Privacy Policy

as of July 11, 2025

We collect and process certain information about you in order to operate this Web site and sell goods and services to you. Some other entities also collect and process information about you on our behalf. This policy informs you about matters relating to personal information. You should read this Privacy Policy. It is part of the terms and conditions of using this Web site and doing business with us.

Personal information we collect and process

Your email address

When you create an account, you must provide your email address, it must be your real email address, and you are agreeing to read email we send to that address. We use your email address as the identifier for your subsequent logins to our system, and as the primary means of contacting you for any and all communications related to these services. We verify it before allowing your account to be used. We must have a way of contacting you that works, in order to fulfill our contract with you. Your email address is also used for similar purposes of contact and identification by some third parties we deal with, as described in the section on third-party processing, below.

We will use your email address as the primary means of contacting you for matters related to this Privacy Policy, or in other circumstances where we may be required to contact you. Your email address is recorded internally with such things as comment threads, and is visible to the workers who moderate comments.

We store your email address as part of your account and in the records of your orders and activities, normally indefinitely.

Your name and address

When you place an order to subscribe for or renew access to the paid portions of the service, you must provide your name and (geographic or postal) address so that we can fulfill our obligations in the contract you are making with us. We are obligated to use your address for deteriming what sales tax, if any, applies to your order. This information is shared with certain other parties involved in processing and fulfilling your order, as described in the section on third-party processing, below. Your name and address are also used to verify any credit card transaction you make, in order to protect you from fraud.

We store your name and address, normally indefinitely with the record of each order, so that we can provide post-sale support and to allow you to look up information about past orders on our Web site. It also is usually included in tax-related and import/export records which we are required to keep for a minimum of six years.

Financial information

As a company incorporated under the Canada Business Corporations Act, we are legally required to keep certain financial records. Some of these records may incidentally contain personal information about you. We are required to keep all tax-related information (even including information about international transactions to which no Canadian tax applies, since we must be able to prove that no Canadian tax did apply) for a minimum of six years; and details of physical imports and exports for a minimum of six years. Some items that would not normally contain much or any personal information, such as annual reports, we may be required to keep indefinitely. In addition, as a matter of good accounting practice we keep the corporate general ledger indefinitely, and we are required to keep an audit trail of our financial records which, because this is the point of an audit trail, does not allow for completely eradicating all traces of information once stored.

If you make a payment to us with cryptocurrency then the transaction will be recorded in a distributed public ledger called a blockchain. Blockchain records are permanently visible to the whole world, a fact which has important privacy-related consequences. See the separate section below on "Privacy considerations related to cryptocurrency" for more information.

Cookies

Like almost all other sites on the Web, our Web site uses cookies to allow the retention of session, state, and preference information from one page load to the next. Cookies are not files. They are short identifiers which our servers, though a standardized protocol, request your Web browser to transmit back to us on each connection. For instance, when you add items to a shopping cart, your browser sends a cookie; and when you check out, it sends the same cookie, allowing our server to retrieve the stored information about what items are in your shopping cart.

You can configure your Web browser not to send cookies, or to send only a limited selection of cookies. This configuration must be done by you. We cannot alter the configuration of your Web browser. We inform you about the existence of cookies on the first five pages you view on our site, if you do not manually close the notice earlier. The fact that you have seen this notice is itself represented in a cookie, and you will see the notice again after deleting your cookies, or on every page if you configure your browser not to send cookies.

Choosing not to send cookies will probably make logging into and using this Web site impossible, but it is under your control.

The privacy banner at the top of each page is controlled by cookies, and you can re-display it with this button:

Redisplay

We also have a page of recipes for the other kind of cookies.

Log information

Like almost all other sites on the Web, our site is provided using Web servers which keep logs of all HTTP and HTTPS transactions, including technical information such as your IPv4 or IPv6 addresses, the URLs on our site to which your browser connects, the time and date of each transaction, the User-Agent string by which your browser identifies itself, the number of bytes sent and received, any errors that were detected, and other similar pieces of information routinely sent by your browser, which we collectively refer to as "log information."

There are some items of log information, such as your IP address, which we cannot possibly avoid collecting and processing at least briefly when you connect, because their use is essential to the Internet connection by which you view pages on our site. Some others, such as the User-Agent string, are under your control by configuring your browser.

Log information is not in itself personally identifiable, but it could possibly be correlated with other information (such as the timing of Web-storefront orders) to become personally identifiable. We do not routinely perform such correlation.

We collect, store, and process log information as a necessary part of operating a stable and secure Web site. We most frequently use it for intrusion detection, in support of our obligations to you and others to maintain the security and integrity of personal, financial, and other data on our systems. We also use log information for resolving technical problems encountered during routine maintenance.

Attempts to prevent us from receiving necessary log information such as IP address are evidence of hostile intent and not permitted.

Some of our intrusion detection systems operate automatically and will disconnect or block connections from a suspected intruder without human intervention, on the basis of suspicious patterns detected in log information. Such automated decision-making is necessary to fulfill our obligations to you and others of maintaining industry standards of privacy and security.

The main HTTP/HTTPS log on our backend server is automatically deleted after an amount of time that varies depending on the overall level of traffic but is typically ten days. Other servers, and other server software on the main server, keep other logs, but those are even less likely than the main HTTP/HTTPS log to contain personally identifiable information, and they are automatically deleted on similar schedules.

Third parties who process data on the Web on our behalf also maintain similar log information, usually without sharing it with us or others. See the notes below on our relationships with specific third party processors and their privacy policies.

Analytics

We process statistical reports, also called "analytics," about our Web site and the pages on it that receive visits, both using the cookies your browser sends and using log information associated with images and Javascript from our site. Some cookies and log information are collected specifically to support analytics. This statistical information includes such things as which pages were visited first, how long users spent looking at each page, which sequences of pages they followed, the general geographic areas from which we receive visitors, and which browsers and screen resolutions were used. We use this statistical information for analysing the usage patterns of our Web site, and for optimizing the site to better serve our markets. Summaries of statistical information are archived indefinitely in a form that cannot be used to identify you.

The subset of log information stored in our analytics system is normally kept for up to six months, potentially as much as one year; the cookie information is kept by you, potentially for up to the two-year default cookie expiry requested by our analytics software, but subject to your own decisions when you configure your browser.

We do not use Google Analytics or similar third-party tracking systems that connect with advertising on other Web sites; we host our own analytics system on the same servers that provide the rest of the Web site, and we do not share the data from it.

Information that may appear in backups

Like almost all professionally-run enterprises that use computers, we maintain both automatic and manual regular backups of the data on our systems as a whole and of especially important data sets in particular.

Our backups are arranged in a hierarchy from frequently-made and easily-accessible spare copies of data (such as within RAID systems: multiple copies of the data stored as soon as it is collected) to long-term archives stored in secure locations physically separate from our main operations.

Information removed from our systems, either by automatic processes such as the expiry of log files, or as a result of your requests under this Privacy Policy, may continue to exist for a time in our backup system until the backups expire.

The backups we keep that are most relevant to personal information about you consist of a rotating set of daily and weekly backups of the main backend server, the oldest of which are automatically overwritten after 14 days. Manually-created "snapshot" backups sometimes also exist and may continue to store otherwise-deleted information for up to six months. Other backups we make, some of them with longer retention times, do not ordinarily contain personally identifiable information about you.

Some financial records are permanently archived to write-only backup media and we are not permitted to destroy these.

Third-party data processors are all expected, and many are legally required, to keep backups of their own. They do not share their backups with us.

Specially sensitive personal information

We do not collect or process information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data of any kind, data concerning health, or anyone's sex life or sexual orientation.

We do not collect or process information relating to criminal convictions and offences or related security measures.

We do not collect or process information specifically related to children, to the age of persons, or to whether you are a child. Our services are not targeted specifically to children. It is our obligation to treat all persons equally without regard to age.

Do not send us specially sensitive personal information of these kinds.

Third-party processing

Cloud hosting

Some of our own collection and processing of your data is performed on cloud servers rented from Linode LLC, a US corporation. The servers we rent from them are physically located in Canada. Linode does not directly handle any data about you, but in principle they have access to all the data we store or process on these servers because they provide and maintain the infrastructure.

Linode's Privacy Policy is at https://www.linode.com/privacy and applies to the services they provide.

Financial processing

When you make a credit card transaction on this Web site, the transaction including associated personal information is processed by Stripe, Inc., a US corporation, and its affiliates. As a payment processor and part of the banking industry, Stripe's collection and use of personal information is heavily regulated by law; and some issues implicating Internet privacy for other data (such as handling of data deletion requests) are pre-empted by legal record-keeping requirements for financial data.

Personal information in credit card transactions is often used by entities involved in credit card processing for automated decision making to detect and reject fraudulent transactions, and so transactions may be declined on the basis of such automated decisions. North Coast Synthesis Ltd. only makes fraud-rejection decisions under human control, but we set minimum requirements for valid card information to accept a transaction, and we are unable to process transactions that the Stripe system rejects, and it may do so on the basis of automated decisions. Your own card issuer may also reject transactions that we and Stripe would allow, on the basis of automated decision-making, subject to your agreement with your card issuer.

Stripe offers customers the option to store their card information on Stripe's servers, for easier future use with other merchants who may use Stripe for payment processing. If you choose to do that, then it is a matter between you and Stripe and is governed by their Privacy Policy. We do not have access to any such stored card information. We are not involved in the relationship between you and Stripe.

Stripe's Privacy Policy is at https://stripe.com/ca/privacy and applies to the services they provide.

Similarly, if you make financial transactions with us in some other way, other payment processors may be involved. If you send us money by Interac e-Transfer, you must necessarily do it using an account you have already established with your own bank, and according to whatever terms and conditions you have agreed upon with them, which will probably include terms about collection and sharing of personal information. You must contact your choice of bank for its specific privacy policy, but a general privacy policy of Interac itself is at https://www.interac.ca/en/privacy-policy.html.

If you use a wallet service such as Apple Pay on this Web site, then your use of that service will be subject to the wallet service's privacy policy, as well as the considerations that may apply to any credit card you use with the wallet service. Apple's Privacy Policy is at https://www.apple.com/legal/privacy/en-ww/ . Our connection to Apple Pay is through our Stripe merchant account and so Stripe's privacy policy also applies to these payments.

Audience participation on the Web site

When you post comments on this Web site, they are visible to other users, along with the date and time you posted them, and the "screen name" you selected during account creation. We also offer a feature by which you can write a profile or biography, and provide a Web link, which will be visible to other users. All this information is public, and the decision to post it or not is yours.

Our system does not show your current membership level or expiry date, to other users except our own staff. All free and paid membership levels have the same appearance in comment threads. However, because some areas of the site are limited to specific access levels, other users who see your postings in a limited area will be able to infer that you must have (or had at the time of posting) a level of membership that allowed you to make those postings.

Even if you post your comments in sections of the Web site that are limited to paying members, the fact that anyone can pay for a membership to view such sections means your postings will be effectively public. And we cannot promise that the member-access restriction levels of different parts of this Web site will remain unchanged in the future.

Notwithstanding that we attempt to prohibit misuse of publicly-posted material, we cannot offer any guarantees at all regarding the privacy of any information you post publicly. You should not post comments, use your real name as your screen name, or create a public profile or biography, unless you wish these things to be public, and we will take your public posting of comments or other information as confirmation that you do wish the comments or other information to be public.

In particular, please be aware that posting inventions on this Web site, even in members-only areas, is likely to be viewed by courts as prior publication, which could make it difficult for you to subsequently patent your inventions. You should not post anything here for which you intend to later file a patent application.

Some pages of this site may offer you the opportunity to vote in informal polls. These polls are meant to function as secret ballots, but they are not highly secure, and the overall vote totals are normally made public at least at the end of the polling period, possibly earlier, or on an ongoing basis for a poll that remains open indefinitely. We do not publish who voted for each option, but that information is recorded in our databases and is visible to our staff. A careful observer who knew when you were logging into the site might well be able to work backwards from rapidly-updated vote totals to guess how you voted if at all, and whether your voted. You should not vote in polls on our site if carefully maintaining the secrecy of your vote is important to you.

Privacy considerations related to cryptocurrency

As of this writing, the Matthew Explains Web site does not accept cryptocurrency. The following information about cryptocurrency is from the main North Coast Synthesis Ltd. online shop's privacy policy, and it will apply to Matthew Explains at such time in the future as this service may accept cryptocurrency.

Payments in cryptocurrencies such as Bitcoin and Ethereum are recorded in blockchains, which are public and permanent ledgers of all the transactions ever made in each cryptocurrency, worldwide. As such it is difficult or impossible for cryptocurrency payments to be secret or anonymous. Anybody can audit the ledgers to track the flow of money between accounts.

In order to make tracking of payments less threatening to privacy, we use multiple addresses for incoming payments and we regularly replace them. Fresh addresses at our end make it harder for observers to link the identities of our customers to each other. You can make your payments more anonymous by also generating a fresh address of your own for every payment you make, which reduces the possibility of observers finding links between the different parties (us and others) with whom you send and receive payments. Some wallet software has features designed to make it easier to generate and use multiple addresses.

But even with multiple addresses, it is likely that someone who has partial knowledge of cryptocurrency transactions you made, will be able to connect your payment address with your personally identifiable information, and learn about your other transactions. For instance, an exchange where you bought cryptocurrency might be able to learn that you eventually spent that cryptocurrency to buy products from us; and someone who knows or can guess that you dealt with us on a given date, and the amount you likely spent, might be able to learn one of our addresses and then trace backward to guess yours, subsequently finding out about any other transactions you made on the same address. Exactly what might or might not be visible, will vary depending on your transaction patterns and on many technological details.

There are four main points to understand about the privacy of cryptocurrency payments made to North Coast Synthesis Ltd.

• The underlying technology of cryptocurrency creates permanent and public records of all payments, as a basic feature of its design.
• We take some measures to improve the anonymity of cryptocurreny payments made to us, but the nature of the technology limits what we can do; the records remain fundamentally public.
• We cannot destroy public records that are stored on a blockchain, in response to a privacy request from you or for any other reason. Nobody can.
• The privacy of your cryptocurrency transactions depends very much on your own actions and choices in how you use these systems, and it is your responsibility.

Sharing

Except as required by the relationships described above, it is our policy in general not to share personal information about you with any other parties.

In some instances, such as when required to do so by a Canadian court order, we may be legally required to share information about you, and even to do so without notifying you. It is our policy in general not to honour requests that purport to have legal authority when it is not clear that we are obligated to do so, for example, if they claim authority other than on the basis of Canadian law; if they contain threats of any kind; or if they do not have the backing of a Canadian court order.

When resolving technical and security problems, and especially if you attack us or our systems, it may be necessary or appropriate for us to share technical information with administrators of computer systems and others as necessary in order to resolve the problems, protect others from attack, and to fulfill our obligation to maintain the security of personal and financial information. Technical information we share when resolving technical and security problems may incidentally include information about you. We will limit this kind of sharing to the minimum of what is necessary or appropriate.

Your privileges

To the extent it may be required or permitted by law, you can request that we provide you with copies of personal information we have about you.

To the extent it may be required or permitted by law, you can request that we correct, destroy, or limit to specific purposes the processing of, personal information we have about you.

If the security of personal information about you has been compromised, or has probably been compromised, in a meaningful way by an intrusion or other security-related incident, then we are obligated to inform you about it promptly, and we may use any contact information we have collected, with preference to the email address, to contact you.

You can complain about this Privacy Policy, or about our behaviour under it or in relation to other privacy-related laws and regulations, by contacting the Office of the Privacy Commissioner of Canada, https://www.priv.gc.ca/en/.

When you request access, correction, destruction, or limitation of processing with respect to personal information about yourself, we are obligated (in order to protect your own rights) to verify that you really are the person the information is about. You are not permitted to make these requests with respect to personal information about someone other than yourself. We do not accept form letter privacy requests drafted, promoted, or submitted by third parties.

We cannot grant all requests because we have obligations and legitimate needs that can override some requests, but if we cannot grant a request we will at least give some explanation of why not.

We do not charge a fee to grant any ordinary privacy-related requests, but we can charge a reasonable fee if necessary in the case of unusually difficult or frequent requests.

All privacy-related requests should be addressed by email to mskala@northcoastsynthesis.com or by post to:

North Coast Synthesis Ltd. 156 Mavety St Toronto ON M6P 2L9

Other matters

Such words and phrases as "North Coast," "we," and "us" refer to North Coast Synthesis Ltd., a company incorporated under the laws of Canada. Such words as "You" refer to the natural person who visits this Web site and may be subject of personal information.

Privacy rights in general are only applicable to natural persons. That means human beings; corporations and other kinds of non-human legal entities do not have privacy rights. Artificial intelligence models do not have privacy rights.

We and the third parties we contract with take appropriate steps in accordance with industry standards to protect the security, privacy, and integrity of personal information.

We reserve the right to modify this privacy policy at any time. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use or disclose it.

This Privacy Policy and any claims under it are governed by the laws of Canada.