Hearthlane ← Back to Hearthlane

Privacy Policy

Effective date: May 23, 2026  ·  Hearthlane Care Inc., Ontario

Hearthlane Care Inc. is committed to protecting the privacy of our clients, caregivers, and website visitors. This policy explains what information we collect, why we collect it, and how we protect it — in plain language.

1. Who We Are

Hearthlane Care Inc. ("Hearthlane," "we," "us," or "our") is a registered Ontario business providing non-medical in-home companion care services. We are subject to Ontario's Personal Health Information Protection Act (PHIPA) and Canada's federal Personal Information Protection and Electronic Documents Act (PIPEDA).

Privacy inquiries can be directed to our Privacy Officer at hello@hearthlanehomes.com.

2. Information We Collect

We collect only what is necessary to provide and improve our services.

Category Examples Why we collect it
Identity Full name, date of birth, relationship to care recipient Account creation, scheduling, caregiver matching
Contact Address, phone number, email Visit coordination, billing, emergency contact
Care information Health considerations, mobility notes, dietary needs, personal preferences Safe and appropriate caregiver matching
Account data Google account (used for portal login via Firebase Authentication) Secure portal access
Usage data Portal activity, visit clock-in/out records, messages with coordinator Service delivery, payroll, visit records
Device & notification Browser push token (FCM), device type Sending you visit reminders and alerts (if you opt in)
Payment Billing records (we do not store raw card numbers) Invoicing and payment processing

We do not collect sensitive health information beyond what is needed to ensure safe care (e.g., fall risk, dietary restrictions). We never collect SIN, passport numbers, or financial account credentials.

3. How We Use Your Information

  • Scheduling and coordinating care visits
  • Communicating with you about your visits, schedule changes, and billing
  • Matching you with an appropriate caregiver
  • Sending push notifications about upcoming visits and messages (if you opt in)
  • Caregiver payroll and visit record-keeping
  • Improving our services and resolving disputes
  • Complying with legal obligations

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

4. Push Notifications & Firebase

If you allow notifications in your browser, Hearthlane uses Firebase Cloud Messaging (FCM), a service provided by Google LLC, to send visit reminders, coordinator messages, and care alerts to your device — even when your browser tab is closed.

To enable this, your browser generates a push notification token that is stored securely in our Firebase Firestore database. This token identifies your device for push delivery only and does not reveal your identity to Google.

You can revoke notification permission at any time in your browser settings (Settings → Notifications). Revoking permission stops all future pushes; your token will no longer be used.

Firebase services used by Hearthlane: Firebase Authentication, Cloud Firestore, Firebase Cloud Messaging. Firebase is operated by Google LLC under Google's privacy policy.

Push notifications sent by Hearthlane are limited to service-related communications: visit reminders, schedule changes, coordinator messages, and care alerts. By providing express consent through your portal, you authorize Hearthlane to send these electronic messages to your device. You may withdraw consent at any time by disabling notifications in your browser or contacting us.

4a. Cross-Border Data Transfers

Hearthlane uses Google Firebase, whose servers are operated by Google LLC, a United States company. As a result, your personal information — including personal health information collected under PHIPA — may be stored and processed on servers located in the United States or other jurisdictions outside Ontario and Canada.

Google LLC is certified under data processing frameworks and maintains contractual protections that provide equivalent protection to Canadian privacy law. By using Hearthlane's services, you consent to this transfer. If you have questions about cross-border data handling, contact our Privacy Officer at hello@hearthlanehomes.com.

5. Sharing Your Information

We share personal information only in the following limited circumstances:

  • Assigned caregiver: Your first name, address, and relevant care notes are shared with your matched caregiver to enable safe visit delivery.
  • Service providers: Google Firebase (database and authentication), email providers (for coordinator communications). These providers are bound by data processing agreements and may not use your data for their own purposes.
  • Legal requirements: We may disclose information if required by law, court order, or to protect the safety of a person.
  • Business transfer: In the event of a merger or acquisition, client data may transfer to the successor entity, subject to the same privacy commitments.

We do not share your information with advertisers or data brokers.

6. PHIPA Compliance

Care-related personal health information (such as mobility notes or dietary needs collected to support safe visits) is handled in accordance with Ontario's Personal Health Information Protection Act (PHIPA). This means:

  • We collect only the minimum health information necessary
  • Health information is accessible only to staff directly involved in your care
  • We do not use health information for any purpose other than delivering care
  • You have the right to request access to or correction of your health information

7. Data Retention

We retain your personal information for as long as your account is active and for a reasonable period afterward to comply with legal obligations (typically 7 years for billing and tax records under Ontario law). Care notes and visit records may be retained for up to 10 years.

You may request deletion of your account and personal data at any time (subject to legal retention requirements) by emailing hello@hearthlanehomes.com.

8. Your Rights

Under PIPEDA and PHIPA, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Withdrawal of consent: Withdraw consent for non-essential data uses at any time
  • Deletion (right to erasure): Request deletion of your personal data, subject to legal retention obligations (e.g. tax and billing records required by law)
  • Portability: Request a copy of your data in a readable format
  • Complaint: File a complaint with the Office of the Privacy Commissioner of Canada or the Information and Privacy Commissioner of Ontario

To exercise any of these rights, email hello@hearthlanehomes.com with the subject line "Privacy Request" and describe what you are requesting. We will acknowledge your request within 5 business days and respond fully within 30 days. If additional time is needed, we will notify you in writing.

Requests for deletion of personal health information are processed in compliance with PHIPA retention requirements. We cannot delete records we are legally required to retain (e.g., billing records, visit logs required for regulatory compliance), but we will delete all other personal data upon request.

8a. Data Breach Notification

In the event of a privacy breach that creates a real risk of significant harm to individuals, Hearthlane will:

  • Notify affected individuals as soon as reasonably possible
  • Notify the Information and Privacy Commissioner of Ontario (for PHIPA breaches) and/or the Office of the Privacy Commissioner of Canada (for PIPEDA breaches) as required by law
  • Take immediate steps to contain the breach and prevent further unauthorized access
  • Maintain a record of all privacy breaches as required under PIPEDA

If you believe your personal information has been compromised, contact our Privacy Officer immediately at hello@hearthlanehomes.com or (647) 655-2883.

9. Cookies & Website Analytics

The Hearthlane website uses minimal cookies necessary for session management and login functionality. We do not use third-party advertising cookies or cross-site tracking.

We may collect basic anonymous analytics (page views, referral source) to understand how visitors use our site. This data cannot be used to identify you personally.

10. Security

We take reasonable technical and organizational measures to protect your information, including:

  • All portal data stored in Google Firebase with encryption at rest and in transit
  • Portal access protected by Google Authentication (requires a verified Google account)
  • FCM push tokens stored with read access restricted to our Cloud Functions only
  • Staff access to client data limited on a need-to-know basis

No system is completely secure. In the unlikely event of a data breach affecting your rights, we will notify you and the applicable Privacy Commissioner as required by law.

11. Children's Privacy

Our services and portals are not directed at persons under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us personal information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active clients of material changes via email or portal notification. The effective date at the top of this page reflects the date of the last update. Continued use of our services after changes take effect constitutes acceptance.

13. Contact & Complaints

For any privacy questions or concerns, contact our Privacy Officer:

  • Email: hello@hearthlanehomes.com
  • Phone: (647) 655-2883
  • Hours: Monday–Sunday, 7am–9pm

If you are not satisfied with our response, you may contact:

  • Office of the Privacy Commissioner of Canada: priv.gc.ca · 1-800-282-1376
  • Information and Privacy Commissioner of Ontario: ipc.on.ca · 1-800-387-0073

© Hearthlane Care Inc. · Registered Ontario business · Home · Terms & Conditions