David Andrew Furniture · Legal

Privacy Policy

Effective June 14, 2026. David Andrew Furniture (“DAF”) is operated by Ben Lafreniere from British Columbia, Canada. This policy explains what personal information we collect, why we collect it, who we share it with, and the rights you have under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and British Columbia’s Personal Information Protection Act (PIPA).

1. Overview

DAF collects personal information only as needed to deliver the services you purchase, comply with the law, and improve the way we deliver those services. We do not sell personal information. We do not rent or trade it. We do not use it to build advertising profiles.

The privacy officer responsible for DAF’s compliance with PIPEDA and PIPA is Ben Lafreniere. You can reach the privacy officer at hello@davidandrewfurniture.com.

2. What we collect

Contact informationName, email address, phone number (optional), business or organization name, billing address, and delivery address where applicable. Provided by you when you submit a brief, purchase a service, or contact us.
Project briefs & photosRoom descriptions, dimensions, budget ranges, style references, photos, floor plans, drawings, and any other material you share through our brief intake, advisor chat, or directly by email.
Payment metadataStripe-tokenized payment identifiers, the amount and currency, the SKU of the service purchased, and the country of the card. DAF never sees or stores your full card number, expiry, or security code — Stripe handles card data end to end.
Session & account dataIf you create an account or use a logged-in surface, basic account information (email, sign-in identifier, role). For chat-based intake, a conversation identifier so the advisor can pick up where you left off.
Site usage dataStandard server logs (IP address, user-agent, requested URL, timestamp) and minimal analytics on which pages and offers are viewed. We do not run invasive cross-site tracking.
Communication historyEmails, scheduled calls, Telegram messages (if you opt in), and any other correspondence during and after your engagement.

3. Why we collect it

We collect and use your personal information for these purposes:

  • To deliver the services you purchased — including drafting and sending plans, reports, briefs; running calls; opening and operating project engagements; and providing ongoing programs.
  • To process payments, issue receipts, calculate and remit applicable taxes, and detect and prevent fraud.
  • To communicate with you about your purchase or engagement — confirmations, scheduling, deliverables, project updates, warranty escalation.
  • To meet legal, regulatory, and accounting obligations, including business record-keeping, tax filings, and limitation-period record retention.
  • To improve our services — analyzing aggregate, de-identified patterns in how clients use the site and which deliverables they engage with.
  • To send marketing communications, where you have given separate, express consent. You can withdraw that consent at any time.

We rely on your consent (express or implied by your engagement with us) as the primary basis for handling your personal information, except where the law authorizes or requires us to handle it without consent.

4. Who we share it with

We share personal information only with service providers and partners who help us deliver the service you purchased. We require service providers to handle your information in accordance with this policy and applicable law.

StripePayment processing. Stripe is the controller of card data. Stripe’s privacy policy governs that data.
ResendTransactional email delivery — order confirmations, deliverables, project updates. Resend processes email content and addresses to deliver mail.
Cal.comCalendar scheduling for Discovery Calls, Sourcing Counsel, and similar bookings. Cal.com processes the booking details you submit.
Suppliers, workshops & makersFor project engagements only. We share project-relevant information — piece specifications, delivery addresses, and project notes — strictly as needed to place and fulfil purchase orders on your behalf, and only with your consent under the MSA.
Freight & logistics partnersFor project engagements only. We share delivery addresses, contact details, and shipment details required for last-mile coordination.
TelegramOptional. If you opt in to Telegram updates, your messages are delivered through Telegram’s service. You can opt out at any time.
VercelSite hosting and infrastructure. Standard server logs and request data pass through Vercel.
Professional advisors & authoritiesWhere required by law or to defend a legal claim, we may share information with our accountants, lawyers, regulators, or law enforcement.

We do not sell, rent, or trade your personal information.

5. Where it lives

Personal information collected through paid services and project engagements is stored in DAF-controlled databases and in our hosted infrastructure on Vercel, with encrypted off-site backups equivalent to industry-standard object storage. Email content delivered through Resend, payment metadata held by Stripe, and bookings handled by Cal.com live in those providers’ systems for their retention windows.

6. How long we keep it

Transaction recordsSeven (7) years from the date of the transaction, in line with BC limitation periods and Canada Revenue Agency record-keeping requirements.
Project intake briefsHeld for the lifecycle of the project plus two (2) years after the project closes, then deleted or de-identified.
Briefs that do not become engagementsHeld for up to 12 months and then deleted, unless you ask us to delete sooner.
Communication historyHeld for the longer of the related transaction-record period and the duration of any active warranty, Lifeware, or subscription relationship.
Marketing-only subscribersHeld until you unsubscribe, then deleted on the next routine purge.

7. Your rights

Under PIPEDA and BC PIPA, you have the right to:

  • Access the personal information DAF holds about you.
  • Request correction of inaccurate or incomplete information.
  • Withdraw consent for non-essential processing at any time, subject to legal and contractual restrictions (for example, transactional emails on an active engagement).
  • Request deletion of personal information that is no longer required for the purpose it was collected, subject to legal retention obligations described above.
  • Be informed about how your information is being used.

To exercise any of these rights, email hello@davidandrewfurniture.com with your request. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

8. Cookies & analytics

We use a minimal set of cookies that are required for the site to function — session cookies for the procurement chat, sign-in cookies if you create an account, and a basic preference cookie or two for the site experience. We do not run third-party advertising cookies or cross-site behavioural tracking.

Where we use analytics, we configure them to minimize the personal information collected (for example, IP truncation) and do not use them to build advertising profiles. You can use your browser’s “Do Not Track” or equivalent privacy controls; we honour them where technically applicable.

9. Cross-border transfers

Some of our service providers process personal information outside Canada, including in the United States. Specifically:

  • Stripe processes payment data in the United States.
  • Resend delivers transactional email from infrastructure in the United States.
  • Vercel hosts and routes site traffic through a global edge network that includes the United States.
  • Cal.com processes scheduling data in the United States.
  • Some workshops and freight providers are based outside Canada and operate under the laws of their own jurisdictions.

When personal information is processed outside Canada, it may be accessible to foreign courts, law enforcement, and national-security authorities under the laws of those countries. By using DAF services you acknowledge these cross-border transfers. If you have questions or concerns about a specific transfer, contact the privacy officer at the address above.

10. Children

DAF’s services are not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact the privacy officer and we will delete it.

11. Security

We use reasonable physical, technical, and administrative safeguards to protect personal information. These include TLS encryption in transit, access controls on databases and admin surfaces, off-site encrypted backups, and isolation of payment data with Stripe. No system is perfectly secure, and we cannot guarantee the absolute security of personal information transmitted to us.

If we become aware of a privacy breach affecting your personal information that meets the “real risk of significant harm” threshold under PIPEDA, we will notify you and the Office of the Privacy Commissioner of Canada as required by law.

12. Changes to this policy

We may update this policy. The effective date at the top of this page reflects the most recent revision. We will notify active clients by email of material changes — changes that meaningfully reduce your rights or expand our handling of your information — at least 30 days before they take effect.

13. Contact & complaints

Privacy officer: hello@davidandrewfurniture.com

If you are not satisfied with how DAF has handled your personal information or a privacy request, you can file a complaint with:

  • The Office of the Information & Privacy Commissioner for British Columbia (OIPC BC) oipc.bc.ca.
  • The Office of the Privacy Commissioner of Canada (OPC) priv.gc.ca.