata Managers and Clients: - When you send intake surveys or service agreements through the Platform, the recipient's name and email address are used solely to deliver those documents. Survey responses are stored within your project. Legal Requirements: - We may disclose personal information if required to do so by law, regulation, or valid legal process (such as a court order or subpoena). - We may disclose information to protect the rights, property, or safety of the Provider, our users, or the public. Business Transfers: - In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of the transaction. We will provide notice before your information becomes subject to a different privacy policy. With Your Consent: - We may share your information for purposes not described in this policy with your explicit consent.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include: Technical Safeguards: - Encryption of data in transit using TLS/SSL protocols - Secure authentication via OAuth 2.0 with session management - Access controls limiting data access to authorized personnel and systems - Regular security updates and vulnerability assessments Organizational Safeguards: - Confidentiality obligations for all personnel with access to personal information - Data minimization practices — we collect only what is necessary for the stated purposes - Regular review of data handling practices and security procedures Data Residency: - Platform data is stored on cloud infrastructure with servers located in Canada and the United States. We endeavour to keep Canadian user data within Canadian data centres where technically feasible. Data Retention: - Account information is retained for the duration of your active account and for a reasonable period thereafter to comply with legal obligations and resolve disputes. - Project data (reports, drawings, photographs, utility data) is retained for the duration of your subscription and for seven (7) years following account closure or project completion, consistent with professional engineering record-keeping requirements. - Payment records are retained as required by applicable tax and financial reporting laws. - Terms of Service acceptance records (version, timestamp, IP address) are retained indefinitely for legal compliance. - You may request earlier deletion of specific data, subject to our legal and professional obligations. Security Incidents: - In the event of a data breach affecting your personal information, we will notify you and the applicable privacy commissioner as required by PIPEDA's breach notification provisions (Division 1.1) within 72 hours of becoming aware of the breach.

Under PIPEDA and PIPA, you have the following rights regarding your personal information: Right of Access: You may request access to the personal information we hold about you. We will respond to your request within 30 days, as required by law. Right of Correction: You may request correction of any inaccurate or incomplete personal information. You can update most account information directly through the Platform's profile settings. Right to Withdraw Consent: You may withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. Withdrawal of consent may limit your ability to use certain Platform features. Right to Deletion: You may request deletion of your personal information, subject to our legal obligations to retain certain records (such as professional engineering documentation and financial records). Right to Complain: If you believe your privacy rights have been violated, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (www.priv.gc.ca) or the Office of the Information and Privacy Commissioner for British Columbia (www.oipc.bc.ca). Exercising Your Rights: To exercise any of these rights, please contact us using the information provided in Section 11 (Contact Information). We may require you to verify your identity before processing your request.

The Platform uses the following technologies: Essential Cookies: - Session cookies for authentication and maintaining your login state - Security cookies for CSRF protection These cookies are strictly necessary for the Platform to function and cannot be disabled. Analytics: - We may collect aggregate, de-identified usage data to understand how the Platform is used and to improve our services. This data does not identify individual users. What We Do NOT Use: - We do not use third-party advertising cookies or trackers - We do not use social media tracking pixels - We do not sell or share cookie data with advertisers - We do not engage in cross-site tracking or behavioural advertising

The Platform uses artificial intelligence (AI) to assist with certain features, including: - Report Draft Generation: AI generates draft text for report sections based on project data you have entered. All AI-generated content is clearly identified and requires your review and approval before inclusion in final reports. - Document Analysis: AI may analyze uploaded drawings and documents to extract relevant data points. Extracted data is presented for your verification. - Anomaly Detection: AI may flag unusual values or potential issues in infrastructure data for your review. - Alternative Scenario Generation: AI may generate alternative EV charging solutions based on project parameters. Important Disclosures: - AI-generated content is a tool to assist qualified professionals. You bear full professional responsibility for reviewing, verifying, and approving all content before it is included in signed and sealed reports. - Project data used for AI processing is transmitted to AI service providers under strict confidentiality agreements. Your data is not used to train AI models. - No fully automated decisions with legal or significant effects are made about you based solely on automated processing.

We comply with Canada's Anti-Spam Legislation (CASL) in all electronic communications: - We will only send you commercial electronic messages (CEMs) with your express or implied consent. - All CEMs will include our identity, contact information, and a clear unsubscribe mechanism. - Platform notifications related to your account, projects, and service delivery are considered transactional messages and are exempt from CASL consent requirements. - You may opt out of non-essential communications at any time through your account settings or by contacting us.

If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us: Ohmix Platform — Privacy Inquiries Email: [email protected] We will acknowledge receipt of your inquiry within five (5) business days and provide a substantive response within thirty (30) days, as required by PIPEDA. For complaints that cannot be resolved directly with us, you may contact: Office of the Privacy Commissioner of Canada Website: www.priv.gc.ca Toll-free: 1-800-282-1376 Office of the Information and Privacy Commissioner for British Columbia Website: www.oipc.bc.ca Phone: 250-387-5629

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes: - We will update the "Effective Date" at the top of this policy. - We will notify you via email or a prominent notice on the Platform. - If required by law, we will obtain your consent to the updated policy before continuing to process your personal information under the new terms. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Previous Versions: This is the first version of the Ohmix Platform Privacy Policy. No previous versions exist.