HBX CONTROL SYSTEMS INC.

PRIVACY POLICY

Last updated: February 2026

Technical Support: +1 (855) 410-2341

1) Overview

HBX Control Systems Inc. (“HBX”, “we”, “us”, or “our”) is committed to protecting privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information for individuals who:

  • visit our websites at https://hbxcontrols.com and https://sensorlinx.co (the “Site”),
  • use our Web-as-a-Service (WaaS) offerings (including hosted web portals, web applications, and APIs),
  • use our software-as-a-service (SaaS) solutions, and/or
  • use the ThermoLinx or SensorLinx mobile applications (collectively, the “Services”).

“Personal information” means information about an identifiable individual. It does not include anonymized/de-identified data that cannot reasonably be associated with an individual, nor business contact information used solely to communicate in relation to employment or a profession, as generally defined by Canadian privacy laws.

By accessing the Site or using the Services, you acknowledge and agree to the practices described in this Privacy Policy.

2) Scope & Roles

This Privacy Policy applies to personal information we handle in connection with the Site and Services. Depending on context, HBX may act as:

  • a controller (or “organization”) for personal information we collect directly from you, and/or
  • a service provider/processor to our business customers (e.g., property/facility managers) when we process personal information on their instructions. In those cases, our customer’s privacy policy may govern and we process data per our agreement with them.

3) Updates to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date indicates the effective version. Changes take effect upon posting to the Site unless stated otherwise. We may also notify you through the Services or by other means. Your continued use after an update constitutes consent to the revised policy.

4) Consent

We collect, use, and disclose personal information with your consent or as permitted/required by law. Consent may be express (e.g., checkbox, signature) or implied (e.g., when the purpose is obvious and you voluntarily provide information). You may withdraw consent at any time (see Contact Us), subject to legal or contractual restrictions. If you withdraw consent, some Services or features may not be available.

You may opt out of non-essential marketing communications (email or push). Service-related messages (e.g., security alerts, account notices) are not subject to opt-out.

5) Information We Collect

A) Information You Provide

  • Account & Profile: name, company, business role, email, phone, service address (if required), and login credentials (username and hashed password).
  • Business/Operational Use: information you enter to use certain features (e.g., tenant/occupant contact details for billing/notifications you request).
  • Support & Communications: information you provide when you contact support, submit forms, respond to surveys, or otherwise interact with us.

B) Information Collected Automatically (Web, Mobile, and APIs)

  • Device & Usage Data: device type/ID, browser/OS, language and regional settings, IP address, timestamps, pages/screens viewed, features used, links clicked, and similar telemetry used to operate, secure, and improve the Services.
  • WaaS/Hosting Logs: standard web server and API logs (e.g., request URLs, HTTP headers, referrer, user agent, response codes), firewall/WAF and CDN logs, authentication/audit logs (e.g., successful/failed sign-ins, API token usage).
  • Location Data: imprecise location (e.g., from IP). With your device permissions, we may collect precise location for specific features, which you can control in device settings.
  • Cookies & Similar Technologies: we use cookies, pixels, local storage, and SDKs for functionality, security, analytics, and to remember preferences. Where required, we obtain opt-in for non-essential cookies. You can manage cookies in your browser; some features may not work without them.

C) On-Premises Control Systems & Operational Data

HBX operates on-premises servers and control systems that connect to and transmit operational data to HBX databases to deliver and support the Services. This may include:

  • device identifiers and firmware versions,
  • equipment status, diagnostic/error codes,
  • system performance metrics,
  • sensor readings necessary for control functionality,
  • event and service logs for diagnostics, uptime, and safety.

We use this operational data solely to deliver, maintain, secure, and improve our control systems and Services. We do not use such data for advertising or marketing, and it is not associated to identify an individual unless linked to an HBX account for service purposes.

D) Payments

Payments are processed by third-party processors (currently Stripe). We do not store full payment card numbers. Your payment data is provided directly to the processor and handled under their policies.

E) Data Minimization

We collect only the minimum personal information required to provide and support the Services. We do not collect sensitive identifiers (e.g., government IDs, biometrics, or full financial account numbers) unless legally required and only with your consent.

6) How We Use Personal Information

  • Provide and operate the Services (WaaS, SaaS, mobile apps), including account creation, authentication, role-based access, and feature enablement.
  • Run our on-premises control environment and transmit device/operational data to our databases for reliability, performance, diagnostics, and safety.
  • Facilitate payments and billing through our payment processor.
  • Communicate with you about the Services (e.g., updates, changes, security alerts, and administrative messages).
  • Provide support, respond to inquiries, and resolve issues.
  • Maintain security and prevent fraud, abuse, and unauthorized access (e.g., monitoring, logging, and access controls).
  • Analyze and improve the Site and Services (including via analytics) and develop new features and offerings.
  • Comply with laws, enforce our agreements and terms, and protect HBX, users, and the public.
  • Other purposes disclosed at collection or with your consent.

We do not sell personal information and do not share personal information or operational device data with third parties for advertising or marketing purposes.

7) Disclosure of Personal Information

  • Service providers/vendors (e.g., hosting/CDN, security, analytics, payment processing, communications, customer support). They may access personal information only to perform services for us and are contractually required to protect it.
  • Relevant parties as needed to complete transactions or deliver features you request (e.g., between a tenant/occupant and a property/facility manager using the Services).
  • Legal and safety reasons: to comply with law or legal processes; respond to lawful requests by public authorities; protect the rights, property, or safety of HBX, users, and the public; and enforce our agreements and terms.
  • Business transactions: in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate protections and as permitted by law.

We may share aggregated or de-identified data that does not identify an individual. Where service providers are outside Canada, personal information may be subject to the laws of those jurisdictions (see International Transfers).

8) International Transfers

Your personal information may be stored or processed in Canada and other countries where we or our service providers operate (including the United States, e.g., for payment processing and web/CDN infrastructure). While outside your home jurisdiction, it may be accessible to courts, law enforcement, and national authorities in accordance with applicable law. We take steps designed to help ensure transfers comply with applicable data protection requirements.

9) Your Rights & Choices

  • Access the personal information we hold about you;
  • Correct incomplete or inaccurate personal information;
  • Withdraw consent where consent is the legal basis;
  • Opt out of non-essential marketing communications;
  • Manage cookies in your browser/device (non-essential cookies);
  • Request deletion or anonymization, subject to our legal obligations and retention requirements.

We may ask you to verify your identity before fulfilling a request. If your information was provided by an HBX business customer (e.g., your property manager), we may refer your request to that customer where appropriate.

10) Children’s Privacy

We do not knowingly collect personal information from children under 18. If we become aware we have collected such information, we will delete it. If you believe a child under 18 has provided personal information to us, please contact us (see Contact Us).

11) Retention

We retain personal information only as long as necessary for the purposes described in this policy, to meet legal/accounting/reporting obligations, to resolve disputes, and to enforce our agreements. This includes limited retention of WaaS hosting logs, security logs, and audit logs for operational integrity and security. When no longer required, we delete or de-identify information unless a longer retention period is required or permitted by law.

12) Security

We employ physical, organizational, and technical safeguards designed to protect personal information and operational data against loss, theft, and unauthorized access, disclosure, alteration, or misuse. Measures include least-privilege access controls, authentication and authorization, network protections (including for on-premises servers), monitoring and logging, and encryption in transit (TLS) and, where appropriate, at rest. Our on-premises servers are housed in controlled facilities with restricted access. No method of transmission or storage is completely secure. If you believe your interaction with us is no longer secure, please contact us immediately.

13) Cookies, Analytics & “Do Not Track”

We use cookies and similar technologies to:

  • keep you signed in and remember preferences,
  • maintain security and detect abuse,
  • understand usage and improve performance,
  • support analytics to enhance the Services.

Where required, we seek your consent for non-essential cookies. You can manage cookies through your browser or device settings; disabling certain cookies may affect functionality. Do Not Track: we currently do not respond to browser “Do Not Track” signals.

14) Aggregated & De-Identified Data

We may create and use aggregated and/or de-identified data for purposes such as improving the Services (including WaaS), developing new features, benchmarking, and analytics. We take reasonable steps to ensure such data cannot reasonably be used to identify an individual and do not attempt to re-identify it except as permitted by law.

15) Third-Party Links & Integrations

The Site or Services may contain links to third-party sites/services or integrations (e.g., payment processors, mapping, communications). We are not responsible for the privacy practices of third parties. Please review their privacy policies before engaging.

16) Legal Basis & Jurisdictional Notes

We collect, use, and disclose personal information with your consent and as otherwise permitted or required by applicable laws. This Privacy Policy is intended to align with Canadian privacy laws, including the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws. If we offer Services in other jurisdictions, additional rights may apply; where relevant, we provide jurisdiction-specific notices or contractual addenda.

Contact Us

If you have any queries about the disclosure of your personal information or if you otherwise have any questions or suggestions regarding our Privacy Policy or wish to make a complaint, you may contact HBX by email at legal@hbxcontrols.com or by certified mail at 4516 112 Avenue South East, Calgary, Alberta, Canada T2C 2K2.