Awditify Technologies Inc. ("Awditify," "we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy ("Policy") describes how we collect, use, disclose, retain, and safeguard information when you visit our website (awditify.com), use our cloud-based accounting platform, mobile applications, APIs, or any related services (collectively, the "Service").

We are incorporated under the laws of the Province of Alberta, Canada, and we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), the Alberta Personal Information Protection Act (PIPA), and applicable Canadian privacy legislation.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices described herein, please do not use the Service.

1. Scope of This Policy

This Policy applies to:

Website visitors who access awditify.com or any of our public-facing web properties
Customers who create an Account and use the Service to manage bookkeeping, accounting, payroll, invoicing, or financial data
Authorized Users who access the Service under a Customer's Account
Prospective customers who interact with us through forms, chat, email, or social media

This Policy does not apply to third-party websites or services linked from the Service. We encourage you to review the privacy policies of any third-party service you interact with.

2. Information We Collect

2.1 Information You Provide Directly

Category	Examples	Purpose
Account Information	Name, email address, phone number, company name, billing address, job title	Account creation, authentication, billing, and communication
Financial Data	Bank account details, payment card information, transaction records, invoices, payroll data, tax returns, receipts	Providing the core Service functionality
Customer Data	Accounting entries, employee records, vendor information, client lists, chart of accounts, journal entries	Data you upload, input, or create through the Service for your business operations
Correspondence	Messages via contact forms, email, chat, support tickets, survey responses	Responding to inquiries, providing support, improving the Service
Payment Information	Credit/debit card numbers, bank account information for Subscription billing	Processing Subscription payments (handled by PCI-DSS compliant payment processors)

2.2 Information Collected Automatically

Category	Examples	Purpose
Device & Browser Data	IP address, browser type and version, operating system, device type, screen resolution, language preference	Security, analytics, optimizing user experience
Usage Data	Pages visited, features used, click patterns, session duration, navigation paths, referral URLs	Understanding usage patterns, improving the Service, troubleshooting
Log Data	Access logs, error logs, API call logs, authentication events	Security monitoring, debugging, compliance auditing
Location Data	Approximate geographic location derived from IP address	Compliance (tax jurisdiction), fraud prevention, localization

2.3 Cookies and Similar Technologies

We use cookies, web beacons, pixels, and similar technologies to:

Essential cookies: Authenticate users, maintain session state, and ensure security. These are strictly necessary and cannot be disabled.
Functional cookies: Remember your preferences (language, timezone, display settings) to enhance your experience.
Analytics cookies: Measure how you interact with the Service so we can improve functionality and user experience. We may use tools such as Google Analytics, with IP anonymization enabled.
Marketing cookies: Used only with your consent to deliver relevant advertisements and measure campaign effectiveness.

You can manage cookie preferences through your browser settings or our cookie consent tool. Disabling essential cookies may impair the functionality of the Service.

2.4 Information from Third Parties

We may receive information from:

Financial institutions: Bank feed data, transaction details provided through authorized bank integrations (e.g., Plaid, Yodlee)
Payment processors: Transaction confirmations, fraud assessments
Identity verification services: Verification results for compliance purposes
Public sources: Business registration databases, public filings

3. How We Use Your Information

We process your information for the following purposes, each supported by a lawful basis under applicable privacy law:

Purpose	Legal Basis
Providing, maintaining, and improving the Service	Performance of contract; legitimate interest
Processing Subscription payments and billing	Performance of contract
Authenticating users and maintaining Account security	Performance of contract; legitimate interest
Sending transactional communications (invoices, receipts, service updates)	Performance of contract
Providing customer support and responding to inquiries	Performance of contract; legitimate interest
Sending marketing communications (with your consent)	Consent
Analyzing usage trends and improving user experience	Legitimate interest
Fraud detection, prevention, and security monitoring	Legitimate interest; legal obligation
Complying with legal obligations (tax reporting, regulatory requirements)	Legal obligation
Enforcing our Terms of Service and protecting our rights	Legitimate interest
Developing new features and services	Legitimate interest
Generating aggregated, anonymized analytics and benchmarks	Legitimate interest

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers who process information on our behalf, subject to contractual obligations to protect your data. These include:

Cloud infrastructure providers (data hosting and storage)
Payment processors (Subscription billing, payment facilitation)
Email service providers (transactional and marketing communications)
Analytics providers (aggregated usage analysis)
Customer support platforms
Security and fraud prevention services

4.2 Financial Institutions

When you authorize bank feed connections, we share necessary authentication information with financial institutions and aggregation partners to retrieve your transaction data.

4.3 Professional Advisors

If you grant access to an accountant, bookkeeper, or other professional through the Service's collaboration features, we will share your relevant Account data with them as directed by you.

4.4 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, including to:

Comply with a subpoena, court order, or other legal process
Comply with requests from the Canada Revenue Agency (CRA) or other tax authorities
Enforce our Terms of Service
Protect the rights, property, or safety of Awditify, our customers, or the public

4.5 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your information may be transferred to the successor entity. We will provide notice of any such transfer and any choices you may have regarding your information.

4.6 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Retention

5.1 Retention Periods

Data Category	Retention Period	Rationale
Account Information	Duration of Account + 30 days	Service provision and data export period
Customer Data	Duration of Account + 30 days	Service provision, data export, and portability
Financial/Tax Records	Up to 7 years after Account closure	CRA requirements; federal/provincial tax law
Billing Records	7 years	Legal and accounting requirements
Server Logs	90 days	Security monitoring and troubleshooting
Analytics Data	26 months (anonymized)	Trend analysis and Service improvement
Marketing Consent Records	Duration of consent + 3 years	Compliance documentation
Contact Form Submissions	2 years	Customer support and follow-up

5.2 Data Deletion

Upon expiration of the applicable retention period, we will securely delete or anonymize your information. Certain data may be retained in backup systems for a limited additional period consistent with our backup retention schedule.

6. Data Security

We implement and maintain comprehensive administrative, technical, and physical security measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption: Data encrypted in transit (TLS 1.2+) and at rest (AES-256)
Access Controls: Role-based access control (RBAC), multi-factor authentication for staff, principle of least privilege
Infrastructure Security: Firewalls, intrusion detection and prevention systems, DDoS protection, regular vulnerability assessments and penetration testing
Application Security: Secure software development lifecycle (SSDLC), regular code reviews, dependency scanning, OWASP Top 10 mitigation
Monitoring: 24/7 infrastructure monitoring, security information and event management (SIEM), anomaly detection
Employee Training: Regular security awareness training and background checks for personnel with data access
Incident Response: Documented incident response plan with defined escalation procedures
Business Continuity: Regular backups, geographically distributed infrastructure, documented disaster recovery plan

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security. If you become aware of any security incident, please notify us immediately at security@awditify.com.

7. Your Rights and Choices

Under PIPEDA, PIPA, and other applicable privacy legislation, you have the following rights regarding your personal information:

7.1 Access

You have the right to request access to the personal information we hold about you. We will respond to access requests within thirty (30) days, or as required by applicable law.

7.2 Correction

You have the right to request correction of inaccurate or incomplete personal information. You can update most information directly through your Account settings.

7.3 Deletion

You have the right to request deletion of your personal information, subject to our legal retention obligations. You can delete your Account through Account settings or by contacting us. Certain information may be retained as required by law.

7.4 Data Portability

You have the right to export your Customer Data in a commonly used, machine-readable format. The Service provides built-in export functionality for your accounting data.

7.5 Withdrawal of Consent

Where we rely on your consent to process information, you may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing performed prior to withdrawal.

7.6 Marketing Opt-Out

You may opt out of marketing communications at any time by: (a) clicking the "unsubscribe" link in any marketing email; (b) updating your communication preferences in your Account settings; or (c) contacting us at privacy@awditify.com. Opting out of marketing will not affect transactional communications related to your Account.

7.7 How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Officer at privacy@awditify.com. We may need to verify your identity before processing your request. We will respond within thirty (30) days of receiving a verified request.

8. Cross-Border Data Transfers

Your information may be stored and processed in Canada and, in limited circumstances, may be transferred to jurisdictions outside Canada where our service providers operate. When we transfer personal information outside of Canada, we ensure that:

The transfer is necessary for the provision of the Service or as otherwise permitted under PIPEDA and PIPA
Appropriate contractual or other safeguards are in place to protect your information
The receiving jurisdiction provides a comparable level of protection, or adequate contractual protections are established

By using the Service, you consent to the transfer of your information to jurisdictions outside of Alberta and Canada as described in this Section, subject to the safeguards outlined above.

9. Children's Privacy

The Service is not directed to individuals under the age of 18 (or the age of majority in the applicable jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to promptly delete such information. If you believe a child has provided us with personal information, please contact us at privacy@awditify.com.

10. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no universally accepted standard for how to respond to DNT signals, we do not currently respond to such signals. We will update this Policy if a standard is established and we adopt a responsive approach.

11. Third-Party Links and Integrations

The Service may contain links to third-party websites, applications, or services that are not owned or controlled by Awditify. This Policy does not apply to such third-party services. We recommend reviewing the privacy policies of any third-party service before providing your information. Awditify is not responsible for the privacy practices of third-party services.

12. Data Breach Notification

In the event of a data breach involving your personal information that creates a real risk of significant harm, we will:

Notify you as soon as feasible after becoming aware of the breach, and in any event within 72 hours where required by law
Notify the Office of the Privacy Commissioner of Canada and, where applicable, the Information and Privacy Commissioner of Alberta
Provide details of the breach, the information involved, and the steps we are taking to mitigate any harm
Advise you of steps you can take to protect yourself

We maintain a documented breach response plan and conduct regular drills to ensure readiness.

13. Artificial Intelligence and Automated Processing

The Service may use artificial intelligence (AI) and machine learning for features such as:

Automated transaction categorization and matching
Anomaly and fraud detection in financial data
Smart suggestions for chart of accounts and expense classification
Optical character recognition (OCR) for receipt and document processing

These features process Customer Data to provide functionality within the Service. We do not use your Customer Data to train general-purpose AI models. You retain control over AI-assisted features and may review, override, or disable automated suggestions within the Service.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will provide notice of material changes by:

Posting the updated Policy on our website with a revised "Last Updated" date
Sending email notification to Account holders for material changes
Displaying an in-app notification when you next access the Service

We encourage you to review this Policy periodically. Your continued use of the Service after a revised Policy becomes effective constitutes your acknowledgment and acceptance of the updated Policy.

15. Complaints

If you have a complaint about our privacy practices, you may:

Contact our Privacy Officer at privacy@awditify.com. We will acknowledge your complaint within five (5) business days and provide a response within thirty (30) days.
If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the Office of the Information and Privacy Commissioner of Alberta (oipc.ab.ca).

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Awditify Technologies Inc.
Privacy Officer
Email: privacy@awditify.com
General Inquiries: support@awditify.com
Security Concerns: security@awditify.com
Alberta, Canada

This Privacy Policy was last revised on February 14, 2026.