Privacy Policy

Last updated: 4 May 2026

1. Introduction & Scope

This Privacy Policy ("Policy") describes how Moment to Moment Pictures Inc. ("Moment to Moment Pictures," "we," "us," or "our") collects, uses, discloses, retains, and protects personal information that you ("you," "your," or "User") provide when you visit, browse, or interact with the website located at clients.m2mpictures.ca and any associated subdomains, applications, forms, or services operated by us (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy. If you do not agree with any portion of this Policy, you must discontinue use of the Service immediately.

This Policy is intended to comply with applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA), the Personal Information Protection Act of British Columbia (PIPA-BC), and, where applicable, the General Data Protection Regulation (GDPR) for individuals located in the European Economic Area, the United Kingdom Data Protection Act 2018, and any other privacy or data protection legislation that may apply to our processing activities.

2. Who We Are

Moment to Moment Pictures Inc. is a federally incorporated Canadian company, with its place of business in Vancouver, British Columbia, Canada. We are the "Data Controller" (or, in Canadian terminology, the "organization") responsible for the personal information collected through the Service.

For the purposes of this Policy, all references to the singular include the plural and vice versa, and references to any gender include all genders. Capitalised terms used but not defined in this Policy shall have the meanings ascribed to them in applicable privacy legislation.

3. Information We Collect

We collect personal information that you voluntarily provide when interacting with the Service. The categories of personal information we may collect include, but are not limited to, the following:

3.1 Identity & Contact Information

• Full legal name or preferred name
• Email address
• Telephone or mobile number
• Mailing address (only if voluntarily provided)
• Business or trade name
• Any social media handles you elect to share with us

3.2 Project Information

• Description of your business, products, or services
• Description of your target audience or customer base
• Existing domain name(s) or web property addresses
• Inspiration references, including URLs and accompanying commentary
• Layout, stylistic, colour, typographic, and feature preferences
• Status of copywriting, photography, and other content assets
• Project timelines, deadlines, milestones, or launch windows
• Free-text comments, notes, and any other information you choose to share

3.3 Technical Information

We do not currently deploy analytics scripts, third-party tracking pixels, or behavioural advertising technologies on the Service. However, our hosting provider may, in the ordinary course of operating their infrastructure, collect routine server log data such as IP addresses, request timestamps, user-agent strings, and HTTP referrer information for the purpose of operational monitoring, abuse prevention, and security auditing. This information is processed by our hosting provider on our behalf and is retained pursuant to their own retention policies.

4. How We Collect Information

We collect information through the following channels:

1. Direct submissions. When you complete and submit the website brief form available at clients.m2mpictures.ca, the information you enter into each field is transmitted to and stored within our database systems.
2. Correspondence. When you communicate with us via email, telephone, video conferencing, or any other channel, we may retain copies or transcripts of such communications.
3. Inferred information. In some cases, we may derive additional information from what you have provided (for example, inferring time-zone from country of residence) for the limited purpose of facilitating our communication and project planning.

5. Why We Collect Information

We collect, use, and process your personal information for the following purposes:

1. To respond to your enquiry, including to assess project fit and prepare a proposal or quotation;
2. To provide the design, development, deployment, and ongoing maintenance services we offer to clients;
3. To communicate with you about your project, including scheduling meetings, sending status updates, and delivering creative work product for review;
4. To invoice you for services rendered and to collect payment in accordance with applicable contracts;
5. To comply with our legal, regulatory, accounting, and tax-reporting obligations;
6. To establish, exercise, or defend legal claims, where necessary;
7. To improve and develop the Service, including the form itself, by reviewing aggregated patterns in submissions; and
8. For any other purpose that we have explicitly disclosed to you and obtained your consent for at the time of collection.

6. Lawful Basis for Processing

To the extent applicable privacy legislation requires us to identify a lawful basis for processing your personal information, we rely on the following bases, individually or in combination, depending on the specific processing activity:

• Consent. You have given express consent for the specific processing activity, including by submitting the brief form and ticking the privacy-policy acknowledgement.
• Contract. Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering such a contract.
• Legal obligation. Processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate interests. Processing is necessary for our legitimate business interests, except where such interests are overridden by your interests, rights, or freedoms.

7. Where Information Is Stored

Information you submit through the Service is stored in cloud-based databases and email-delivery systems operated by reputable third-party service providers. The primary storage location is Supabase (hosted on infrastructure within North America). Email notifications are delivered via Resend. Both providers maintain industry-standard security controls, are bound by their respective privacy and data-processing terms, and access information solely for the limited purpose of providing services to us.

8. Service Providers & Processors

We engage a limited number of third-party service providers ("Processors") to assist us in operating the Service. We require each Processor to:

• Process your personal information only on our documented instructions;
• Implement appropriate technical and organisational measures to safeguard your personal information;
• Maintain confidentiality with respect to your personal information;
• Promptly notify us in the event of any security incident or unauthorised disclosure;
• Return or delete your personal information at the conclusion of the engagement, subject to applicable legal retention requirements.

Our current Processors include, without limitation: Supabase Inc. (database hosting), Resend Inc. (transactional email delivery), Vercel Inc. (web hosting and edge delivery), and GoDaddy.com, LLC (domain registration and DNS management). The list of Processors may change from time to time without prior notice.

9. Sharing & Disclosure

We do not sell, rent, lease, license, trade, or otherwise commercialise your personal information. We will not disclose your personal information to any third party for the purposes of direct marketing.

We may, however, disclose your personal information in the following limited circumstances:

1. To our Processors, as described in Section 8, strictly for the purposes of operating the Service;
2. To our professional advisors (including legal counsel, accountants, and insurers) where reasonably necessary;
3. To a successor entity in connection with a merger, acquisition, financing, sale of all or substantially all of our assets, or similar corporate transaction, in which case we will use commercially reasonable efforts to ensure the successor honours the commitments of this Policy;
4. To comply with a valid subpoena, court order, regulatory request, or other legal process;
5. To protect or enforce our legal rights, including investigating fraud or breaches of our Terms; and
6. With your express consent or at your direction.

10. Retention & Deletion

We retain your personal information for only as long as is reasonably necessary for the purposes set out in this Policy, including:

• The duration of any project we undertake on your behalf;
• A reasonable post-project window (typically not exceeding seven (7) years) for tax, accounting, warranty, and legal-defence purposes; and
• Where required by applicable law to retain certain records for a longer period.

Following the expiry of any retention period, we will delete or anonymise your personal information in a manner consistent with industry-standard secure-erasure practices. You may also request earlier deletion at any time, subject to our overriding legal obligations, by contacting us as set out in Section 22.

11. Security Measures

We employ a combination of technical, administrative, and physical safeguards designed to protect your personal information against unauthorised access, disclosure, alteration, loss, or destruction. These measures include, but are not limited to:

• Transport-layer encryption (HTTPS/TLS) for all data in transit;
• At-rest encryption applied by our cloud-database provider;
• Access controls limiting personnel access to information on a need-to-know basis;
• Strong, unique authentication credentials and, where supported, multi-factor authentication on all administrative accounts;
• Routine review of access logs and audit trails;
• Periodic updates and patching of software and dependencies; and
• Confidentiality obligations imposed on contractors and Processors.

Notwithstanding the foregoing, no method of electronic transmission or storage is one hundred percent (100%) secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

12. Cookies & Tracking Technologies

The Service does not currently set first-party cookies, deploy session-replay technologies, embed third-party advertising pixels, or use any other behavioural-tracking instrumentation on its public-facing pages. Should this change in the future, we will update this Policy and, where required, present a cookie-consent notice prior to such collection.

13. International Transfers

Your personal information may be transferred to, stored in, and processed in countries other than the country in which you reside, including the United States and other jurisdictions where our Processors maintain infrastructure. Where such transfers occur, we take reasonable steps to ensure that your personal information receives a level of protection consistent with applicable Canadian privacy legislation. By using the Service, you consent to such transfers.

14. Your Rights

Subject to applicable law, you may have the following rights with respect to your personal information:

• Right of access. To request confirmation that we hold personal information about you, and to obtain a copy of such information.
• Right to correction. To request that we correct inaccurate or incomplete personal information.
• Right to deletion. To request that we delete your personal information, subject to overriding legal or contractual obligations.
• Right to withdraw consent. To withdraw any consent you have previously given, with effect for the future.
• Right to restriction. To request that we restrict the processing of your personal information.
• Right to portability. Where processing is based on consent or contract and is carried out by automated means, to receive your personal information in a structured, commonly used, machine-readable format.
• Right to object. To object to processing based on our legitimate interests.
• Right to lodge a complaint. To lodge a complaint with the Office of the Privacy Commissioner of Canada or, where applicable, with the supervisory authority in your jurisdiction of residence.

15. How to Make a Request

To exercise any of the rights described in Section 14, please submit a written request to us at the email address set out in Section 22. We may ask you to verify your identity before responding to your request, in order to protect against fraudulent or unauthorised access. We will endeavour to respond to verifiable requests within thirty (30) calendar days, or such longer period as may be permitted by applicable law for complex or voluminous requests.

16. Children's Privacy

The Service is not directed to, intended for, or designed for use by children under the age of sixteen (16). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verified parental consent, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us.

17. Third-Party Links

The Service may, from time to time, contain links to third-party websites, plug-ins, or applications operated by parties other than Moment to Moment Pictures Inc. We do not control such third parties and are not responsible for their privacy practices. Clicking on such a link or enabling such a plug-in may permit a third party to collect or share data about you. We encourage you to read the privacy policies of every third-party website you visit.

18. Automated Decision-Making

We do not engage in automated decision-making, including profiling, that produces legal effects or similarly significant effects with respect to you.

19. Data Breach Notification

In the event of a confirmed security incident involving your personal information that, in our reasonable judgement and consistent with applicable law, gives rise to a real risk of significant harm, we will notify affected individuals without undue delay and, where required, also notify the Office of the Privacy Commissioner of Canada and any other applicable supervisory authority. The notification will, to the extent reasonably practicable, describe the nature of the breach, the categories of information involved, the steps we are taking to mitigate harm, and any steps you may wish to consider taking yourself.

20. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will revise the "Last updated" date at the top of this Policy and, where the changes are material, take additional steps to notify users. The current version of the Policy will always be available at this URL. Your continued use of the Service after the effective date of any updated Policy constitutes acceptance of such changes.

21. Governing Law & Jurisdiction

This Policy and any disputes arising out of or related to it shall be governed by and construed in accordance with the laws of the Province of British Columbia and the federal laws of Canada applicable therein, without regard to conflict-of-laws principles. The parties irrevocably submit to the exclusive jurisdiction of the courts of British Columbia for the resolution of any dispute arising out of or in connection with this Policy.

22. Contact Information

For all privacy-related enquiries, requests, complaints, or to exercise any of your rights described above, please contact: legal@m2mpictures.ca.

If we are unable to resolve a privacy concern to your satisfaction, you may also contact the Office of the Privacy Commissioner of Canada at priv.gc.ca, or, in British Columbia, the Office of the Information and Privacy Commissioner for British Columbia at oipc.bc.ca.