Privacy Policy

Last updated: August 20, 2025

This Privacy Policy explains how 3bears Inc. ("we", "us", or "our") collects, uses, discloses, and safeguards personal information when you use Just Right, AutonomyOS, and Work Well (the "Service"). It also describes your rights and choices. If you do not agree, please do not use the Service.

1) Who we are & how to contact us

Controller/Provider: 3bears In., 1551663-3
Address: 86 Royal Gala Drive, Brighton, Ontario, Canada K0K 1H0
Email: hello@3bears.io
Data Protection Officer/Privacy Officer: Aya Kai Algar – kai@3bears.io

2) What we collect

We collect information you provide directly, information collected automatically, and information from third parties.

2.1 Information you provide

Account and profile details (name, email, password, organization, role)
Billing information (billing name, address, VAT/GST; payment card data is handled by our payment processor and never stored on our servers)
Support communications and content you submit (tickets, chat, files)
Optional marketing preferences and survey responses

2.2 Information collected automatically

Usage and event data (features used, clicks, pages/screens viewed, timestamps)
Device and technical data (browser, OS, IP address, language, approximate location)
Cookies and similar technologies (see Cookie Notice below)

2.3 Information from third parties

Single Sign-On providers (identity, email)
Payment processors (payment status, last 4 of card, expiration month/year, failure reason)
Referral/advertising partners (campaign and attribution data)

3) Why we use personal information (purposes & legal bases)

We use personal information to:

Provide and operate the Service (create accounts, authenticate, process transactions) – contractual necessity
Maintain and improve the Service (analytics, debugging, security) – legitimate interests/necessary for our services
Communicate with you (service messages, updates, security alerts) – contract/legitimate interests
Marketing with your consent and where permitted by law; you can opt out at any time
Comply with legal obligations and enforce terms, protect rights, prevent abuse

Where GDPR/UK GDPR applies, our legal bases are consent, contract, legitimate interests, legal obligation, and (where applicable) vital interests. Where CCPA/CPRA applies, we do not “sell” personal information as defined by law. If we ever “share” personal information for cross-context behavioral advertising, you will have the right to opt out and we will honor recognized opt-out preference signals (e.g., Global Privacy Control).

4) Cookies & similar technologies (Cookie Notice)

We use cookies, SDKs, and pixels to remember settings, keep you signed in, and measure performance. Non-essential cookies are used only with consent where required. You can manage preferences via our cookie banner and browser settings. [Link: Cookie Preferences]

5) How we share information

We share personal information with:

Service providers / processors that help us run the Service (hosting, analytics, email delivery, customer support, payment processing). They may only process personal information on our documented instructions and must protect it.
Business partners when you ask us to or connect an integration
Affiliates under common control, subject to this Policy
Authorities where required by law or to protect rights, safety, or the Service
Corporate transactions: in a merger, acquisition, financing, or sale of assets, we may transfer relevant information subject to appropriate safeguards

Add a short list of your key processors (e.g., cloud host, analytics provider, email/SMS provider, payments) in an appendix or your website’s security page.

6) Data retention

We keep personal information only as long as necessary for the purposes set out above and as required by law. We apply defined retention periods (e.g., account data retained while you have an account; billing records retained for 7 years). When no longer needed, we delete or anonymize.

7) Security

We implement technical and organizational measures appropriate to the risk, such as encryption in transit, access controls, logging, and employee training. No method of transmission or storage is 100% secure.

8) International transfers

If we transfer personal information outside its country of origin, we rely on lawful transfer mechanisms (e.g., Standard Contractual Clauses) and implement additional safeguards as needed.

9) Your rights

Depending on your location, you may have rights to:

Access, correct, delete, or port your personal information
Object to or restrict certain processing
Withdraw consent where processing is based on consent
Opt out of targeted advertising/“sharing,” and limit use/disclosure of sensitive personal information (where applicable)
Lodge a complaint with your data protection authority

To exercise rights, use email hello@3bears.io. We will verify your request and respond within the time required by law. Authorized agents may submit requests on your behalf where allowed.

10) Children’s privacy

The Service is not directed to children under 13 (or the age required by local law). We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us to request deletion.

11) Communications & marketing (CASL/Email)

We send service emails necessary to operate your account. For promotional messages, we obtain consent where required. You may unsubscribe using the link in our emails. Our sender details and unsubscribe mechanism comply with applicable anti-spam laws.

12) Payment processing

We use third-party payment processors (e.g., Stripe). They process your payment information subject to their privacy policies. We receive limited billing details and transaction metadata, not full card numbers.

13) Changes to this Policy

We may update this Policy. We will post the updated version and change the “Last updated” date. Material changes will be notified by email or in-product notice.

14) Jurisdiction-specific disclosures (supplements)

EU/EEA & UK (GDPR/UK GDPR)

Controller: 3bears Inc., 86 Royal Gala Drive, Brighton, Ontario, Canada K0K 1H0
Representative: Not required.
DPO: Not appointed (not legally required under GDPR Art. 37).
Legal bases: as set out in Section 3
Data subject rights: access, rectification, erasure, restriction, portability, objection; complain to your local authority
Transfers: we use SCCs and supplementary measures where required

California (CCPA/CPRA)

Categories collected/disclosed: identifiers, commercial information, internet activity, geolocation (approx.), inferences (if used), and other categories as described in Section 2
Sources, purposes, recipients: see Sections 2–5
Sale/Share: we do not sell personal information. If we “share” for cross-context behavioral advertising, you may opt out via Do Not Sell/Share link or recognized opt-out signals
Sensitive personal information: we do not use or disclose for purposes other than those permitted; you may request to Limit Use/Disclosure of SPI where applicable
Consumer rights and appeals: request to know, delete, correct; non-discrimination for exercising rights

Canada (PIPEDA)

Accountability: our Privacy Officer is responsible for compliance (see Section 1)
Consent: we obtain meaningful consent for collection, use, and disclosure, except where otherwise permitted by law

Access & correction: you can request access to and correction of your personal information

Go back home

Privacy Policy

Last updated: August 20, 2025

This Privacy Policy explains how 3bears Inc. ("we", "us", or "our") collects, uses, discloses, and safeguards personal information when you use Just Right, AutonomyOS, and Work Well (the "Service"). It also describes your rights and choices. If you do not agree, please do not use the Service.

1) Who we are & how to contact us

Controller/Provider: 3bears In., 1551663-3

Address: 86 Royal Gala Drive, Brighton, Ontario, Canada K0K 1H0

Email: hello@3bears.io

Data Protection Officer/Privacy Officer: Aya Kai Algar – kai@3bears.io

2) What we collect

We collect information you provide directly, information collected automatically, and information from third parties.

2.1 Information you provide

Account and profile details (name, email, password, organization, role)

Billing information (billing name, address, VAT/GST; payment card data is handled by our payment processor and never stored on our servers)

Support communications and content you submit (tickets, chat, files)

Optional marketing preferences and survey responses

2.2 Information collected automatically

Usage and event data (features used, clicks, pages/screens viewed, timestamps)

Device and technical data (browser, OS, IP address, language, approximate location)

Cookies and similar technologies (see Cookie Notice below)

2.3 Information from third parties

Single Sign-On providers (identity, email)

Payment processors (payment status, last 4 of card, expiration month/year, failure reason)

Referral/advertising partners (campaign and attribution data)

3) Why we use personal information (purposes & legal bases)

We use personal information to:

Provide and operate the Service (create accounts, authenticate, process transactions) – contractual necessity

Maintain and improve the Service (analytics, debugging, security) – legitimate interests/necessary for our services

Communicate with you (service messages, updates, security alerts) – contract/legitimate interests

Marketing with your consent and where permitted by law; you can opt out at any time

Comply with legal obligations and enforce terms, protect rights, prevent abuse

4) Cookies & similar technologies (Cookie Notice)

We use cookies, SDKs, and pixels to remember settings, keep you signed in, and measure performance. Non-essential cookies are used only with consent where required. You can manage preferences via our cookie banner and browser settings. [Link: Cookie Preferences]

5) How we share information

We share personal information with:

Service providers / processors that help us run the Service (hosting, analytics, email delivery, customer support, payment processing). They may only process personal information on our documented instructions and must protect it.

Business partners when you ask us to or connect an integration

Affiliates under common control, subject to this Policy

Authorities where required by law or to protect rights, safety, or the Service

Corporate transactions: in a merger, acquisition, financing, or sale of assets, we may transfer relevant information subject to appropriate safeguards

Add a short list of your key processors (e.g., cloud host, analytics provider, email/SMS provider, payments) in an appendix or your website’s security page.

6) Data retention

We keep personal information only as long as necessary for the purposes set out above and as required by law. We apply defined retention periods (e.g., account data retained while you have an account; billing records retained for 7 years). When no longer needed, we delete or anonymize.

7) Security

We implement technical and organizational measures appropriate to the risk, such as encryption in transit, access controls, logging, and employee training. No method of transmission or storage is 100% secure.

8) International transfers

If we transfer personal information outside its country of origin, we rely on lawful transfer mechanisms (e.g., Standard Contractual Clauses) and implement additional safeguards as needed.

9) Your rights

Depending on your location, you may have rights to:

Access, correct, delete, or port your personal information

Object to or restrict certain processing

Withdraw consent where processing is based on consent

Opt out of targeted advertising/“sharing,” and limit use/disclosure of sensitive personal information (where applicable)

Lodge a complaint with your data protection authority

To exercise rights, use email hello@3bears.io. We will verify your request and respond within the time required by law. Authorized agents may submit requests on your behalf where allowed.

10) Children’s privacy

The Service is not directed to children under 13 (or the age required by local law). We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us to request deletion.

11) Communications & marketing (CASL/Email)

We send service emails necessary to operate your account. For promotional messages, we obtain consent where required. You may unsubscribe using the link in our emails. Our sender details and unsubscribe mechanism comply with applicable anti-spam laws.

12) Payment processing

We use third-party payment processors (e.g., Stripe). They process your payment information subject to their privacy policies. We receive limited billing details and transaction metadata, not full card numbers.

13) Changes to this Policy

We may update this Policy. We will post the updated version and change the “Last updated” date. Material changes will be notified by email or in-product notice.

14) Jurisdiction-specific disclosures (supplements)

EU/EEA & UK (GDPR/UK GDPR)

Controller: 3bears Inc., 86 Royal Gala Drive, Brighton, Ontario, Canada K0K 1H0

Representative: Not required.

DPO: Not appointed (not legally required under GDPR Art. 37).

Legal bases: as set out in Section 3

Data subject rights: access, rectification, erasure, restriction, portability, objection; complain to your local authority

Transfers: we use SCCs and supplementary measures where required

California (CCPA/CPRA)

Categories collected/disclosed: identifiers, commercial information, internet activity, geolocation (approx.), inferences (if used), and other categories as described in Section 2

Sources, purposes, recipients: see Sections 2–5

Sale/Share: we do not sell personal information. If we “share” for cross-context behavioral advertising, you may opt out via Do Not Sell/Share link or recognized opt-out signals

Sensitive personal information: we do not use or disclose for purposes other than those permitted; you may request to Limit Use/Disclosure of SPI where applicable

Consumer rights and appeals: request to know, delete, correct; non-discrimination for exercising rights

Canada (PIPEDA)

Accountability: our Privacy Officer is responsible for compliance (see Section 1)

Consent: we obtain meaningful consent for collection, use, and disclosure, except where otherwise permitted by law

Access & correction: you can request access to and correction of your personal information