Privacy Policy

Effective Date: February 23, 2026

Cornerstone Timberframes (“we”, “us”, “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our website, contact us, or submit information through our forms. It also describes your rights under applicable privacy laws in Canada (including Québec), the United States, and the European Union/United Kingdom.

1. Information We Collect

A. Information You Provide

  • Name
  • Email address
  • Phone number
  • Project details and any information submitted through contact, quote, or booking forms

If you provide personal information about another individual (e.g., colleague, employee, or third party), you confirm that you have the authority and necessary consent to share that information with us.

B. Information Collected Automatically

  • IP address (and/or approximate location derived from IP)
  • Device and browser information
  • Pages viewed, interactions, referral source
  • Cookies and similar technologies

2. Cookies & Tracking Technologies

We use cookies and similar technologies for essential website functionality, analytics, and marketing/advertising purposes.

Where required by law, including the EU/UK (GDPR – Regulation (EU) 2016/679) and Québec’s Law 25 (Act respecting the protection of personal information in the private sector), we activate non-essential cookies only after consent through our cookie banner.

You may manage your cookie preferences at any time.

Relevant laws:

• GDPR (EU/UK): https://gdpr-info.eu/

• Québec Law 25: https://www.legisquebec.gouv.qc.ca/en/document/cs/p-39.1

3. How We Use Your Information

  • Respond to inquiries and provide requested services
  • Communicate regarding your request
  • Improve website performance and user experience
  • Conduct analytics and advertising where permitted by law
  • Protect our business and prevent fraud
  • Comply with legal obligations

4. Legal Bases for Processing (EU/UK)

If you are located in the EU/UK, we process personal data under the following legal bases pursuant to Article 6 of the GDPR:

  • Consent
  • Performance of a contract
  • Legitimate interests
  • Legal obligations

More information: https://gdpr-info.eu/art-6-gdpr/

5. Sharing of Information

We do not sell personal information for monetary compensation.

However, we use analytics and advertising tools (including Google and Meta) that may involve sharing online identifiers (such as cookie IDs or device identifiers) for advertising measurement and campaign optimization. Under certain U.S. state laws, this may constitute “sharing” for cross-context behavioral advertising.

You may opt out of targeted advertising or sharing where applicable by using our privacy settings.

We may share information with:

  • Website hosting providers
  • Email and CRM platforms
  • Analytics and advertising providers (e.g., Google, Meta)
  • Professional advisors
  • Authorities if required by law

6. U.S. State Privacy Rights

Depending on your U.S. state of residence (including California, Colorado, Virginia, Connecticut, Utah and others), you may have rights under applicable state privacy laws, including:

  • Access to personal information
  • Correction of inaccurate information
  • Deletion of personal information
  • Opt-out of targeted advertising
  • Opt-out of “sale” or “sharing” of personal information

Relevant laws include:

• California Consumer Privacy Act (CCPA/CPRA): https://oag.ca.gov/privacy/ccpa

• Colorado Privacy Act (CPA)

• Virginia Consumer Data Protection Act (VCDPA)

Where applicable, we provide a mechanism titled “Do Not Sell or Share My Personal Information”.

7. Québec (Law 25) – Privacy Officer & Confidentiality Incidents

In accordance with Québec’s Law 25, we designate a person responsible for the protection of personal information.

In the event of a confidentiality incident presenting a risk of serious harm, we will notify affected individuals and applicable regulatory authorities (such as the Commission d’accès à l’information du Québec) as required by law.

More information: https://www.cai.gouv.qc.ca/

8. International Data Transfers

Personal information may be processed in Canada, the United States, or other jurisdictions where our service providers operate. Where required (e.g., GDPR), appropriate safeguards are implemented.

9. Data Retention

We retain personal information only as long as necessary for business, legal, and compliance purposes.

10. Security

We implement reasonable technical and organizational safeguards designed to protect personal information. No system is completely secure; however, we continually improve our protection measures.

11. Your Rights

Canada (PIPEDA, including Québec)

  • Access your personal information
  • Request correction
  • Withdraw consent
  • Data portability (where applicable)

PIPEDA: https://laws-lois.justice.gc.ca/eng/acts/P-8.6/

EU/UK (GDPR)

  • Access, rectification, erasure
  • Restriction or objection to processing
  • Data portability
  • Lodge a complaint with a supervisory authority

United States

Rights vary by state and may include access, deletion, correction, and opt-out of targeted advertising.

12. Contact Information

Privacy Officer: Oleksii – IT Department (Person Responsible for Personal Information Protection)

Email: marketing@cstf.ca

Mailing Address:
Unit 3-20 Brandt Street, Suite 150
Steinbach, MB R5G 1Y2
Canada

13. Updates to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised Effective Date.