Amazing CanadaAmazing Canada
ProvincesCitiesParksArticles
Amazing Canada
ProvincesCitiesParksArticles
Amazing Canada

Practical, current travel guides to every Canadian province, city, and national park - from downtown brunch to backcountry hiking

Quick Links

  • Provinces
  • Cities
  • Parks
  • Posts

Information

  • About
  • Contact
  • Privacy Policy

Made with in Canada

© 2026 Amazing Canada. All rights reserved.

HomePrivacy Policy

Privacy Policy

Version 1.0Last updated: April 16, 2026

Table of Contents

1Who we are2Information we collect3How we use your information4Cookies and tracking5Third-party services we use6Your rights7How long we keep information8Data security9Children's privacy10Changes to this policy

This Privacy Policy describes how Amazing Canada ("we", "us", "our") collects, uses, and protects personal information when you visit amazingcanada.ca, subscribe to a newsletter, contact us, or use our services. We are an independent travel magazine based in Calgary, Alberta, Canada.

Our handling of personal information is governed by Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). If you are located in the European Economic Area or the United Kingdom, the General Data Protection Regulation (GDPR) and the UK GDPR also apply.

This policy was last updated on April 19, 2026. Material changes are posted here with a new version number and effective date.

1

Who we are

Amazing Canada is an independent travel magazine published from Calgary, Alberta, Canada.

  • Contact email: [email protected]
  • Website: amazingcanada.ca
  • Data controller under GDPR: Amazing Canada Inc.

If you have questions about this policy or your personal information, write to us at the contact email above.

2

Information we collect

We collect only what we need to run the site and respond to you. Categories of information:

Automatically collected (every visitor):

  • Standard server logs — IP address, browser type, operating system, referring URL, pages viewed, and timestamp. Retained 30 days, then deleted.
  • Cloudflare edge logs for DDoS protection and abuse prevention. See Cloudflare's privacy policy for retention.
  • Google Analytics 4 (GA4) aggregate statistics — page views, session duration, device category, approximate country. IP addresses are truncated by GA4 before storage. (Active once GA4 is wired — see Section 4.)
  • Google Search Console aggregate data — search queries that led visitors to the site, click-through rates, indexation status.

Collected when you submit a contact form:

  • Your name, email address, optional subject, and the message itself. Stored in our database and held for up to 24 months, then anonymized or deleted.
  • Your IP address at the time of submission, used for rate-limiting and spam prevention.
  • A Cloudflare Turnstile CAPTCHA token, validated server-side. The token is discarded after verification.

Collected if you subscribe to a newsletter (when available):

  • Your email address and the date of subscription. Managed via our transactional email provider, Resend.
  • Basic engagement data (opens, clicks) at the aggregate level.

Collected if you hold an admin account (staff only):

  • Name, email, hashed password, role, session tokens, and audit-log records of actions taken in the admin panel.

We do not collect special-category personal data (health, religion, sexual orientation, political opinions, biometric identifiers). Do not submit such information through our forms.

3

How we use your information

We use personal information only for the purposes listed below.

  • To respond to contact-form submissions. Your name and email are used to reply and, if needed, follow up. Lawful basis under GDPR: Article 6(1)(b) — performance of a contract or pre-contractual steps at your request.
  • To send transactional email. Auto-reply confirmations and password-reset emails (admin only). Lawful basis: 6(1)(b) contract or 6(1)(f) legitimate interest in account security.
  • To improve the site. Aggregate analytics tell us which articles are useful and where visitors drop off. Lawful basis: 6(1)(f) legitimate interest in site quality, with no override of your privacy rights.
  • To prevent abuse. Server logs, Turnstile tokens, and rate-limit data protect the site against automated attacks. Lawful basis: 6(1)(f) legitimate interest in site security.
  • To comply with legal obligations. Retain certain records where Canadian or EU law requires it.
  • To send newsletters (if and when you subscribe). Lawful basis: 6(1)(a) consent, which you can withdraw at any time with the "unsubscribe" link.

We do not sell your personal information. We do not share it with third parties for advertising. We do not profile individuals.

4

Cookies and tracking

A cookie is a small text file that a website stores on your device. We use cookies in three categories.

Strictly necessary cookies (always on — required for the site to work):

  • amazingcanada-theme — remembers your light/dark theme choice.
  • next-auth.session-token / __Secure-next-auth.session-token — authenticates admin-panel users.
  • Cloudflare __cf_bm, cf_clearance — bot-management tokens.

Analytics cookies (active once GA4 is connected):

  • _ga, _ga_* — Google Analytics 4 session and device identifiers. Retention: 14 months.
  • IP addresses are truncated by GA4 (IP Anonymization enabled) before storage.

Third-party embeds:

  • YouTube, when an article embeds a video, sets cookies on its own domain. Amazing Canada does not receive this data.
  • Google Maps, where a map is embedded, follows the same pattern.
  • Cloudflare Turnstile sets a challenge cookie during CAPTCHA validation on contact-form submissions.

We do not use advertising cookies, retargeting pixels, or third-party tracking beyond what is listed here.

You can block or delete cookies through your browser settings. Blocking strictly-necessary cookies will prevent parts of the site from working (theme toggle, admin login, contact form).

5

Third-party services we use

We rely on a small number of third-party providers, each governed by its own privacy policy. By using our site, you acknowledge that data may be processed by these providers.

ProviderPurposeData transferred
Cloudflare (US, EU)CDN, DDoS protection, WAF, Turnstile CAPTCHAIP address, headers, CAPTCHA tokens
Google Analytics 4 (US)Aggregate site analyticsTruncated IP, session identifiers, page events
Google Search Console (US)Aggregate search performanceSearch queries, clicks (visitors not identifiable)
Resend (US, EU)Transactional email deliveryEmail address, message content (auto-reply, password reset)
Telegram (international)Internal admin alerts (contact-form notifications)Submission metadata (no visitor IP unless included in the message)
DigitalOcean (US, CA)HostingServer logs, database content

International transfers. Most of our providers operate servers in the United States and the European Union. Where personal data of EEA/UK residents is transferred outside the EEA/UK, we rely on the Standard Contractual Clauses adopted by the European Commission, combined with supplementary technical measures (encryption in transit and at rest).

6

Your rights

Rights under PIPEDA (Canada):

  • Request a copy of the personal information we hold about you.
  • Ask for corrections to inaccurate or incomplete data.
  • Withdraw consent where processing is based on consent (for example, newsletter subscriptions).
  • File a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca).

Additional rights under GDPR (EEA/UK residents):

  • Right of access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure (Article 17 — "the right to be forgotten")
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object to processing (Article 21)
  • Right to lodge a complaint with your national supervisory authority

To exercise any of these rights, email [email protected] with "Privacy request" in the subject line. We respond within 30 days. We may ask for information to verify your identity.

7

How long we keep information

We keep personal information only as long as the purpose that justified its collection remains active, and then we delete or anonymize it.

  • Server logs: 30 days
  • Cloudflare edge logs: per Cloudflare's retention (typically 24 hours for free-tier users)
  • Contact-form submissions: up to 24 months, then anonymized or deleted (shorter on request)
  • Newsletter subscriptions: until you unsubscribe, plus 30 days for confirmation records
  • Admin accounts: for the lifetime of the account, plus 24 months after deactivation for audit-log integrity
  • Analytics data: GA4 default retention (14 months) for event-level data; aggregate reports kept longer
  • Backup archives: 7 days, automatically rotated
8

Data security

We protect your information with industry-standard measures:

  • All traffic to amazingcanada.ca uses HTTPS with TLS 1.3 where supported. The origin server is protected by Cloudflare's edge network with Full (strict) SSL.
  • Admin passwords are hashed with bcrypt. Session tokens are rotated and can be revoked by administrators.
  • Database access is restricted to the application server. Database backups are encrypted at rest.
  • Servers are hardened with firewall rules, fail2ban, automated security updates, and rate-limiting.
  • We enforce a Content Security Policy (CSP) to mitigate cross-site scripting.

No security measure is perfect. If we become aware of a breach that puts your information at risk, we will notify affected users and the relevant regulators within 72 hours, as required by GDPR Article 33 and PIPEDA's breach-notification rules.

9

Children's privacy

Amazing Canada is not directed at children under 13, and we do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has submitted personal information to us, email [email protected] and we will delete the information promptly.

For EEA/UK residents, the age threshold is 16 unless your member state has set a lower age under GDPR Article 8(1).

10

Changes to this policy

We update this policy when our practices change — for example, when we add an analytics provider, launch a newsletter, or enable monetization.

  • Material changes are posted here with a new version number and effective date. Where we hold your contact details (admin accounts, newsletter subscribers), we notify you directly before the changes take effect.
  • Minor changes (typo fixes, clarifications, restructured sections without meaning changes) are posted without individual notification.

Current version: 1.0

Last updated: April 19, 2026

Questions? Email [email protected] and we will respond within 30 days.