Privacy Policy

Single Origin Co. Inc. ("Single Origin Co.," "we," "us," or "our") operates the website singleoriginco.life and maintains an editorial brew-lab at 883 Queen Street West, Unit 204, Toronto, Ontario M6J 1G3, Canada. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Ontario privacy legislation.

1. Accountability

Single Origin Co. Inc. is responsible for personal information under our control. We have designated a privacy contact who oversees compliance with this policy and responds to access requests. You may reach our privacy office at [email protected] or by mail at the address above. Our Business Number is BN 841234567ON0001.

We train staff and contractors who handle personal information on confidentiality obligations and limit access to those who require data to perform their duties. Third-party service providers that process data on our behalf — including email relay, web hosting, and analytics infrastructure — are bound by written agreements requiring comparable protection standards consistent with PIPEDA fair information principles.

Our privacy contact maintains an internal register of processing activities related to contact form submissions, editorial collaboration records, cookie consent logs, and contracted service deliverables. This register is reviewed annually and updated when we introduce new tools or change data flows.

2. Identifying purposes

We collect personal information only for purposes that a reasonable person would consider appropriate in the circumstances. Primary purposes include:

• Responding to contact form submissions, method review enquiries, brew ratio questions, editorial collaboration proposals, and general inquiries;
• Scheduling studio visits, brew-lab demonstrations, and editorial collaboration sessions at our Queen West location;
• Delivering contracted services such as method review commissions, training sheet packages, ratio consulting, and sensory documentation;
• Processing cookie consent preferences and maintaining site functionality;
• Measuring aggregated website traffic when analytics cookies are accepted;
• Complying with legal obligations, including tax, corporate record-keeping, and regulatory requirements applicable to Ontario corporations;
• Protecting against fraud, abuse, spam submissions, and security incidents affecting our systems or users.

We will identify the purpose of collection at or before the time information is collected. If we intend to use your information for a new purpose not previously identified, we will obtain your consent unless the new purpose is permitted or required by law.

3. Consent

Your knowledge and consent are required for the collection, use, or disclosure of personal information, except where inappropriate or where the law permits or requires otherwise. When you submit our contact form, you must check the PIPEDA consent box confirming that you have read this Privacy Policy and agree to our collection and processing of the data you provide. The consent checkbox is not pre-selected — you must actively opt in before submission.

Consent may be express or implied depending on the sensitivity of the information and your reasonable expectations. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may limit our ability to provide services you have requested. To withdraw consent, contact [email protected] with the subject line "Privacy — consent withdrawal."

4. Limiting collection

We limit collection of personal information to what is necessary for the identified purposes. Contact form fields include name, email address, subject selection, and message content — all required to respond meaningfully to your enquiry. We do not collect government-issued identification numbers, financial account details, payment card data, or health information through the public website contact form.

Our contact form includes a honeypot field named "website" hidden from human users to deter automated spam submissions. Bots that populate this field are silently redirected without processing personal data or sending email notifications.

5. Limiting use, disclosure, and retention

We do not use or disclose personal information for purposes other than those for which it was collected, except with your consent or as required by law. Internal access is restricted to editorial and administrative personnel who need the information to fulfil your request or maintain business records.

We may disclose personal information to:

• Email and hosting infrastructure providers operating under confidentiality agreements (including message relay to our editorial inbox);
• Professional advisors (legal, accounting) when necessary for compliance or dispute resolution;
• Law enforcement or regulatory bodies when compelled by valid legal process;
• Roaster or training partners involved in editorial collaboration, but only with your explicit approval for each disclosure.

We do not sell personal information. We do not share contact details with unrelated third parties for their marketing purposes. Contact form messages are transmitted via send.php to our editorial team mailbox for response processing.

Contact form submissions and related correspondence are retained for up to seven years to support service continuity, dispute resolution, and legal compliance, after which records are securely deleted or anonymised. Cookie consent records are retained for the duration of the consent period (six months) plus an additional six months for audit purposes.

6. Accuracy

We endeavour to keep personal information as accurate, complete, and up-to-date as necessary for the identified purposes. If you believe information we hold about you is inaccurate or incomplete, please contact us and we will amend the record promptly where appropriate.

7. Safeguards

We protect personal information with security safeguards appropriate to the sensitivity of the data. Measures include access controls on studio systems, encrypted transport (HTTPS) for website communications, password-protected email accounts, and physical security at our Queen Street West office.

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of any credentials associated with services we provide directly to you.

8. Openness

We make information about our privacy policies and practices readily available on singleoriginco.life. This policy is linked from our contact form, cookie banner, and site footer. Questions about our privacy practices may be directed to [email protected] or +1 (416) 555-5273 during studio hours (Mon–Fri 09:00–17:00 ET).

9. Individual access

Upon written request, we will inform you of the existence, use, and disclosure of your personal information and provide access to that information, subject to limited exceptions permitted by law (for example, where disclosure would reveal confidential commercial information or affect another individual's privacy).

We will respond to access requests within thirty days unless an extension is permitted. If we deny access, we will explain the reason and outline available complaint options. You may challenge the accuracy of information we hold and have it amended as appropriate.

10. Challenging compliance

You may challenge our compliance with these privacy principles by contacting our privacy office. We will investigate all complaints and respond with our findings and proposed remediation. If you remain unsatisfied, you may contact the Office of the Privacy Commissioner of Canada or the Information and Privacy Commissioner of Ontario, as applicable.

11. Website analytics and cookies

When you accept analytics cookies through our consent banner, we may collect aggregated usage data such as pages visited, session duration, referral source, and device type. This information does not directly identify you unless combined with other data. See our Cookie Policy for detailed descriptions of each cookie category, the six-month storage period for consent preferences, and instructions for managing preferences including Accept all, Reject all, and Customise options.

Essential cookies required for site security and consent storage may operate regardless of analytics preferences, as they are necessary to provide the service you request.

12. International transfers

Our primary systems are located in Canada. If we transfer personal information to service providers outside Canada, we assess the recipient's privacy framework and implement contractual protections consistent with PIPEDA requirements. By submitting information through our website, you acknowledge that limited processing may occur in jurisdictions where providers maintain infrastructure.

13. Children's privacy

Our services are directed to coffee industry professionals and enthusiasts and are not intended for individuals under sixteen years of age. We do not knowingly collect personal information from children. If you believe a child has submitted data through our contact form, please notify us and we will delete the information promptly.

14. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. The effective date at the top of this page indicates the current version. Material changes will be noted on singleoriginco.life. Continued use of the website after an update constitutes acceptance of the revised policy for non-sensitive processing where consent is not otherwise required.

Previous versions are archived internally at our Toronto studio. You may request a summary of material changes made since your last enquiry by emailing [email protected] with the subject line "Privacy — policy history."

15. Data breach notification

In the unlikely event of a security incident that creates a real risk of significant harm to individuals, we will notify affected persons and relevant authorities as required by PIPEDA and Ontario law. Notifications will describe the nature of the incident, categories of information involved, steps we have taken to mitigate harm, and contact information for further questions. We maintain an internal incident response checklist at our Queen West studio and review it annually.

If you suspect unauthorised access to information you submitted through singleoriginco.life, contact [email protected] immediately with the subject line "Privacy — security concern" so we can investigate and take remedial action.

16. Contact information

Single Origin Co. Inc.
883 Queen Street West, Unit 204
Toronto, ON M6J 1G3, Canada
Email: [email protected]
Phone: +1 (416) 555-5273
BN: 841234567ON0001

© 2026 Single Origin Co. Inc. All rights reserved.