Privacy

Sound Sentinel Corporation (“we,” “our” or “SSC”) is a privately‑owned manufacturer of Arms Recovery Unit Device (ARUD) and MI‑5 secure monitoring devices used for surveillance and protective services. Our head office is located on in Waterloo, Ontario, Canada. These devices transmit audio, video and sensor information over networks to authorized subscribers. This privacy profile explains the types of information SSC collects through its website and products, how that information is used and disclosed, and what rights and choices individuals have.

1  Legal and regulatory framework

SSC operates from Canada, so its privacy practices comply with federal and provincial privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial statutes (e.g., Alberta and British Columbia privacy acts)alarm.com. PIPEDA’s ten fair‑information principles require organisations to be accountable, identify the purposes for collecting personal information, obtain consent, limit the collection and use of information to those purposes, keep information accurate, implement security safeguards, be open about practices, provide individuals with access to their information and allow them to challenge compliancesecuritycompass.com. Business data collection must be for purposes a reasonable person would consider appropriatehipaajournal.com.

1.1  IoT and smart‑device guidance

The Office of the Privacy Commissioner (OPC) has published guidance for manufacturers of Internet‑of‑Things (IoT) devices. It stresses that data collected by IoT devices (including metadata) may be personal and therefore subject to PIPEDA and that manufacturers must review the existing legal frameworkblg.com. The guidance highlights several obligations:

  • Privacy accountability – manufacturers should create a privacy‑management program and perform a privacy impact assessment to monitor personal‑data handling and report breachesblg.com.

  • Identifying purpose and limiting use – identify why information is collected and restrict use and disclosure to that purpose. Consent must be meaningful; individuals must understand what they are agreeing toblg.com. When children’s information is collected, parental or guardian consent is requiredblg.com.

  • Access, accuracy and safeguards – individuals have a right to access their information and have it corrected, and manufacturers should provide a user‑friendly way to permanently delete datablg.com. Data must be safeguarded, and IoT devices should support firmware updates and encryptionblg.com.

2  Personal information collected

2.1  Information provided by you

SSC collects personal information that you voluntarily provide when you request information about ARUD or MI‑5 devices, place an order or sign up for a demonstration. The types of data may include:

  • Contact details – name, company name, job title, postal address, email address and phone number.

  • Account and transaction data – purchase history and order details, payment information such as credit‑card data and tax identification numbers

  • Communication records – emails, calls, chat transcripts or other communications, which we may keep for quality and legal purposes

  • Professional or demographic data – professional associations, nationality, gender, age and other details you choose to provide

  • Video or audio data – if you use our secure‑monitoring devices, we (or authorized service providers) may process and store video/audio recordings from door‑bells, cameras, sensors or two‑way voice devices. We also process sensor metadata (e.g., device configuration, sensor names, temperature readings) to provide and personalize services.

2.2  Information collected automatically

Like many companies, SSC automatically collects device and usage information when you use our website or products:

  • Device and browser information – type of device, operating system, device identifier, internet service provider and IP address. We also collect general location information, domain name, pages visited, the date/time stamp and clickstream data

  • Website interactions – how you interact with our site or apps, such as referring websites, features used, pages visited, keystrokes and mouse clicks and preferences (e.g., communication methods and device types of interest)

  • Cookies and similar technologies – we use cookies and analytics tools to remember user preferences, analyse website traffic and improve services. You can manage cookie preferences via your browser settings.

2.3  Information from third parties

SSC may obtain or supplement personal information from:

  • Service partners – authorized service providers (dealers) who sell or install our monitoring devices provide us with customer account information, emergency contact details and device‑usage data. They remain responsible for the personal information they collect.

  • Business partners and advertisers – we may collect or supplement information from ad networks, suppliers, public databases and social‑media platforms to confirm contact or financial information or to better understand customer interests

3  Purposes and legal basis for processing

We collect and use personal information only for purposes that a reasonable person would consider appropriate in the circumstances. These purposes include:

  1. Providing products and services – to process orders, deliver and install ARUD and MI‑5 devices and provide customer support. We may use your data to configure devices, monitor performance and send notifications (e.g., alarm alerts or software updates). For location‑based features such as geofenced arming reminders and thermostat adjustments, we collect device location with your opt‑in consent.

  2. Communications and account management – to respond to inquiries, send service‑related notices, verify your identity and manage accounts.

  3. Safety and compliance – to detect, investigate and prevent security incidents, protect device integrity and comply with legal obligations (e.g., incident reporting). OPC guidance recommends encryption and the ability to update firmware to maintain device security.

  4. Marketing and analytics – to provide information about new products or security updates, evaluate how users interact with our website or devices, and improve our offerings. You may opt out of marketing emails at any time.

We will identify the specific purposes for collecting personal information at or before the time of collection and will not use or disclose it for other purposes without consent.

 

4  Consent and choice

PIPEDA requires organisations to obtain an individual’s knowledge and consent for the collection, use or disclosure of personal information. SSC obtains consent in several ways:

  • Express consent – you explicitly agree (e.g., by ticking a box or signing a contract) when you register an account, purchase a device or activate location‑based features.

  • Implied consent – your consent may be implied when you voluntarily provide information to obtain a service (for example, providing an email address to receive product updates). In cases where sensitive personal information (such as video recordings) is involved, we seek explicit consent and provide clear explanations of how data will be used.

  • Withdrawal of consent – you can withdraw your consent at any time by contacting us. Withdrawal may affect our ability to provide certain services (e.g., remote monitoring or notifications).

5  Information use, disclosure and cross‑border transfers

5.1  Use and disclosure within Canada

Personal information is used only for the purposes described above and may be accessed by SSC employees or contractors with a need to know. Data may be shared with:

  • Authorized service providers who sell, install and support our devices. privacy policy notes that personal information of Canadian customers is processed on behalf of authorized service providers and they remain responsible for compliance with privacy laws. Similarly, SSC ensures its dealers adhere to this privacy profile.

  • Emergency monitoring centres and response agencies for alarm verification.

  • Third‑party vendors who perform functions on our behalf (e.g., payment processors, cloud hosting, analytics). Contracts restrict them from using personal information for any purpose other than delivering contracted services.

  • Regulatory authorities as required by law. If we receive a lawful request, we disclose only what is necessary and notify you unless prohibited.

5.2  Cross‑border transfers

PIPEDA allows organisations to transfer personal information outside Canada, provided they use contractual or other safeguards to ensure a comparable level of protection. SSC may store or process data on servers located in the United States or other jurisdictions. When transferring data abroad, SSC:

  1. Identifies the legitimate purpose of the transfer and explains it in this privacy profile.

  2. Performs due diligence on the data recipient to ensure appropriate policies, training and security measures.

  3. Executes contractual agreements requiring third parties to safeguard personal information and to allow SSC to audit compliance.

  4. Assesses the adequacy of the destination country’s privacy laws and implements supplemental measures if necessary.

  5. Uses technical security measures such as encryption and secure transmission protocols.

  6. Transfers only the minimum amount of data needed to fulfil the purpose and ensures deletion when no longer required.

SSC remains accountable for personal information transferred to third‑party processors abroad.

6  Data retention and deletion

SSC retains personal information only as long as necessary for the purposes identified or as required by law, consistent with PIPEDA’s limitation principle. We maintain retention schedules for different types of data:

  • Customer account data – retained for the duration of your relationship plus a reasonable period for accounting and legal purposes.

  • Video/audio recordings – retained according to device configuration and subscription plan. We provide a user‑friendly method to permanently delete recordings, as recommended by the OPC guidance.

  • Logs and analytics data – aggregated or anonymized where possible; personal identifiers are deleted as soon as practical.

When data is no longer required, it is securely erased or anonymized to prevent identification.

 

 

7  Safeguards and security measures

SSC protects personal information using a combination of administrative, technical and physical safeguards, aligned with PIPEDA’s security principle. Measures include:

  • Encryption of data at rest and in transit, particularly for video/audio recordings and location data.

  • Access controls ensuring only authorized personnel can view sensitive data. Dealers and contractors are required to follow strict confidentiality obligations.

  • Secure development and patch management – our devices support firmware updates to address vulnerabilities.

  • Intrusion detection and auditing – we monitor systems for unauthorized access and maintain logs to investigate incidents.

  • Mandatory breach reporting – PIPEDA requires businesses to inform the Office of the Privacy Commissioner and affected individuals of any breach posing a real risk of significant harm.

8  Individual rights

Under PIPEDA, individuals have several rights. SSC respects these rights and provides mechanisms to exercise them:

  1. Right to know why and how personal information is collected – our privacy profile explains the purposes and legal basis for data collection.

  2. Right to access – you may request a copy of your personal information or recordings. Access requests will be answered within statutory timeframes.

  3. Right to correct – you can request corrections to inaccurate or incomplete information.

  4. Right to withdraw consent – you may withdraw consent for optional data uses (e.g., marketing or location‑based features) at any time.

  5. Right to challenge compliance – individuals may file a complaint if they believe SSC is not complying with privacy laws. SSC will investigate and respond, and individuals may also file a complaint with the Office of the Privacy Commissioner of Canada.

9  Children’s privacy

SSC’s products are intended for professional surveillance and not marketed to children. If personal information of a minor is collected (e.g., through educational products), the OPC guidance requires parental or guardian consent. We will take steps to delete any personal information inadvertently collected from children without consent.

10  Cookies and automated tracking technologies

Our website uses cookies, web beacons and similar technologies to collect device information and usage data. Cookies help us remember user preferences and analyse site traffic. You can adjust your browser settings to refuse cookies or to alert you when cookies are being sent. Some features may not function properly without cookies.

11  Changes to this privacy profile

We may update this privacy profile to reflect changes in our practices or legal requirements. Major changes will be communicated on our website or via email. The last update of this profile is 24 October 2025.

12  How to contact us

For questions, concerns or requests regarding this privacy profile or your personal information, please contact:

Sound Sentinel Corporation – Privacy Officer
Head Office: Waterloo, Ontario, Canada
Email: Information@soundsentinel.com

Individuals may also contact the Office of the Privacy Commissioner of Canada (www.priv.gc.ca) for further guidance.