Privacy Policy

This policy explains what personal information GNB Scanner collects, why, and your rights under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

1. What we collect

• Account info: your email address, name, and a securely hashed password.
• Subscription info: Stripe customer and subscription identifiers, plan, and status. We never see or store your full card number — Stripe handles payment data directly.
• Usage data you create: notes, status, and interest ratings you save on properties.
• Technical data: IP address and timestamps in our security/audit log, used to detect abuse.

2. Why we collect it

To operate your account, process payments, provide the Service, send transactional emails (welcome, password reset, account-deletion confirmation), and protect the Service from abuse. We send only transactional, account-related emails — we do not send marketing or promotional emails, and we do not sell your personal information.

3. Who we share it with

• Stripe — payment processing.
• Our hosting provider — to run the application and database.
• Email provider — to deliver transactional emails.
• Government or law enforcement, only where legally required.

These service providers act on our behalf and are limited to the data needed for their function. Some of them — including Stripe and our hosting and email providers — store or process data on servers located outside Canada, including in the United States. While your information is in another country it may be accessible to that country's courts, law enforcement, and regulators under that country's laws. By using the Service you consent to this transfer and processing.

4. Retention

We keep your account data while your account is active. When you delete your account, your account record and saved notes are permanently removed, and any active subscription is cancelled. Some records (e.g. payment records held by Stripe, audit-log entries) may be retained as required for legal, tax, or security purposes.

5. Your rights

You can access and correct your account information from your account page. You can permanently delete your account and associated data at any time from the account page. To request a copy of the personal information we hold, contact us using the details below.

You may withdraw your consent to our collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice — note that withdrawing consent needed to run your account will generally mean closing it. If you have a concern about how we handle your personal information, we want to hear it first; you also have the right to file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca).

6. Security

Passwords are hashed, never stored in plain text. Sessions use secure, HTTP-only cookies. All traffic is served over HTTPS. No system is perfectly secure, but we take reasonable measures to protect your data.

If a breach of security safeguards creates a real risk of significant harm to you, we will notify you and the Office of the Privacy Commissioner of Canada as required by PIPEDA, and tell you what steps you can take.

7. Cookies

We use a single essential session cookie to keep you logged in and to protect forms against cross-site request forgery. We do not use third-party advertising or tracking cookies.

8. Changes

Material changes to this policy will be reflected in the "Last updated" date above.