PassEngine LogoPassEngine

Privacy Policy

Last updated: 3/18/2026

1. Introduction

This Privacy Policy describes how Dima Labs Inc ("Operator") collects, uses, stores, and protects personal information when using the PassEngine service (the "Service"). This Policy applies to all users of the Service and governs the Operator's data practices in accordance with applicable privacy laws. "User" means any individual or entity that uses the Service. By using the Service, the User acknowledges that they have read and understood this Privacy Policy and agrees to its terms.

2. Data Controller

The data controller responsible for personal information is Dima Labs Inc, an Ontario corporation based in Canada. The Operator is committed to protecting User privacy and handling User data in accordance with applicable Canadian privacy legislation (including PIPEDA) and other applicable laws. legal@passengine.io

3. Information Collected

The Operator collects personal information from the following categories of individuals:

  • Account holders (Service users): Email address, organization name, role within the system
  • Pass recipients (event attendees/visitors): Information included in passes by account holders, such as names, contact details, and other custom fields as configured by the event organizer
  • Scan data: Date and time of scans, verification results, operator information
  • Technical data: IP addresses, browser and device information, access logs

4. How Information Is Used

The Operator processes personal information for the following purposes:

  • Providing access to the Service and its features
  • User identification and account security
  • Processing payments and managing billing
  • Sending Service-related notifications and updates
  • Providing technical support and responding to inquiries
  • Analyzing Service usage and improving quality
  • Complying with legal obligations

5. Data Storage and Security

Personal data is primarily stored on servers located in data centers in Toronto, Canada. The Operator implements appropriate technical and organizational security measures to protect User data:

  • Data encryption in transit (TLS/SSL)
  • Access controls limiting data access to authorized personnel
  • Regular data backups
  • Security monitoring and auditing
  • Protection against unauthorized access and malicious software

6. Data Retention

The Operator retains personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data after deletion: The Operator aims to delete within 90 days, unless longer retention is required by law
  • Scan and pass logs: Retained for up to 12 months from creation
  • Analytics data: In accordance with the policies of analytics service providers

7. Third-Party Services

The Operator does not sell User personal information. The Operator may share data with third parties only in the following circumstances:

  • Compliance with legal requirements and requests from authorized government bodies
  • Payment processing through Polar.sh (payments are processed in accordance with Polar.sh's privacy policy)
  • Analytics services using Google Analytics to help understand how the Service is used (see Google's privacy policy at https://policies.google.com/privacy)

8. Cookies and Tracking

The Service uses cookies and similar technologies to ensure proper functionality and improve the User experience:

  • Essential cookies: Used for authentication and session management
  • Analytics cookies: Used to collect usage statistics (Google Analytics)

9. User Rights

Subject to applicable law in the User's jurisdiction, the User may have certain rights regarding personal information. Exercise of these rights may be limited in certain circumstances as permitted by applicable law:

  • Right to access personal information
  • Right to correct inaccurate personal information
  • Right to request deletion of personal information
  • Right to object to certain processing activities
  • Right to withdraw consent where processing is based on consent
  • Right to lodge a complaint with a supervisory authority

10. International Data Transfers

The Operator's primary data storage is located in Canada. However, some third-party service providers (such as Google Analytics and Polar.sh) may process data in other countries, including the United States. When data is transferred internationally, the Operator relies on appropriate safeguards such as the service providers' data protection commitments and standard contractual clauses where applicable. By using the Service, the User acknowledges that their information may be transferred to and processed in countries other than their country of residence.

11. Children's Privacy

PassEngine is designed for use by organizations and adults (18 years of age or older) for business purposes. The Operator does not knowingly collect personal information from children under 18. If the User becomes aware that a child has provided the Operator with personal information, please contact the Operator so steps can be taken to delete such information.

12. Changes to This Policy

The Operator may update this Privacy Policy from time to time. The current version will always be available on this page with the date of the last update indicated. The User's continued use of the Service after any changes constitutes acceptance of the updated Policy. It is recommended to periodically review this page for any changes.

13. Contact Us

If the User has any questions about this Privacy Policy or the Operator's data practices, please contact the Operator. The Operator will respond to inquiries within a reasonable timeframe in accordance with applicable law. legal@passengine.io