Back to Home

PIPEDA Compliance

Personal Information Protection and Electronic Documents Act

Last updated: January 2025

Defences.app is committed to protecting your privacy in compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

PIPEDA's 10 Fair Information Principles

1. Accountability

Defences.app is responsible for personal information under our control. We have designated a Privacy Officer who is accountable for our compliance with PIPEDA.

Privacy Officer Contact: admin@defences.app

2. Identifying Purposes

We identify the purposes for which personal information is collected at or before the time the information is collected. Personal information is collected for:

  • Providing personalized AI tutoring services
  • Processing subscription payments
  • Improving our educational content and AI models
  • Communicating service updates and educational content
  • Preventing fraud and maintaining security

3. Consent

Your knowledge and consent are required for the collection, use, or disclosure of personal information, except where inappropriate. We obtain consent when you:

  • Create an account
  • Subscribe to paid services
  • Use our AI tutoring features
  • Submit study session data

You may withdraw consent at any time, subject to legal or contractual restrictions. To withdraw consent, contact admin@defences.app.

4. Limiting Collection

We collect only the personal information that is necessary for the purposes identified. We do NOT collect:

  • Social insurance numbers
  • Government-issued ID numbers (except as required by payment processors)
  • Sensitive health information
  • Information about minors under 13

5. Limiting Use, Disclosure, and Retention

Personal information is used or disclosed only for the purpose for which it was collected, except with your consent or as required by law.

We DO NOT:

  • Sell your personal information to third parties
  • Share your study sessions with other users
  • Use your data to train third-party AI models without permission
  • Disclose your information for marketing purposes without consent

Information is retained only as long as necessary for the identified purposes or as required by law.

6. Accuracy

Personal information is kept as accurate, complete, and up-to-date as necessary for the purposes for which it is to be used. You can:

  • Update your profile information in Settings
  • Request corrections by contacting admin@defences.app
  • View and manage your data at any time

7. Safeguards

Personal information is protected by security safeguards appropriate to the sensitivity of the information:

  • End-to-end encryption for data in transit (HTTPS/TLS)
  • Encrypted storage on Google Cloud Platform
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • Employee training on privacy and security
  • Strict access controls (least privilege principle)

8. Openness

We make readily available to you information about our policies and practices relating to the management of personal information. This includes:

  • This PIPEDA compliance statement
  • Our Privacy Policy (linked in footer)
  • Terms of Service
  • Contact information for our Privacy Officer

9. Individual Access

Upon request, you will be informed of the existence, use, and disclosure of your personal information and be given access to that information. You have the right to:

  • Request access to your personal information
  • Challenge the accuracy and completeness of your information
  • Request amendments as appropriate

To request access to your personal information, email admin@defences.app. We will respond within 30 days.

10. Challenging Compliance

You may challenge our compliance with PIPEDA by contacting our Privacy Officer at admin@defences.app. We will:

  • Investigate all complaints
  • Respond within 30 days
  • Take appropriate measures to resolve issues
  • Inform you of any relevant amendments to our policies or practices

Cross-Border Data Transfers

Your personal information may be processed and stored outside of Canada (primarily on Google Cloud Platform servers in the United States). When information is transferred across borders, we ensure:

  • Equivalent privacy protections are in place
  • Data processing agreements are established
  • You are informed of the transfer
  • Appropriate safeguards are implemented

Breach Notification

In the event of a privacy breach that poses a real risk of significant harm, we will:

  • Notify affected individuals as soon as feasible
  • Report to the Privacy Commissioner of Canada
  • Maintain a record of all breaches
  • Take immediate steps to mitigate harm

Questions or Concerns

If you have any questions or concerns about our privacy practices or PIPEDA compliance:

  • Contact our Privacy Officer: admin@defences.app
  • General inquiries: admin@defences.app

You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada:

  • Website: www.priv.gc.ca
  • Toll-free: 1-800-282-1376