Arlo CMMS

Privacy Policy

Last updated: May 8, 2026

Arlo CMMS (“Arlo,” “we,” “us”) is a maintenance management application operated by Common Good Labs, based in Ontario, Canada. This Privacy Policy explains what information we collect, why we collect it, and how we handle it. We comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

1. Information we collect

We collect only what we need to provide the service:

  • Account information. Your name, email address, password (stored hashed, never in plain text), organization name, and role.
  • Operational data. Information you enter into the app: assets, locations, work orders, preventive maintenance schedules, time entries, comments, photos, and other content you upload.
  • Usage data. Basic technical information needed to run the service — IP address, browser type, pages viewed, and timestamps. We do not use third-party advertising trackers.
  • Communications. If you email us for support, we keep that correspondence so we can help you.

2. Why we collect it

  • To provide and maintain the Arlo service.
  • To authenticate you and protect your account.
  • To respond to support requests.
  • To send you essential service-related emails (e.g. password resets, security alerts, terms updates). We do not send marketing emails without your explicit consent.
  • To diagnose and fix bugs and improve the product.

3. Where your data is stored

Your data is stored on infrastructure operated by Supabase and Vercel, our hosting and database providers. Data may be processed in Canada or the United States depending on the region of the underlying infrastructure. Both providers are subject to their own privacy and security commitments.

4. Who we share it with

We do not sell your data. We do not share it with advertisers. We share information only with:

  • Service providers we rely on to operate Arlo (Supabase for database and authentication, Vercel for hosting). These providers may only use your data to provide their services to us.
  • Other users in your organization, where the data is shared by design (e.g. work orders assigned to a teammate). Permissions follow the role you assign within Arlo.
  • Law enforcement or courts, only when legally required (subpoena, court order, or to protect against imminent harm). We will tell you if this happens unless legally prohibited from doing so.

5. How long we keep it

We keep your data for as long as your account is active. If you delete your account, we delete your operational data within 30 days, except where we are required to retain certain records (e.g. for tax, accounting, or legal compliance) or to defend against legal claims. Backups may persist for up to 90 days before being purged.

6. Your rights

Under PIPEDA and applicable provincial law, you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Request deletion of your account and associated data.
  • Withdraw consent for processing (note: this may mean we can no longer provide the service).
  • Export your data in a portable format.
  • File a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) if you believe we have not handled your information properly.

To exercise any of these rights, email support@arlocmms.com. We will respond within 30 days.

7. Cookies and tracking

We use a small number of essential cookies, primarily to keep you signed in. We do not use advertising cookies, third-party analytics with cross-site tracking, or social media trackers.

8. Security

We use industry-standard practices to protect your data, including encryption in transit (HTTPS), encryption at rest, hashed passwords, and access controls. No system is perfectly secure, but we work hard to keep yours as safe as we can.

9. Children

Arlo is not intended for users under 16. We do not knowingly collect information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or via a prominent notice in the app at least 30 days before the changes take effect. The “Last updated” date at the top of this policy reflects the most recent revision.

11. Contact us

Questions about this policy or your data? Email support@arlocmms.com.

Common Good Labs
Ontario, Canada

Privacy Policy·Terms of Service·Accessibility·Security·support@arlocmms.com