Privacy Policy

Last Updated: January 29, 2026

At BRIO COMMERCE INC., we recognize the sensitivity of financial data and are committed to protecting your privacy. This Privacy Policy outlines how we collect, use, store, and protect your personal information in strict accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws.

1. Information We Collect

1.1 Personal Identification Information

We collect information necessary to identify you and manage your account:

• Identity Data: Legal name, email address, phone number (optional)
• Account Credentials: Username and securely hashed password
• Communication Preferences: Notification settings and language preference
• Profile Information: Savings goals, budget categories, and financial preferences you configure

1.2 Financial Transaction Data

To power our automated expense tracking and savings tools, we access read-only transaction data via secure, third-party financial data aggregators:

• Transaction History: Dates, amounts, merchant names, and transaction categories
• Account Information: Bank and credit card account balances, account types, and financial institution names
• Spending Patterns: Aggregated data used to generate insights and recommendations

1.3 Usage and Technical Information

We automatically collect certain technical information to improve service quality and security:

• Device Information: Device type, operating system, browser version
• Location Data: IP address and approximate geographic location (for fraud prevention)
• Usage Analytics: App features used, session duration, and interaction patterns
• Log Data: Error reports, crash logs, and system diagnostics

2. How We Use Your Information

2.1 Service Delivery and Core Functionality

Your information is used strictly to provide and enhance ExpenseBRIO App services:

• Facilitate automatic savings transfers and round-up transactions
• Categorize expenses and analyze spending patterns
• Generate personalized financial insights and budgeting recommendations
• Track progress toward your savings goals
• Send timely notifications about account activity and milestones

2.2 Account Security and Fraud Prevention

We use your information to maintain the highest standards of account security:

• Verify your identity and prevent unauthorized access
• Detect and prevent fraudulent transactions
• Monitor for suspicious activity or potential security breaches
• Enforce our Terms of Use and prevent abuse

2.3 Customer Support and Communication

• Respond to your inquiries and support requests
• Communicate important service updates and security notices
• Process subscription payments and send billing statements
• Notify you of new features or service improvements (with your consent)

2.4 Product Development and Improvement

We analyze aggregated, anonymized data to enhance ExpenseBRIO App:

• Identify and resolve technical issues and bugs
• Understand which features provide the most value
• Develop new features based on user behavior insights
• Optimize user experience, interface design, and performance

2.5 Legal and Regulatory Compliance

We may process your information to comply with legal obligations:

• Respond to lawful requests from law enforcement or regulatory authorities
• Comply with Canadian financial reporting and record-keeping requirements
• Enforce our legal rights and protect against liability
• Prevent fraud, money laundering, and other illegal activities

3. How We Protect Your Information

3.1 Industry-Leading Security Standards

3.2 Third-Party Security Certifications

Our third-party financial data aggregation partners are certified and comply with:

• PCI DSS (Payment Card Industry Data Security Standard)
• SOC 2 Type II compliance for data security
• PIPEDA requirements for handling Canadian personal information

3.3 Data Retention Policy

We retain your information only as long as necessary to provide services and comply with legal obligations:

• Active Accounts: Personal and financial data is retained while your account is active
• Closed Accounts: Upon account closure, we delete or anonymize your personal data within 90 days, unless retention is required by law
• Financial Records: Transaction data may be retained for up to 7 years to comply with Canadian financial record-keeping requirements
• Legal Hold: Data may be retained longer if required for legal proceedings or regulatory investigations

4. Information Sharing and Disclosure

4.1 We Do Not Sell Your Data

4.2 Trusted Service Providers

We share information only with carefully vetted service providers essential for delivering ExpenseBRIO App services. Each partner is contractually bound to maintain PIPEDA-level security standards and use your data only as we direct:

• Financial Data Aggregators: Certified partners who securely facilitate read-only connections to your financial institutions
• Cloud Infrastructure Providers: Secure Canadian data centers that host our servers and databases
• Payment Processors: PCI-compliant services that process subscription payments
• Analytics Platforms: Tools that analyze anonymized, aggregated usage data for product improvement
• Customer Support Tools: Platforms that help us provide responsive customer service

4.3 Legal Disclosure Requirements

We may disclose your information when legally required or necessary to protect our rights:

• In response to valid legal processes (subpoenas, court orders, search warrants)
• To comply with applicable laws and regulations
• To protect the rights, property, or safety of BRIO COMMERCE INC., our users, or the public
• In connection with fraud investigations or prevention of illegal activity
• As part of a business transaction (merger, acquisition, or sale of assets), with advance notification to affected users

5. Your Privacy Rights Under PIPEDA

As a Canadian resident, you have specific rights under PIPEDA regarding your personal information:

5.1 Right to Access

You have the right to request a copy of all personal information we hold about you. We will provide this information in a clear, understandable format within 30 days of your request.

5.2 Right to Correction

You can request corrections to any inaccurate or incomplete personal information. Updates can be made directly through your account settings or by contacting our Privacy Officer.

5.3 Right to Withdraw Consent

You may withdraw your consent for data processing at any time. Please note that withdrawing consent may limit or prevent your use of certain ExpenseBRIO App features, or may require account closure.

5.4 Right to Data Portability

You can export your financial data in standard formats (PDF, CSV, Excel) at any time through the app's export feature, allowing you to transfer your information to another service.

5.5 Right to Deletion

You may request permanent deletion of your account and all associated data. We will process deletion requests within 30 days, subject to legal retention requirements. Once deleted, your data cannot be recovered.

5.6 Right to Object

You can object to certain types of data processing, such as the use of your data for marketing purposes. You can opt out of promotional communications at any time.

5.7 Right to File a Complaint

If you believe we have violated your privacy rights, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada. We encourage you to contact us first so we can address your concerns directly.

6. Cookies and Tracking Technologies

ExpenseBRIO App uses cookies and similar technologies to provide, protect, and improve our services. Cookies are small text files stored on your device that help us:

• Remember your login session and preferences
• Analyze how users interact with our app
• Detect and prevent fraudulent activity
• Provide personalized content and recommendations

You can control cookie settings through your browser preferences. For comprehensive information about our cookie practices, please refer to our Cookie Policy.

7. International Data Transfers

While your data is primarily stored and processed in Canada, certain service providers may process data outside Canada. When data is transferred internationally, we ensure:

• Transfers comply with PIPEDA requirements
• Adequate data protection measures are in place
• Contractual safeguards require PIPEDA-equivalent protection standards
• You are informed of any significant international data transfers

8. Children's Privacy

ExpenseBRIO App is not intended for use by individuals under the age of 18. We do not knowingly collect, use, or disclose personal information from children under 18. If we become aware that we have inadvertently collected information from a child under 18, we will take immediate steps to delete that information from our systems.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at contact@cantrustai.com.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in our data practices or business operations
• New legal or regulatory requirements
• Improvements to our security measures
• User feedback and best practices

We will notify users of significant changes via:

• Email notification to your registered email address
• Prominent in-app notifications
• Updates to the "Last Updated" date at the top of this policy

Continued use of ExpenseBRIO App after changes to this policy constitutes acceptance of the updated terms. If you do not agree with changes, you may close your account.

10. Contact Our Privacy Officer

BRIO COMMERCE INC. has designated a Privacy Officer responsible for ensuring compliance with PIPEDA and addressing privacy-related inquiries. If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

We are committed to responding to all privacy inquiries within 30 days. For urgent security concerns, please mark your communication as "URGENT - SECURITY" in the subject line.