PIPEDA Privacy Policy

Privacy Notice for Canadian Customers (PIPEDA)

Effective Date: 4/30/2026 Last Updated: 4/30/2026

This Notice describes how Sales Peak Inc., doing business as Organo Republic ("Organo Republic," "we," "us," "our") collects, uses, and discloses personal information of customers and visitors located in Canada, in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable substantially similar provincial laws.

If you are a resident of Quebec, please also see Section 12 regarding Law 25.

1. Accountability - Our Privacy Officer

We are responsible for the personal information under our control. We have designated the following individual to be accountable for our compliance with PIPEDA:

Privacy Officer: Marina Savielieva, COO
Sales Peak Inc. DBA Organo Republic 3719 NW 50th St, Miami, FL 33142, USA Email: support@organorepublic.com Phone: +1 (305) 306-7345

All questions, requests, and complaints regarding personal information should be directed to the Privacy Officer.

2. Identifying Purposes - Why We Collect Personal Information

We collect personal information for the following purposes:

  • To process and fulfill your orders, including shipping and payment.

  • To create and manage your customer account.

  • To provide customer support and respond to inquiries.

  • To send transactional communications (order confirmations, shipping notifications).

  • To send marketing communications, where you have consented.

  • To administer our loyalty and rewards programs.

  • To personalize your experience on our website.

  • To detect and prevent fraud and ensure the security of our service.

  • To comply with legal, tax, and accounting obligations.

  • To improve our products, services, and website.

If we identify a new purpose for using your personal information, we will inform you and obtain your consent where required.

3. Consent

We obtain your consent before collecting, using, or disclosing your personal information, except where otherwise permitted or required by law.

  • Express consent is obtained for sensitive information and for marketing communications (typically through a checkbox or signup form).

  • Implied consent may apply where the purpose is obvious - for example, when you place an order, we use your shipping address to deliver it.

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. To withdraw consent, contact us at support@organorepublic.com. Note that withdrawing consent for certain processing may affect our ability to provide products or services to you.

4. Limiting Collection - What We Collect

We collect only the personal information necessary for the purposes identified in Section 2. The categories include:

  • Identity and contact information: name, email, phone, billing and shipping addresses.

  • Account information: username, password (hashed), preferences, order history.

  • Transaction information: items purchased, prices, payment method (card data is handled by our payment processor).

  • Technical information: IP address, browser type, device information.

  • Usage information: pages viewed, products viewed, cart activity.

  • Communications: messages you send to customer support.

We collect personal information directly from you, and automatically through cookies and similar technologies when you use our website.

5. Limiting Use, Disclosure, and Retention

We use and disclose personal information only for the purposes identified in this Notice, or as required by law.

Disclosure to Third Parties

We share personal information with the following categories of service providers, all of whom are bound by confidentiality and data protection obligations:

  • Shopify Inc. - our e-commerce platform.

  • Payment processors - Shopify Payments, PayPal, Shop Pay.

  • Shipping and fulfillment providers.

  • Email and marketing platforms - Klaviyo (and similar).

  • Analytics providers - Google Analytics.

  • Customer support tools.

  • Professional advisors - accountants, lawyers, auditors.

  • Public authorities - where required by law.

We do not sell your personal information, and we do not share your personal information with third-party advertising partners for cross-context behavioral advertising.

Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law:

  • Order and transaction records: 7 years (for tax and accounting purposes), retained even after account deletion.

  • Account information: retained until you delete your account or request deletion, after which it is deleted or anonymized within 30 days, except where retention is required by law (see "Order and transaction records" above).

  • Marketing data: retained until you withdraw consent; a minimal suppression record (e.g., a hashed email) is kept afterwards solely to honor your opt-out.

  • Customer support records: up to 3 years after the last interaction.

When personal information is no longer needed, we securely delete or anonymize it.

6. Accuracy

We make reasonable efforts to ensure the personal information we hold about you is accurate, complete, and up to date. You can review and update your account information at any time by logging into your account or contacting us.

7. Safeguards

We protect personal information using safeguards appropriate to its sensitivity, including:

  • Physical safeguards - controlled access to facilities and devices.

  • Organizational safeguards - internal policies, training, and access on a need-to-know basis.

  • Technical safeguards - encryption in transit (HTTPS/TLS) and at rest, secure password storage, firewalls, and regular security reviews.

We require our service providers to maintain comparable safeguards.

8. Openness

This Notice, together with our main Privacy Policy, is intended to give you specific and easily accessible information about our personal information management practices. The most current version is always available on our website.

9. Individual Access and Correction

You have the right to:

  • Access your personal information that we hold and receive information about how it is used and to whom it has been disclosed.

  • Correct inaccurate or incomplete personal information.

To make a request, contact us at support@organorepublic.com. We will respond within 30 days. We may extend this period in limited circumstances and will notify you if we do. There is generally no cost for reasonable requests; we will inform you in advance if a fee applies.

We may need to verify your identity before responding, and there are limited exceptions where access may be refused (for example, where it would reveal personal information of another individual or is protected by solicitor-client privilege).

10. Challenging Compliance - Complaints

If you have a concern or complaint about our handling of your personal information, please contact our Privacy Officer first. We take all complaints seriously and will investigate and respond promptly.

If you are not satisfied with our response, you may contact:

Office of the Privacy Commissioner of Canada (OPC) 30 Victoria Street, Gatineau, Quebec K1A 1H3 Toll-free: 1-800-282-1376 Website: www.priv.gc.ca

11. Cross-Border Transfers

We are based in the United States, which means your personal information is stored and processed in the United States, where our company, Shopify, our payment processors, and several of our other service providers operate. While in the United States, your information may be subject to U.S. laws, including lawful access requests by U.S. authorities.

We use contractual and technical safeguards to protect personal information regardless of where it is processed, including data processing agreements with our service providers.

12. Quebec Residents - Law 25

If you are a resident of Quebec, additional rights apply under the Act respecting the protection of personal information in the private sector (Law 25), including:

  • The right to data portability - receive your information in a structured, commonly used technological format.

  • The right to de-indexation - request that links to your information be removed in certain circumstances.

  • Specific rules regarding automated decision-making - the right to be informed when a decision is made about you based exclusively on automated processing and to request a review.

To exercise these rights, contact our Privacy Officer. If you are not satisfied, you may contact the Commission d'accès à l'information du Québec at cai.gouv.qc.ca.

13. Children

Our services are not directed at children under the age of majority in their province. We do not knowingly collect personal information from children without parental consent. If you believe a child has provided us with personal information, please contact our Privacy Officer.

14. Breach Notification

In the event of a breach of security safeguards involving personal information that creates a real risk of significant harm, we will notify the Office of the Privacy Commissioner of Canada and affected individuals as required under PIPEDA, and we will keep records of all breaches as required by law.

15. Changes to This Notice

We may update this Notice from time to time. The "Last Updated" date at the top reflects the most recent revision. We encourage you to review it periodically.

16. Contact Us

Sales Peak Inc. DBA Organo Republic 3719 NW 50th St, Miami, FL 33142, USA Email: support@organorepublic.com Phone: +1 (305) 306-7345