BoomPay privacy policy.

What this policy covers

BoomPay supports repair shops and customers with payment plans, paperwork review, servicing, collection support, and lien-related workflows. This policy applies when we collect data from customers, shops, guarantors, vehicle or equipment owners, contacts, service providers, and people connected to an account.

We aim to collect data in a clear, limited, and accountable way. Some records are sensitive. We treat them with more care, ask for clear consent when required, and use them only when the purpose is reasonable and lawful.

Data we may collect

What we collect depends on the account, the repair, the vehicle or equipment, the payment terms, and any default or dispute. It may include:

• Identity and contact details, such as name, address, phone, email, date of birth when needed, government identification, and signature records.
• Vehicle or equipment details, such as plate number, VIN, make, model, year, mileage, condition, location, ownership details, repair records, invoices, estimates, work approvals, and pickup or release records.
• Licence, insurance, registration, lien, security, and title records needed to confirm rights, file records, support a claim, or respond to a dispute.
• Payment and account details, such as payment plan terms, balances, payment history, bank or card tokens, returned payments, disputes, promises to pay, and collection notes.
• Residency, workplace, business, reference, association, and location details that may be needed to contact a person, confirm identity, verify ability to pay, trace an account, or enforce lawful remedies.
• Biometric or image-based records, such as photographs, video stills, facial images, voice records, or similar identifiers, only when we have a lawful reason and the required consent or legal basis.
• Communications with us, shops, collection partners, bailiffs, lawyers, insurers, courts, regulators, and service providers.
• Technical data from our website and systems, such as device details, logs, form activity, security events, and authentication records.

Why we collect and use data

We collect and use data for practical business purposes connected to the account. These purposes include:

• reviewing paperwork, confirming identity, and deciding whether a payment plan can be offered;
• setting up, servicing, and collecting payments under agreed terms;
• confirming vehicle, equipment, repair, storage, lien, title, and release details;
• detecting fraud, misrepresentation, duplicate claims, unauthorized releases, and account misuse;
• contacting customers, shops, authorized contacts, guarantors, references, employers, landlords, agents, and other parties when lawful and reasonably needed;
• supporting skip tracing, collection activity, lien registration, lien enforcement, seizure, storage, sale, bailiff retrieval, legal claims, insurance claims, and regulatory responses where legally available;
• protecting people, property, systems, records, and legal rights; and
• meeting tax, accounting, audit, compliance, reporting, and recordkeeping duties.

Consent and sensitive records

We ask for consent in a way that explains the main purposes and expected consequences. Some data, including biometric identifiers, government identification, location history, workplace details, financial records, and lien or collection records, may be sensitive. We use express consent where sensitivity or law requires it.

We do not use biometric records to infer health, ethnicity, family relationships, or other secondary traits unless that use is lawful, necessary, explained, and separately authorized where required.

A person may withdraw consent where the law allows. Withdrawal may limit our ability to offer or service a payment plan. It may not stop uses that are required to collect an existing debt, enforce rights, handle a dispute, keep records, or comply with law.

When we share records

We share records only when needed for a stated purpose, when authorized, or when permitted or required by law. Recipients may include repair shops, payment processors, identity providers, software providers, storage providers, collection agencies, skip tracing providers, lien registries, licensed bailiffs, towing or storage providers, insurers, lawyers, courts, regulators, law enforcement, and buyers or funders of receivables or related assets.

We remain responsible for personal data handled by service providers on our behalf. We use contracts, access controls, and practical safeguards to limit their use of the records.

Collection, lien, and recovery use

If a person defaults on agreed payment terms, we may use account records to contact the person, understand the default, offer a resolution, preserve rights, and take lawful recovery steps. Where legally available, this may include skip tracing, lien support, collection activity, bailiff instructions, seizure or retrieval support, storage, sale, court steps, and reporting to parties with a legal or business need to know.

We expect our teams and partners to follow applicable Canadian and Ontario rules. We do not authorize harassment, false statements, unlawful threats, public shaming, or unnecessary disclosure of a debt.

Retention and safeguards

We keep records only as long as reasonably needed for the purposes in this policy, unless a longer period is required for legal, tax, audit, dispute, lien, collection, insurance, or regulatory reasons. Sensitive data is reviewed with more care and should not be kept simply because it is available.

We use administrative, technical, and physical safeguards. These include access limits, authentication controls, vendor review, logs, secure storage, staff instructions, and incident response steps. No system is risk-free, so we also work to detect and respond to problems quickly.

Your access and correction rights

A person may ask to access or correct their personal data. We may need to confirm identity before responding. We may refuse or limit access where the law permits, including when disclosure would reveal another person's records, harm an investigation, affect legal privilege, or interfere with lawful collection or enforcement steps.

To make a request, contact us at info@boompay.ca.

Changes

We may update this privacy policy as our services, legal duties, or processes change. The effective date tells you when this version started. Material changes will be posted on this page.