Privacy Policy
1. Who we are
AI Canadian Solutions Inc. ("we", "us", "our", or "AI Canadian Solutions Inc.") operates the VoiceMoneyManager mobile and web applications (the "Service"). We are a Canadian company. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you use the Service in Canada. It is written to satisfy our obligations under the federal Personal Information Protection and Electronic Documents Act ("PIPEDA"), the Office of the Privacy Commissioner of Canada ("OPC") guidance, and where you reside in Quebec, the Act respecting the protection of personal information in the private sector, as amended by Bill 64 / Law 25 ("Quebec Law 25"). British Columbia, Alberta, and other provincial regimes are addressed where they impose stricter obligations.
If you have any question about this policy, our designated privacy officer can be reached at privacy@aicanadiansolutions.ca.
2. What we collect
We deliberately collect only what we need to deliver the Service. Categories:
- Account information — email address, display name, a salted & hashed password, optional phone number, the country you registered from, and whether you have flagged the account as a business / sole-proprietor / corporation profile (used to apply the correct Canada Revenue Agency retention rule, see section 7).
- Receipt content — images you scan or upload, plus the structured fields our pipeline extracts (vendor, date, line items, taxes, totals, currency, category).
- Voice notes — short audio clips you record to dictate a memo against a receipt; these are transcribed to text by our pipeline and the audio is discarded within 30 days of transcription.
- Usage telemetry — app version, device model, OS version, crash traces, the timestamps of scans and edits. We do not track your location, your contacts, or any data outside the app.
- Billing information — only if you upgrade to a paid plan; payment card data is collected and tokenized by Stripe — we never see the PAN.
We do not collect government identifiers (SIN, driver's licence, passport) and the app blocks scans that look like one to keep us out of scope of provincial sensitive-data regimes.
3. How we use it
We use your personal information only for the purposes you would reasonably expect of a receipt-scanning and bookkeeping app:
- Authenticate you and keep your account secure.
- Read your receipts via Optical Character Recognition (OCR) and convert them into structured ledger entries.
- Categorize and total your spending, and present the dashboards and exports you ask for.
- Provide customer support when you contact us.
- Detect fraud, abuse, and bot traffic against our infrastructure.
- Comply with tax-records-retention obligations under Canadian law (see section 7).
- Improve the Service in the narrowly-defined ways described in section 6.
We do not sell your personal information, and we do not share it with advertising networks. There is no advertising surface inside the Service.
4. Sub-processors
To deliver the Service we rely on the following sub-processors. We have contracts with each that bind them to confidentiality and to processing your data only on our documented instructions:
- Amazon Web Services (AWS) — encrypted object storage (Amazon S3, bucket region
ca-central-1, with redundant copies across the Montreal and Toronto availability zones) and outbound email delivery (Amazon SES via SendGrid). All data at rest is held inside Canada. - Google Cloud LLC — Document AI for OCR. Receipt images are sent over TLS for synchronous processing; Google's contractual terms for Document AI commit to no retention of the request content beyond the immediate response window, and no use of your content to improve Google's models.
- OpenAI, LLC — receipt parsing and categorization. Calls are made via the OpenAI API in zero-retention / no-training mode, an option we have enabled at the account level.
- Twilio SendGrid — transactional email (verification, password resets, export-ready notices).
- Stripe — payment processing for users on a billing tier only. Stripe is independently certified to PCI DSS Level 1.
A current list of sub-processors is available from privacy@aicanadiansolutions.ca on request. We will give 30 days' notice in this policy before adding any new sub-processor that has access to identifiable customer data.
5. Data residency
Your personal information is stored in Canada. Our primary storage region is AWS ca-central-1, which physically maps to data centres in Montreal, Quebec and Toronto, Ontario. Backups are also held within Canada. The only routine cross-border data flow is the transient round-trip to Google Cloud Document AI and OpenAI's API for OCR and parsing: these calls execute against API endpoints that may be served from data centres in the United States, the response is returned within seconds, and per the contracts described in section 4 the providers do not retain the content.
Under PIPEDA Principle 1 (Accountability) we remain responsible for personal information transferred to a third party for processing, including across borders. If you would prefer that your receipts never leave Canada — including for the transient OCR step — you may turn on "Canadian-only processing mode" in Settings → AI & Privacy; in that mode we will use an in-region OCR model with slightly lower accuracy.
6. AI training position
This section is deliberately specific because it is the question users ask us most often.
Amazon Web Services, Google Cloud, OpenAI, Twilio, and Stripe DO NOT use your data to train their models. OpenAI's API is operated in no-training mode.
WE DO use anonymized patterns from your scans — for example, which vendor names map to which expense categories, which receipt layouts need special handling, which currencies and tax codes appear in which regions — to improve our app's receipt-reading accuracy for everyone. The data fed into this improvement loop is stripped of your account identifier, your email, the dollar amounts, and any free-form notes you typed; what survives is the shape of the document and the vendor-to-category mapping.
You can opt out of contributing to these improvements at any time in Settings → AI & Privacy. Opting out does not affect any feature you use today; it only stops your future scans' anonymized signals from being added to our improvement corpus.
7. Retention (dual-track)
We hold different categories of account on different clocks:
Personal accounts
While your account is active your data is retained indefinitely. When you ask us to close your account it is soft-deleted immediately — you can no longer sign in and the account is invisible to support staff — and your data is hard-purged 30 days after deletion. The 30-day window exists so that you have time to undo an accidental deletion and to give us a brief overlap to satisfy fraud and abuse investigations.
Business accounts (CRA-tagged profiles)
If you have flagged your account as a business, sole proprietorship, or corporation in our database, Canadian tax-records-retention law applies: section 230 of the Income Tax Act (Canada) and the regulations made under it require business records to be kept for six (6) years from the end of the relevant tax year, and Canada Revenue Agency guidance treats receipt records the same way. We accordingly retain receipt content on business accounts for six years from the end of the tax year in which the receipt was dated, even after you delete the account.
Users requesting deletion of a business account are shown the following notice in the app:
Data held under this retention clock is kept in encrypted cold storage, is not used for any purpose other than producing it to you or to the Canada Revenue Agency on lawful request, and is purged within 90 days of the six-year clock expiring.
8. Your rights under PIPEDA & Law 25
PIPEDA Principles 1 through 10 give you the following rights, which we honour at no charge:
- Access — you may ask what personal information we hold about you and we will tell you within 30 days.
- Correction — if any information we hold is inaccurate, you may ask us to fix it.
- Withdrawal of consent — you may withdraw consent to any optional processing at any time.
- Deletion — you may ask us to delete your account, subject to the retention rules in section 7.
- Portability — you may export everything we hold about you in a machine-readable format (Quebec Law 25 makes this a formal right; we extend it to all Canadian users).
- Automated-decision opt-out — Quebec Law 25 gives Quebec residents the right to be informed of a decision based exclusively on automated processing, the right to know the principal factors and parameters that led to it, and the right to have it reviewed by a human. Our category-suggestion model is the only automated step that affects you, and you can always override its suggestion or turn it off entirely in Settings.
- Complaint — you may file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca), or, in Quebec, the Commission d'accès à l'information (cai.gouv.qc.ca).
9. Automated Decision-Making (Quebec Law 25)
Quebec Law 25 (specifically the new sections 12.1 and 12.2 of the Act respecting the protection of personal information in the private sector) requires us to be transparent about decisions made about you that rely exclusively on the automated processing of your personal information. This section is our disclosure for Quebec residents — and we extend the same transparency to every Canadian user.
What the automated step actually does. When you scan a receipt, three things happen automatically: (1) Optical Character Recognition (OCR) is run on the image to lift the printed text off the paper; (2) a vendor-recognition step matches the lifted text against our corpus of known merchant patterns to identify the store; and (3) a category-assignment step proposes an expense category (for example "Fuel", "Groceries", "Office supplies") for the line item. These three steps together are the only fully-automated processing we perform on your data.
The factors used. The category-assignment model considers: the OCR-extracted text from the receipt itself, the vendor patterns in our merchant corpus (built from anonymized signals as described in section 6), and — when they exist — your own prior categorization choices for the same vendor. No other personal attribute (age, income, location beyond the receipt's currency) is used.
The effect on you. No consequential decision is made about you automatically. The category we suggest is shown to you as an editable field before the receipt is saved; you can change it with a tap. We do not use AI to suspend accounts, deny service, deny refunds, or change pricing. Tax-records-retention decisions (section 7) are driven by the business / personal flag on your account, which you set yourself.
Your right to receive information. A Quebec user can ask us to explain, in plain language, the principal factors and parameters that produced any particular automated suggestion. Email privacy@aicanadiansolutions.ca with the receipt date and vendor and we will respond within 30 days.
Your right to opt out. You can turn off contributing anonymized signals to our improvement corpus, and turn off automatic category suggestions altogether, at any time via Settings → AI & Privacy → "Help improve our AI". Turning it off does not remove any feature; it only stops the automated category suggestion and pauses your contribution to model improvements.
Your right to request human review. If you believe an AI-applied category is wrong and you would like a human at AI Canadian Solutions Inc. to review it, email privacy@aicanadiansolutions.ca and we will have a real person look at the receipt and the assigned category and respond within 30 days. There is no charge for this review.
10. Data export & deletion
From inside the app:
- Settings → Download My Data queues a full export of your receipts, ledger entries, and account metadata. A signed, expiring download link is emailed to your verified address within 24 hours.
- Settings → Delete My Account soft-deletes the account immediately. Hard purge follows 30 days later (personal) or after the tax-retention clock (business). The export option remains available throughout the soft-delete window.
The underlying endpoints (for developers and accessibility tools) are POST /api/me/data-export and DELETE /api/me/account. Both require a fresh authentication.
11. Receipt storage & security
Receipt images and structured data are stored in a private Amazon S3 bucket with AES-256 encryption at rest (SSE-S3). Access from the app to the bucket is via short-lived presigned URLs only; the bucket is never listed publicly. Transport is TLS 1.2 or higher. Database backups are encrypted with KMS-managed keys; access to production keys is restricted to two named officers of AI Canadian Solutions Inc. and is logged and audited.
12. Cookies & web admin
The mobile app does not use cookies. The web admin at /admin uses a single session cookie strictly necessary to keep you signed in; we do not use analytics, advertising, or fingerprinting cookies on any public-facing page.
13. Breach notification
If a breach of security safeguards creates a real risk of significant harm to you, we will, in accordance with PIPEDA's Breach of Security Safeguards Regulations, notify you and the Office of the Privacy Commissioner of Canada as soon as feasible, and keep a record of every breach for a minimum of 24 months. For Quebec residents, Law 25 requires us to notify the Commission d'accès à l'information and affected individuals with diligence (promptly); we will do so by email and an in-app banner.
14. Children
The Service is not directed at children. Account registration requires the user to be at least 13 years old (and at least 16 years old if registering from Quebec, per Law 25). If we learn that we have collected information from a child below the relevant age without a parent's verified consent, we will delete it.
15. Changes to this policy
We may update this policy from time to time. When we do, we will notify you by email and with an in-app banner, and the new version will take effect 30 days after notice. The current version number and effective date are shown at the top of this page.
16. Contact & complaints
Privacy officer: AI Canadian Solutions Inc., by email at privacy@aicanadiansolutions.ca. We will acknowledge every privacy enquiry within 5 business days and resolve substantive requests within 30 days.