Privacy Policy

Snik Safe Inc.
PRIVACY POLICY

Last updated: September 11, 2025

1. Introduction & Scope

Snik Safe Inc. (“Snik”, “we”, “our”, or “us”) designs, manufactures, and supports Snik GPS bike security devices (the “Device(s)”), the mobile application “Snik: GPS Bike Security” (the “App”), and the website located at www.snik.bike (the “Site”). This Privacy Policy explains how we collect, use, disclose, and protect personal information across those three places (collectively, the “Services”).

This Policy applies only to individuals located in Canada and the United States. If you are located outside of Canada or the U.S., this Policy may not apply and different rules may govern your data. If Snik expands into other jurisdictions we will update this Policy to reflect those locations.

This Policy applies to all users of our Services — people who purchase, register, configure, or use a Device, create an account in the App or Site, or otherwise interact with Snik. If you are a business customer (for example, an OEM partner), additional or separate agreements may apply.

 

2. Key definitions

  • Personal Information: Any information that identifies or could reasonably be used to identify a person, alone or in combination with other data (for example name, email, location, device serial number tied to your account).
  • Device Data / Device Identifiers: Hardware identifiers and telemetry generated by a Device (for example device serial number, ICCID, firmware version, MAC/Bluetooth identifiers, IMEI, connectivity logs, battery data, sensor/accelerometer logs).
  • Account Data: Information you provide when creating an account (name, email, phone, billing/shipping address, purchase history).
  • Service Providers / Processors: Authorized third parties who perform services for Snik (hosting, analytics, payment processing, shipping, SMS/email delivery).

 

3. Information We Collect — detailed

We collect a combination of information you provide, information from the Device, information collected automatically by the App/Site, and information from third parties.

A. Information you provide directly

  • Account registration: name, email, phone number, postal/shipping address, chosen username and password.
  • Purchase & billing data: billing card token or payment confirmation (we typically receive tokenized references from payment processors and do not store raw card numbers on our servers).
  • Customer support and communications: messages, diagnostic screenshots, call notes, troubleshooting logs or any content you send to our support channels.
  • Consent-based data: contact list access (only if you opt-in to connect with other users), photographs or other content you upload to the App, and other data you explicitly submit or authorize us to access.

B. Device & hardware data (examples)

When you use a Snik Device we may collect device-related information such as: device serial number; hardware model; firmware version; unique device identifiers; ICCID (SIM identifier) and mobile network operator metadata; IMEI; connectivity logs (cell/LPWAN network IDs, connection timestamps); Bluetooth-generated identifiers; Wi‑Fi SSID and RSSI (if used for diagnostics); battery level and health; sensor logs (accelerometer, motion, speed) used for theft-detection features; device diagnostics and error codes; and timestamps/metadata for events.

Why we collect this: Device identifiers and telemetry allow us to pair Devices with user accounts, deliver firmware updates, diagnose issues, and support anti-theft features.

C. Location & tracking data

With your explicit permission we collect precise location data from Devices and the App (for example GPS coordinates and timestamps used to show a Device’s last-known location or to support live-tracking during recovery). Location is collected only with your consent through app permissions and device settings and is used for security, anti-theft features, lost/stolen recovery, and to provide the Services you expect.

You can revoke location permissions in your mobile OS settings at any time. If you disable location for the App, some features (such as live tracking and last-known location) will not function.

D. Usage, analytics & cookies

We collect App and Site usage analytics (pages visited, features used, crash logs, session durations, feature toggles). We use cookies and similar technologies (local storage, pixels) on the Site for authentication, performance, analytics, fraud prevention, and (with your consent where required) marketing.

E. Third-party & derived data

We may obtain information from third parties (for example payment processors, anti‑fraud services, shipping carriers, or public data sources) and combine that with our data to operate and secure the Services.

 

4. How we use the information

We use collected information for the following purposes (examples): - To provide, operate, maintain, and improve Devices, App, and Site functionality (pairing Devices, OTA updates, firmware integrity checks, live tracking, notifications). - To process purchases, fulfill orders, and send shipping updates and receipts. - To diagnose and fix device problems, perform quality assurance, and analyze Device performance. - To detect, prevent, and investigate fraud, theft, misuse, or security incidents; to create risk or alert flags and trigger escalation routines where appropriate. - To communicate with you about your account, product updates, security notices, or support requests. - To send marketing communications where you have consented to receive them; you can unsubscribe at any time. - To comply with legal obligations and respond to lawful requests from government, regulators, or law enforcement authorities located in Canada or the U.S.

Lawful basis (operational note): For Canadian users we rely on contractual necessity, consent where required (for example location tracking and marketing opt-in), and our legitimate interests (product improvement, fraud detection). For U.S. users, processing is typically necessary to perform the contract with you, to comply with legal obligations, or based on your consent for optional features.

 

5. Device-specific processing notes (hardware + firmware)

  • Pairing & provisioning: When you activate a Device it will transmit its hardware identifiers (serial number, firmware version, ICCID) to Snik so we can associate it with your account and configure settings.
  • Over-the-air (OTA) updates: Firmware updates are signed and delivered to Devices to address security issues and add features. OTA update logs and firmware version history are kept for troubleshooting and auditability.
  • Telemetry & theft detection: To detect suspicious movement we process motion/accelerometer data and (with consent) location data. We may create temporary risk/alert flags to trigger notifications or escalation routines (for example, temporarily increasing location sampling during recovery events).
  • SIM information & connectivity: If the Device uses a SIM, we may collect ICCID and operator metadata to diagnose connectivity issues and manage SIM provisioning.

 

6. Sharing & disclosures

We do not sell personal information. We may share personal information in the following limited circumstances: - Service providers: With third-party processors who act on our behalf (payment processors, cloud hosting providers, analytics providers, shipping vendors, SMS/email vendors). We contractually require these providers to protect personal information and use it only for the purposes we authorize. - Business transfers: In the event of a merger, acquisition, sale, financing, or restructuring, personal information may be transferred as part of the transaction; we will require the transferee to honor the commitments in this Policy. - Legal & safety: To comply with laws and legal processes in Canada or the U.S., to respond to subpoenas or court orders, or to protect the rights, property, or safety of Snik, our users, or others. - Emergency situations: To assist in emergencies (for example, to help recover a stolen bicycle or protect life/safety) where disclosure is necessary. - Aggregated/De‑identified data: We may share aggregated or de-identified data that cannot reasonably be traced to an individual.

 

7. Your privacy rights (overview for Canada & the U.S.)

Depending on where you live, you may have certain rights with respect to your Personal Information. Below are high-level summaries for users in Canada and the U.S.:

Canada

Canadian users are protected under federal and provincial privacy laws (for example PIPEDA and provincial statutes where applicable). These laws generally provide rights to access, correct, and request deletion of personal information held by an organization, as well as rights related to consent and cross‑border transfers.

United States

The U.S. does not have a single federal privacy law covering consumer data. Some states (notably California) provide specific consumer privacy rights. For example, California residents have rights under the CCPA/CPRA to request access to categories of personal information collected, request deletion, and opt-out of certain disclosures. Snik does not sell personal information.

General rights (where available): - Access the personal information we hold about you and obtain a copy of it. - Correct or update inaccurate or incomplete information. - Request deletion of your personal information (subject to legal or operational retention requirements, e.g., tax records). - Object to or restrict certain processing (for example marketing or profiling where lawful basis permits). - Withdraw consent where consent was the lawful basis for processing (for example location services or marketing communications). - Obtain a machine-readable copy of personal information you provided (data portability) where technically feasible.

Rights and available remedies vary by jurisdiction. Snik will evaluate requests in accordance with applicable law.

 

8. How to exercise your rights

To exercise any privacy rights, email our privacy team at privacy@snik.bike with a clear subject line (for example: “Privacy data access request”). For security, we may need to verify your identity before fulfilling requests. We aim to respond within applicable timeframes required by law; if we need more time we will explain why.

If you are not satisfied with our response you may file a complaint with your relevant supervisory authority (for Canadian users, for example the Office of the Privacy Commissioner of Canada or provincial authorities; for U.S. users, state attorneys general or consumer protection agencies, as applicable).

 

9. Data retention — categories and typical retention periods

We retain personal information only as long as necessary for the purposes listed in this Policy and to comply with legal obligations. Typical retention periods (examples): - Account information (profile, email, basic account settings): retained for the life of the account plus up to 90 days for backups and administrative purposes after account deletion. - Purchase, billing, and tax records: retained for a minimum of six (6) years to meet tax, accounting, and warranty obligations for Canadian operations and common business practices in the U.S. - Location & trip history: default retention for active users: up to 24 months; a common operational default is 12–24 months—shorter retention can be configured or provided by request. - Device telemetry, diagnostics, and logs: typically retained for 12–24 months for troubleshooting and product improvement, unless required longer for investigation or legal purposes. - Support tickets & communications: retained for 2–6 years depending on nature and legal relevance. - Anonymized/aggregated data: may be kept indefinitely for analytics and product improvement.

These retention periods are examples only; actual retention may vary by jurisdiction, legal requirement, or operational necessity. If you request deletion we will take steps to delete your personal data subject to legal and operational constraints (for example, copies retained in backups for a limited period).

 

10. Cookies & tracking technologies

We use cookies and similar technologies on the Site to: - Authenticate users and maintain sessions. - Remember preferences and settings. - Measure and improve site and app performance (analytics). - With consent, deliver personalized marketing.

You can control cookies through your browser settings; blocking cookies may reduce usability of the Site. Where required by law, we will obtain consent before placing non-essential cookies.

 

11. Cross-border transfers and processing locations

Although we primarily serve users in Canada and the U.S., we use global service providers and cloud infrastructure that may process or store data in other countries. When personal information is transferred across borders we use appropriate legal and technical safeguards (for example contractual protections and security measures) to protect the data to a standard comparable to that in your jurisdiction.

 

12. Security measures

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, or disclosure. Examples of measures we use include: - Encryption in transit (TLS) for data sent between Devices, Apps, and our servers. - Encryption at rest and access controls for sensitive data stored in our systems where feasible. - Firmware signing and integrity checks for OTA updates. - Role-based access control and logging for internal access to production systems. - Regular security testing, vulnerability scanning, and incident response readiness.

While we strive to protect your data, no system can be 100% secure. If we become aware of a security breach involving personal information that creates a real risk of significant harm, we will follow applicable breach notification laws in Canada or the U.S. and notify affected individuals and authorities as required.

 

13. Law enforcement & legal requests

We may disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements in Canada or the U.S. If legally permitted, we will try to notify you before we share your information so you have an opportunity to seek protection, unless prohibited by law.

 

14. Firmware updates, remote access & device control

To support and secure Devices, Snik may perform remote actions such as pushing firmware updates or sending commands to Devices to enable/disable features, enforce safety measures, or facilitate theft recovery. We log such actions and provide records where appropriate.

 

15. Important regional notices

  • Canada: Canadian users are protected under federal and provincial privacy laws (for example PIPEDA where applicable). We maintain breach‑response processes and will notify affected individuals and authorities in accordance with applicable Canadian law.
  • United States: U.S. users may have state-specific privacy rights. California residents, for example, have certain rights under the CCPA/CPRA (right to know categories of personal information collected, right to access, deletion, and the right to opt-out of certain disclosures). Snik does not sell personal information.

If you are in a jurisdiction with additional privacy protections, please contact us for more details about how those protections may apply.

 

16. Children’s privacy

Our Services are not intended for children under the age required by applicable law (typically 13). We do not knowingly collect personal information from children under that age without parental consent. If you believe we have collected data from a child in violation of this Policy, please contact us so we can delete the data.

 

17. Contact information & disputes

If you have questions about this Policy, would like to exercise your rights, or want to request deletion of data, contact us at:

Snik Safe Inc.
Email: privacy@snik.bike
Mail: 201 19 Street East, North Vancouver, BC, Canada V7L 2Z1

If you remain unsatisfied you can complain to the relevant supervisory authority in your jurisdiction (for example the Office of the Information and Privacy Commissioner for British Columbia in Canada or state consumer protection agencies in the U.S.).

 

18. Changes to this Policy

We may update this Policy from time to time. For material changes we will post a prominent notice on the Site and update the “Last updated” date above. Your continued use of the Services after a change means you accept the updated Policy.