Privacy Policy

Valstar Consulting Ltd. is a Calgary-based IT services provider operating from 1511 Mardale Way NE, Calgary, AB T2A4G6. We provide managed IT, internet, VoIP, and technology consulting services to businesses across Alberta.

We are committed to protecting the privacy of individuals who visit our website and use our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit valstarconsulting.com.

As an organization operating in Alberta, Canada, Valstar Consulting Ltd. complies with:

• Alberta's Personal Information Protection Act (PIPA) — the provincial privacy law that governs how private-sector organizations in Alberta collect, use, and disclose personal information.
• The Personal Information Protection and Electronic Documents Act (PIPEDA) — the federal privacy law that applies to interprovincial and international personal information transfers.

Where PIPA applies, it is the governing legislation; PIPEDA serves as a complementary framework for cross-border data handling.

We collect only the personal information you voluntarily provide to us:

We do not collect sensitive personal information (e.g., health, financial, biometric data) through this website.

We use your personal information solely for the purpose for which it was provided:

• Contact form submissions are emailed to our internal inbox (sales@valstarconsulting.com). We use the information you provide to respond to your inquiry.
• Client login credentials are validated against our server environment variables. No credentials are stored. Upon successful authentication, you are redirected to a designated client portal. That portal is a third-party service governed by its own terms and privacy policy; we are not responsible for its data practices.

We do not:

• Sell, rent, or trade your personal information to third parties.
• Use your information for automated decision-making or profiling.
• Share your information with third parties except as required by law or with your explicit consent.

We retain inquiry emails for the duration necessary to respond to your request, after which they are archived and periodically deleted in accordance with our internal retention schedule. Client login credentials are not stored — they are validated in real time against server environment variables and immediately discarded.

Our retention periods are guided by the principle that personal information should only be kept as long as necessary to fulfill the identified purpose.

We implement appropriate technical and organizational safeguards to protect your personal information, including:

• Encryption in transit via HTTPS (TLS 1.3).
• Timing-safe cryptographic comparisons for authentication and CAPTCHA verification, preventing timing attacks.
• In-memory rate limiting to mitigate brute force and denial-of-service attacks.
• Strict Content Security Policy (CSP) headers limiting script and resource loading to trusted origins.
• No database storage — personal information is transmitted via encrypted email or validated in memory only.

Our server infrastructure is hosted on a secured HestiaCP-controlled environment. While no system is impenetrable, we employ industry-standard practices to protect your data.

Our website uses the following third-party services:

• Google Fonts— we load the Inter typeface from Google's servers. Google may process your IP address for font delivery. Refer to Google's privacy policy for details.
• Client Portal — after successful authentication, you are redirected to a third-party client portal governed by its own privacy policy. We encourage you to review that policy before submitting additional information.

We do not use analytics services, advertising networks, social media pixels, or tracking cookies.

Under PIPA and PIPEDA, you have the following rights regarding your personal information:

• Right to Access — request a copy of the personal information we hold about you.
• Right to Correction — request that we correct any inaccuracies in your personal information.
• Right to Deletion — request that we delete your personal information, subject to legal obligations.
• Right to Withdraw Consent — withdraw your consent to our collection, use, or disclosure of your information at any time (note that this may affect our ability to respond to your inquiry).
• Right to Complain — file a complaint with our Privacy Officer or with the Office of the Information and Privacy Commissioner of Alberta (OIPC) if you believe your privacy rights have been violated.

To exercise any of these rights, please contact our Privacy Officer using the details below. We will respond to your request within 30 days, as required by applicable law.

If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact our Privacy Officer:

You may also contact the Office of the Information and Privacy Commissioner of Alberta:

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or operational requirements. We will post the updated policy on this page with a revised effective date.

We encourage you to review this policy periodically. Material changes will be communicated via a notice on our website.

Effective date: June 14, 2026