Privacy Policy

Last updated: February 7, 2026

PIPEDA Compliance: This Privacy Policy is designed to comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

1. Introduction

ACB Platform Inc. ("we", "us", "our") is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using ACB Platform, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

Type of Information Purpose
Email address Account creation, authentication, communication
Password (hashed) Account security and authentication
Company name (optional) Account identification, invoicing
Payment information Processing subscription payments (via Stripe)

2.2 Information Collected Automatically

Type of Information Purpose
IP address Security, rate limiting, fraud prevention
API usage data Billing, analytics, service improvement
Browser/device information Service optimization, troubleshooting
Access timestamps Security monitoring, audit logging

2.3 Financial Transaction Data

Important: When you use our ACB calculation APIs, you may submit transaction data including purchase/sale prices, dates, and quantities. We process this data only to provide calculations and do not store it beyond the immediate request unless required for audit logging.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Service Delivery: To provide and maintain the ACB Platform service
  • Authentication: To verify your identity and secure your account
  • Billing: To process payments and manage subscriptions
  • Communication: To send service-related notices and updates
  • Security: To detect and prevent fraud, abuse, and security threats
  • Compliance: To comply with legal obligations
  • Improvement: To analyze usage patterns and improve our Service

4. Legal Basis for Processing (PIPEDA Principles)

Under PIPEDA, we rely on the following legal bases:

  • Consent: You provide consent when creating an account
  • Contractual Necessity: Processing required to provide the Service
  • Legal Obligations: Compliance with tax and regulatory requirements
  • Legitimate Interests: Security, fraud prevention, service improvement

5. Data Retention

We retain your personal information as follows:

Data Type Retention Period
Account information Duration of account + 7 years
API usage logs 2 years
Transaction data submitted to API Not stored (processed in-memory only)
Payment records 7 years (tax compliance)
Security logs 1 year

6. Disclosure of Information

We may disclose your personal information to:

6.1 Service Providers

  • Stripe: Payment processing (see Stripe's Privacy Policy)
  • Oracle Cloud: Database hosting (Canada region)
  • Vultr: Application server hosting (Toronto, Canada)
  • Email providers: Transactional email delivery

6.2 Legal Requirements

We may disclose information when required by law, including:

  • Court orders or legal process
  • Government or regulatory requests
  • To protect our rights, property, or safety

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

7. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Password hashing using bcrypt
  • API key hashing (SHA-256)
  • Rate limiting and abuse prevention
  • Regular security audits
  • Access controls and audit logging

8. Your Rights Under PIPEDA

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Withdrawal of Consent: Withdraw consent (may affect service availability)
  • Complaint: File a complaint with the Privacy Commissioner of Canada

8.1 How to Exercise Your Rights

To exercise your rights, contact us at privacy@acbp.ca. We will respond within 30 days as required by PIPEDA.

9. Cookies and Tracking

We use cookies for:

  • Essential cookies: Authentication and session management
  • Security cookies: CSRF protection and fraud prevention

We do not use advertising cookies or third-party tracking. Our cookies are HttpOnly and Secure, protecting against XSS and man-in-the-middle attacks.

10. International Data Transfers

Your data is primarily stored and processed in Canada. Our database is hosted on Oracle Cloud (Canada region) and our application servers are hosted on Vultr (Toronto, Canada). If data is transferred outside Canada, we ensure adequate protection through:

  • Standard contractual clauses
  • Adequacy decisions where applicable
  • Data processing agreements with service providers

11. Children's Privacy

ACB Platform is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. Continued use after changes constitutes acceptance.

13. Contact Us

For privacy-related inquiries or to exercise your rights, contact our Privacy Officer:

Email: privacy@acbp.ca
Mail: ACB Platform Inc., Privacy Officer, Ontario, Canada

14. Privacy Commissioner

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada:

Website: www.priv.gc.ca
Phone: 1-800-282-1376

ACB Platform Inc. | Ontario, Canada

Terms of Service | Return to Home