← Back to Saveo
# Saveo Privacy Policy
**Effective Date**: September 28, 2025
**Last Updated**: September 28, 2025
**Version**: 3.0
---
## Table of Contents
1. [Overview](#overview)
2. [Information We Collect](#information-we-collect)
3. [How We Use Your Information](#how-we-use-your-information)
4. [Third-Party Data Processors](#third-party-data-processors)
5. [Data Sharing and Disclosure](#data-sharing-and-disclosure)
6. [Financial Privacy Notice (GLBA)](#financial-privacy-notice-glba)
7. [Data Security and Protection](#data-security-and-protection)
8. [Your Privacy Rights](#your-privacy-rights)
9. [Data Retention and Deletion](#data-retention-and-deletion)
10. [Cross-Border Data Transfers](#cross-border-data-transfers)
11. [Children's Privacy](#childrens-privacy)
12. [Data Breach Notification](#data-breach-notification)
13. [Changes to This Policy](#changes-to-this-policy)
14. [Contact Information](#contact-information)
15. [Accessibility Statement](#accessibility-statement)
---
## Overview
### Our Commitment to Privacy
Welcome to Saveo, your personal financial management companion. This Privacy Policy explains how Saveo Technologies Inc. ("Saveo," "we," "our," or "us") collects, uses, protects, and shares your personal information when you use our mobile application and related services (collectively, the "Service").
We are committed to protecting your privacy and handling your personal financial information with the highest standards of security and transparency. This policy provides clear information about our data practices and your rights regarding your personal information.
### Legal Framework
This Privacy Policy complies with:
- **Personal Information Protection and Electronic Documents Act (PIPEDA)** - Canada's federal privacy law
- **Provincial Privacy Legislation** - Applicable provincial privacy laws across Canada
- **Gramm-Leach-Bliley Act (GLBA)** - US federal financial privacy law
- **California Consumer Privacy Act (CCPA)** - For users in California
- **European General Data Protection Regulation (GDPR)** - For users in the European Union
### Scope of This Policy
This Privacy Policy applies to:
- The Saveo mobile application for iOS and Android
- Our website and online services (saveo.ca)
- All related services, features, and content we offer
- Information collected through third-party integrations (including Plaid)
---
## Information We Collect
### Personal Information
#### Account Information
We collect information when you create an account with us:
- **Name**: Full legal name for account verification and personalization
- **Email Address**: Primary contact for account management and important notifications
- **Phone Number**: Optional, for enhanced security and account recovery
- **Password**: Securely hashed and stored for account protection
- **Profile Information**: Optional demographic information for service personalization
#### Subscription and Billing Information
To process your subscription and provide billing services:
- **Subscription Status**: Current subscription plan, trial status, and billing period
- **Trial Information**: Trial start date, trial usage, and conversion status
- **App Store Information**: Purchase receipts and transaction IDs from Apple App Store or Google Play Store
- **Billing History**: Subscription payments, renewals, and cancellations (processed by App Stores)
- **Regional Pricing**: Your App Store region to determine applicable pricing and currency
#### Financial Information
Through our authorized integration with Plaid Technologies Inc., we collect:
- **Account Details**: Account types, names, balances, and account/routing numbers
- **Transaction History**: Transaction amounts, dates, merchants, categories, and descriptions
- **Identity Information**: Account holder names and addresses as provided by financial institutions
- **Institution Information**: Bank names, branches, and contact information
- **Account Status**: Active/inactive status and connection health information
#### Device and Technical Information
To provide and secure our services, we automatically collect:
- **Device Information**: Device type, operating system, unique device identifiers
- **App Usage Data**: Features used, screen views, interaction patterns, session duration
- **Analytics Data**: User engagement metrics, feature adoption rates, and user journey flows via Firebase Analytics
- **Performance Metrics**: App crashes, load times, error logs, and technical diagnostics
- **Network Information**: IP address, connection type, and general location (city/region level)
#### Authentication Information
For account security, we process:
- **Login Credentials**: Email and password combinations
- **Biometric Data**: Device-level biometric authentication (Face ID/Touch ID) - stored locally on your device only
- **Security Preferences**: Two-factor authentication settings, session preferences
- **Device Trust Information**: Trusted device status and security settings
### Information We Do NOT Collect
To protect your privacy, we explicitly do not collect:
- **Biometric Templates**: Biometric authentication is handled entirely by your device
- **Payment Card Information**: All payments are processed through Apple App Store/Google Play Store
- **Credit Card Details**: We never see or store your payment card information
- **Social Security Numbers**: We do not request or store government ID numbers
- **Investment Passwords**: We only connect to accounts through authorized Plaid integration
- **Sensitive Personal Data**: Health information, political opinions, religious beliefs
---
## How We Use Your Information
### Core Service Functionality
We use your information primarily to provide Saveo's financial management services:
#### Subscription and Account Management
- **Subscription Processing**: Manage your subscription status, billing, and account access
- **Trial Management**: Track trial periods, usage, and conversion to paid subscriptions
- **Billing Support**: Provide customer support for subscription and billing inquiries
- **Access Control**: Ensure appropriate access to features based on subscription status
#### Financial Management
- **Transaction Processing**: Categorize, analyze, and display your financial transactions
- **Account Monitoring**: Track balances, detect changes, and provide real-time updates
- **Budgeting Tools**: Create, manage, and track budget categories and spending limits
- **Financial Insights**: Generate personalized spending analysis and financial recommendations
#### AI-Powered Features
- **Intelligent Categorization**: Automatically categorize transactions using machine learning
- **Personalized Insights**: Generate AI-powered financial insights and spending pattern analysis
- **Interactive Chat Assistant**: Provide conversational AI for financial guidance and questions
- **Predictive Analytics**: Analyze spending trends and provide future financial projections
#### Security and Authentication
- **Account Security**: Verify identity, prevent unauthorized access, and detect suspicious activity
- **Fraud Prevention**: Monitor for unusual transactions and potential security threats
- **Session Management**: Manage login sessions and implement security timeouts
- **Device Authentication**: Support biometric and multi-factor authentication
### Service Improvement and Analytics
#### Product Development
- **Feature Enhancement**: Analyze usage patterns to improve existing features
- **New Feature Development**: Identify user needs and develop new functionality
- **Performance Optimization**: Monitor app performance and optimize user experience
- **Bug Detection and Resolution**: Identify and fix technical issues
#### Firebase Analytics
- **Usage Statistics**: Track app usage patterns and user engagement through Firebase Analytics
- **Performance Metrics**: Monitor app stability, load times, and error rates
- **Feature Adoption**: Understand which features are most valuable to users
- **User Behavior Analysis**: Analyze user flows and interaction patterns to improve user experience
- **Event Tracking**: Track user actions like sign-ups, logins, feature usage, and screen views
### Communication and Support
#### Essential Communications
- **Service Notifications**: Account updates, security alerts, and important service changes
- **Subscription Notices**: Trial expiration, billing notifications, and subscription changes
- **Account Management**: Account status updates and important service announcements
- **Security Alerts**: Immediate notification of security events or suspicious activity
- **Technical Updates**: Critical app updates and maintenance notifications
#### Optional Communications (Opt-In Only)
- **Product Updates**: Information about new features and service improvements
- **Educational Content**: Financial literacy tips and best practices
- **Customer Surveys**: Feedback requests to improve our services
- **Marketing Messages**: Promotional content (only with explicit consent)
---
## Third-Party Data Processors
### Plaid Technologies Inc.
#### Overview and Services
Plaid Technologies Inc. ("Plaid") is our primary third-party data processor for financial data integration. Plaid is a leading financial data platform that enables secure connection to your bank accounts without requiring you to share your login credentials directly with us.
**Services Provided by Plaid**:
- **Account Connection**: Securely connect your bank accounts to Saveo using bank-grade security
- **Data Retrieval**: Access account information, balances, and transaction history in real-time
- **Account Verification**: Verify account ownership and prevent fraudulent connections
- **Institution Support**: Support for over 11,000 financial institutions across North America
- **Data Standardization**: Convert financial data into consistent, usable formats
#### Information Shared with Plaid
**Temporary Authentication Data** (Only During Connection):
- Bank login credentials (securely handled and not stored by Plaid or Saveo)
- Multi-factor authentication codes when required by your financial institution
- Security questions and answers if required by your bank
**Ongoing Account Information**:
- Account numbers, routing numbers, and account types
- Account holder names and addresses as provided by institutions
- Institution information and branch details
- Transaction history and account balances
#### Plaid's Data Practices
- **Data Encryption**: All data transmission is encrypted using bank-level security
- **Data Minimization**: Plaid only accesses data necessary for Saveo's functionality
- **Regulatory Compliance**: Plaid complies with financial regulations and security standards
- **Privacy Policy**: Your use of Plaid's services is governed by [Plaid's Privacy Policy](https://plaid.com/legal/privacy)
### Vercel (Backend Hosting)
#### Services Provided
Vercel provides our backend application hosting:
- **Backend Hosting**: Serverless backend infrastructure and API hosting
- **SSL/TLS Encryption**: Secure data transmission with automatic HTTPS
- **Global CDN**: Content delivery network for performance optimization
- **Monitoring**: Application performance and uptime monitoring
#### Data Location and Security
- **Server Location**: United States (with appropriate cross-border transfer safeguards)
- **Encryption**: All data transmission encrypted using TLS 1.3
- **Infrastructure Security**: Vercel maintains SOC 2 Type II certified infrastructure
- **Access Controls**: Strict deployment and access controls
### Supabase (Database Services)
#### Services Provided
Supabase provides our secure cloud database services:
- **Data Storage**: Encrypted storage of user data and financial information
- **Authentication Services**: Secure user authentication and session management
- **Real-time Updates**: Live data synchronization across devices
- **Backup and Recovery**: Automated data backup and disaster recovery
#### Data Location and Security
- **Server Location**: United States (with appropriate cross-border transfer safeguards)
- **Encryption**: Data encrypted at rest and in transit using AES-256 encryption
- **Access Controls**: Strict access controls and monitoring of data access
- **Compliance**: Supabase maintains SOC 2 Type II certified infrastructure
### Firebase Analytics (Google)
#### Services Provided
We use Firebase Analytics to understand how users interact with our app and improve the user experience:
- **Usage Analytics**: Track app usage patterns, feature adoption, and user engagement
- **Performance Monitoring**: Monitor app stability, crash reports, and performance metrics
- **User Journey Tracking**: Analyze user flows and screen navigation patterns
- **Event Tracking**: Track user actions such as sign-ups, logins, and feature usage
- **Conversion Tracking**: Monitor user conversion funnels and retention metrics
#### Information Processed by Firebase Analytics
- **User Properties**: User ID, email (hashed), subscription status, signup method, platform
- **Event Data**: Screen views, user interactions, authentication events, feature usage
- **Device Information**: Device types, operating systems, and app version for compatibility
- **Session Data**: App usage sessions, timestamps, and interaction patterns
- **Performance Data**: App load times, crash reports, and error logs
#### Data Protection Measures
- **User Consent**: Analytics can be disabled by users through app settings
- **Email Hashing**: User emails are hashed before being sent to Firebase for privacy protection
- **Data Anonymization**: Analytics data is processed in compliance with privacy regulations
- **Retention Controls**: Firebase Analytics data is retained according to Google's standard retention policies
- **Privacy Policy**: Firebase Analytics usage is governed by [Google's Privacy Policy](https://policies.google.com/privacy)
### OpenAI (AI Services)
#### Services Provided
OpenAI powers certain AI features in Saveo:
- **Natural Language Processing**: Power our AI chat assistant
- **Financial Insights Generation**: Create personalized financial insights and recommendations
- **Content Generation**: Generate educational content and explanations
#### Data Protection Measures
- **Data Anonymization**: No personally identifiable information is shared with OpenAI
- **Aggregated Data Only**: Only anonymized, aggregated financial patterns are processed
- **No Storage**: OpenAI does not store data processed for Saveo
- **Enterprise Compliance**: Processing follows OpenAI's enterprise privacy and security standards
### Google (Authentication Services)
#### Services Provided (Optional)
If you choose to use Google Sign-In:
- **Authentication**: Secure login using your Google account
- **Profile Information**: Basic profile information (name, email, profile picture)
- **Account Linking**: Link your Google account to your Saveo account
#### Information Shared
- **Basic Profile**: Name, email address, and profile picture (if you choose Google Sign-In)
- **Authentication Tokens**: Secure tokens for maintaining login sessions
- **No Financial Data**: Google does not receive any of your financial information
---
## Data Sharing and Disclosure
### Limited Data Sharing
We share your personal information only in the following specific circumstances:
#### Service Providers
We may share information with trusted service providers who help us operate our business:
- **Plaid**: For financial data integration and account connectivity
- **Vercel**: For backend hosting services and **Supabase**: For database services
- **OpenAI**: For AI-powered insights (anonymized data only)
- **Google**: For authentication services (if you choose Google Sign-In) and Firebase Analytics
- **Firebase Analytics**: For app usage analytics, user engagement tracking, and performance monitoring
All service providers are contractually bound to protect your data and use it only for specified purposes.
#### Legal Requirements
We may disclose your information when required by law:
- **Legal Process**: In response to court orders, subpoenas, or legal proceedings
- **Law Enforcement**: To cooperate with law enforcement investigations when legally required
- **Regulatory Compliance**: To meet financial services regulatory requirements
- **Safety Protection**: To protect the rights, property, or safety of users or others
#### Business Transfers
In the event of a merger, acquisition, or sale of assets:
- We will provide advance notice before your personal information is transferred
- The receiving entity will be bound by this Privacy Policy or equivalent protections
- You will have choices regarding your information in such scenarios
### Prohibited Data Sharing
We explicitly do NOT share your information for:
- **Data Sales**: We never sell your personal or financial information to third parties
- **Third-Party Marketing**: We do not share your information for others' marketing purposes
- **Advertising**: We do not use your data for advertising purposes outside of Saveo
- **Unauthorized Access**: We do not provide unauthorized access to your financial accounts
---
## Financial Privacy Notice (GLBA)
### US Financial Privacy Requirements
As a financial technology service provider, we comply with the Gramm-Leach-Bliley Act (GLBA) and are committed to protecting your nonpublic personal financial information.
### Financial Information We Collect
Through our authorized integration with Plaid Technologies Inc., we collect and process:
- **Account Information**: Bank account details, routing numbers, and account types
- **Transaction Data**: Transaction amounts, dates, merchants, and descriptions
- **Balance Information**: Current and available account balances
- **Identity Verification**: Account holder names and addresses as provided by financial institutions
### How We Share Financial Information
We share your financial information only with:
- **Plaid Technologies Inc.**: For secure bank account connectivity and data retrieval
- **Vercel and Supabase**: Our secure cloud service providers for data processing and storage
- **OpenAI**: For AI-powered insights (anonymized data only, no personal identifiers)
We do NOT sell, rent, or otherwise share your financial information with third parties for their marketing purposes.
### Your Rights Regarding Financial Information
You have the right to:
- **Limit Sharing**: Contact us to restrict certain types of information sharing
- **Access Information**: Request details about what financial information we have collected
- **Correct Information**: Request correction of inaccurate financial information
- **Opt-Out**: Opt out of non-essential communications related to your financial data
### How We Protect Your Financial Information
We maintain physical, electronic, and procedural safeguards to protect your financial information:
- **Encryption**: All financial data is encrypted using AES-256 encryption at rest and TLS 1.3 in transit
- **Access Controls**: Strict access controls limit who can view your financial information
- **Secure Infrastructure**: SOC 2 Type II certified service providers
- **Regular Monitoring**: Continuous monitoring for unauthorized access attempts
### Contact for Financial Privacy Matters
For questions about our financial privacy practices or to exercise your rights:
- **Email**: privacy@saveo.ca
- **Subject Line**: Include "Financial Privacy" in the subject line
- **Response Time**: We respond to financial privacy inquiries within 48 hours
### Annual Privacy Notice
We will provide you with our annual privacy notice each year as long as you maintain an account with us. This notice will describe our financial privacy practices for the previous year.
---
## Data Security and Protection
### Comprehensive Security Measures
#### Encryption and Data Protection
- **End-to-End Encryption**: All sensitive data is encrypted using AES-256 encryption
- **Transport Layer Security**: All data transmission uses TLS 1.3 encryption
- **Certificate Pinning**: Enhanced protection against man-in-the-middle attacks
- **Data at Rest**: All stored data is encrypted using industry-standard encryption algorithms
#### Network and Infrastructure Security
- **Third-Party Infrastructure**: We use SOC 2 Type II certified service providers (Vercel, Supabase) for infrastructure
- **Network Monitoring**: 24/7 network monitoring and intrusion detection through our service providers
- **Firewall Protection**: Multi-layered firewall protection and network segmentation
- **DDoS Protection**: Advanced protection against distributed denial-of-service attacks
#### Application Security
- **Secure Development**: Security-by-design principles in all development processes
- **Regular Security Audits**: Quarterly penetration testing and security assessments
- **Vulnerability Management**: Automated vulnerability scanning and prompt remediation
- **Code Security**: Static and dynamic code analysis for security vulnerabilities
#### Access Controls and Authentication
- **Multi-Factor Authentication**: Support for biometric authentication for users
- **Role-Based Access**: Strict role-based access controls for Saveo personnel accessing third-party services
- **Session Management**: Automatic session timeouts and secure session handling
- **Audit Logging**: Comprehensive logging of all data access and system activities through our service providers
### Biometric Authentication
- **Device-Only Storage**: Biometric templates are stored only on your device
- **No Cloud Storage**: Saveo never receives or stores your biometric information
- **Local Processing**: All biometric authentication occurs locally on your device
- **Privacy by Design**: Biometric features designed with privacy as the primary concern
### Security Incident Response
In the unlikely event of a security incident:
- **Immediate Response**: Security incidents are addressed within 1 hour of detection
- **Containment**: Immediate steps to contain and mitigate any potential data exposure
- **Investigation**: Thorough investigation to determine scope and cause
- **Notification**: Prompt notification to affected users and relevant authorities
---
## Your Privacy Rights
### Rights Under Canadian Privacy Law (PIPEDA)
#### Access Rights
- **Data Access**: Request access to all personal information we hold about you
- **Information Details**: Receive details about how your information is used and shared
- **Processing History**: Information about who has accessed your data and when
- **Data Sources**: Information about how we obtained your personal information
#### Correction and Control Rights
- **Data Correction**: Request correction of inaccurate or incomplete information
- **Data Updates**: Update your personal information through your account settings
- **Consent Withdrawal**: Withdraw consent for specific data processing activities
- **Communication Preferences**: Control what communications you receive from us
#### Deletion and Portability Rights
- **Data Deletion**: Request immediate deletion of your personal information
- **Account Closure**: Delete your account and all associated data
- **Data Portability**: Request your data in a portable format (feature planned for future release)
- **Selective Deletion**: Request deletion of specific types of data
### Rights Under Other Privacy Laws
#### For California Residents (CCPA/CPRA)
**Enhanced Consumer Rights**:
- **Right to Know**: Detailed information about data collection, use, and sharing
- **Right to Delete**: Request deletion of personal information with some exceptions
- **Right to Opt-Out**: Opt out of sale of personal information (we don't sell data)
- **Right to Non-Discrimination**: Equal service regardless of privacy choices
#### For European Union Residents (GDPR)
**Enhanced Rights**:
- **Right to Object**: Object to data processing based on legitimate interests
- **Right to Restrict Processing**: Limit how we process your data in certain circumstances
- **Right to Data Portability**: Receive data in a machine-readable format
- **Right to Lodge Complaints**: File complaints with supervisory authorities
### Exercising Your Privacy Rights
#### How to Submit Requests
**In-App Requests** (Preferred):
- Access the "Privacy Settings" section in your account settings
- Submit requests through our secure, authenticated interface
- Track request status and receive real-time updates
**Email Requests**:
- Send requests to privacy@saveo.ca
- Include verification information for security purposes
- Provide specific details about your request
**Response Timeline**:
- We respond to privacy requests within 30 days
- Complex requests may require additional time (up to 60 days with notification)
- You will receive confirmation of receipt within 48 hours
---
## Data Retention and Deletion
### Data Retention Principles
We retain personal information only as long as necessary for the purposes outlined in this policy:
#### Active Account Data
**While Your Account is Active**:
- **Financial Data**: Retained to provide ongoing service functionality
- **Transaction History**: Maintained for budgeting, categorization, and insights
- **Account Information**: Kept current to ensure service quality
- **Subscription Data**: Current subscription status, billing history, and trial information
- **Security Information**: Retained for ongoing account protection
#### Account Deletion and Data Removal
**Upon Account Deletion**:
- **Immediate Deletion**: All personal and financial data is immediately deleted from our systems
- **Complete Removal**: Data is permanently removed from all databases and backups
- **Verification**: You receive confirmation of data deletion within 30 days
- **No Recovery**: Deleted data cannot be recovered (deletion is permanent)
#### Legal Retention Requirements
**Exceptions for Legal Compliance**:
- **Financial Records**: Some financial data may be retained for up to 7 years as required by Canadian financial regulations
- **Subscription Records**: Billing and subscription records retained for tax and regulatory purposes (up to 7 years)
- **Audit Requirements**: Certain transaction records retained for regulatory audit purposes
- **Legal Proceedings**: Data may be preserved if involved in legal proceedings
- **Anonymized Analytics**: Anonymized usage statistics may be retained for service improvement
### Data Deletion Process
**How Data is Deleted**:
1. **User Request**: User initiates account deletion through app or email
2. **Verification**: We verify the request for security purposes
3. **Immediate Action**: Personal data is immediately flagged for deletion
4. **System Purge**: Data is permanently removed from all systems within 30 days
5. **Confirmation**: User receives confirmation of complete data deletion
---
## Cross-Border Data Transfers
### Data Storage Locations
**Primary Data Processing**:
- **United States**: Backend hosted on Vercel and database services through Supabase (both US-based)
- **Security Standards**: All processing locations maintain equivalent security standards
- **No Canadian Storage**: All data processing occurs in the United States
### Transfer Safeguards
**Protection Measures for International Transfers**:
- **Contractual Safeguards**: Standard contractual clauses with all international service providers
- **Security Standards**: All processors maintain security standards equivalent to Canadian requirements
- **Regular Audits**: Ongoing audits of international service providers' security and privacy practices
- **Data Encryption**: All cross-border transfers use end-to-end encryption
### Legal Framework
**Compliance with Transfer Regulations**:
- **PIPEDA Compliance**: All transfers comply with PIPEDA requirements for international data transfer
- **Adequate Protection**: Ensuring adequate protection for Canadian personal information abroad
- **User Notice**: Transparent notice about where your data is processed and stored
---
## Children's Privacy
### Age Requirements and COPPA Compliance
**Our Service and Age Restrictions**:
- Saveo has a 4+ age rating on app stores for technical compatibility, but is designed for and intended to be used by individuals 13 years of age and older
- Our service is NOT directed to children under 13 years of age
- Financial features and bank account connections require users to be of legal age (18+ in most jurisdictions)
- We do not knowingly collect, use, or disclose personal information from children under 13
### Service Not Directed to Children
**Why Saveo is Not for Children Under 13**:
- Our app focuses on personal financial management, budgeting, and banking integration
- Content and features are designed for teenagers and adults who manage personal finances
- The app requires understanding of financial concepts not appropriate for young children
- Marketing and advertising are directed toward teens and adults, not children
### Accidental Collection from Children Under 13
**If We Learn a Child Under 13 Has Used Our Service**:
- **Immediate Action**: We will promptly delete any personal information collected from that child
- **Account Termination**: The child's account will be immediately terminated
- **Parental Notification**: We will notify the parent or guardian and provide information about what data was collected and deleted
- **No Further Collection**: We will take steps to prevent further collection from that child
### Parental Rights and COPPA Compliance
**If You Believe Your Child Under 13 Has Used Our Service**:
- **Contact Us Immediately**: Email privacy@saveo.ca with "Child Privacy" in the subject line
- **Required Information**: Provide the child's name, age, and any account information you are aware of
- **Verification**: We may request verification of your parental relationship
- **Prompt Response**: We will respond within 48 hours and take immediate action
### Enhanced Protections for Users 13-17
**For Teenage Users (13-17 years old)**:
- **Parental Consent**: Parental consent is required for financial account connections
- **Limited Data Collection**: We collect only information necessary for core app functionality
- **No Marketing**: Users under 18 do not receive marketing communications
- **Enhanced Privacy**: Additional privacy protections and limited data sharing
- **Parental Oversight**: Parents can request access to and deletion of their teen's data
### Technical Safeguards
**Measures to Prevent Child Data Collection**:
- Age verification prompts during account creation
- Regular monitoring of user-provided age information
- Automated systems to flag potentially underage accounts
- Staff training on child privacy protection requirements
### Contact for Child Privacy Matters
**For Questions About Child Privacy**:
- **Email**: privacy@saveo.ca
- **Subject Line**: Include "Child Privacy" in the subject line
- **Phone**: Contact support for urgent child privacy matters
- **Response Time**: Child privacy inquiries receive priority response within 24 hours
---
## Data Breach Notification
### Our Commitment to Security
We maintain comprehensive security measures to protect your data, but in the unlikely event of a data breach, we are committed to transparent and prompt notification.
### Breach Detection and Response
**Our Security Monitoring**:
- **24/7 Monitoring**: Continuous monitoring of our systems for security threats
- **Automated Detection**: Advanced systems to detect unusual access patterns or data exposure
- **Incident Response Team**: Dedicated security team ready to respond to any incidents
- **Regular Security Audits**: Quarterly security assessments and penetration testing
### Notification Timeline and Process
**If a Data Breach Occurs**:
#### Immediate Response (Within 1 Hour)
- **Incident Containment**: Immediate action to stop the breach and secure systems
- **Impact Assessment**: Rapid assessment of what data may have been affected
- **Evidence Preservation**: Secure preservation of evidence for investigation
- **Internal Notification**: Immediate notification of our executive team and legal counsel
#### Regulatory Notification (Within 72 Hours)
- **Privacy Commissioner**: Notification to the Privacy Commissioner of Canada if required
- **Provincial Authorities**: Notification to relevant provincial privacy commissioners
- **Law Enforcement**: Coordination with law enforcement if criminal activity is suspected
- **Regulatory Bodies**: Notification to relevant financial regulators if applicable
#### User Notification (Within 72 Hours)
- **Direct Notification**: Email and in-app notification to all affected users
- **Clear Communication**: Plain-language explanation of what happened and what data was involved
- **Protective Actions**: Specific steps users should take to protect themselves
- **Support Resources**: Dedicated support channels for affected users
### Breach Notification Content
**What We Will Tell You**:
- **Nature of the Breach**: What type of security incident occurred
- **Data Involved**: What specific types of data may have been accessed or exposed
- **Timeline**: When the breach occurred and when we discovered it
- **Protective Measures**: What we're doing to address the incident and prevent future breaches
- **User Actions**: Specific steps you should take to protect yourself
- **Contact Information**: How to reach our support team for questions or assistance
### Post-Breach Support
**How We Support Affected Users**:
- **Dedicated Support**: Special support channels for affected users
- **Credit Monitoring**: Credit monitoring services if financial data was involved
- **Account Security**: Enhanced security measures for affected accounts
- **Regular Updates**: Ongoing updates about our investigation and remediation efforts
- **Lessons Learned**: Transparency about how we're improving security based on the incident
### Prevention and Preparedness
**Our Ongoing Commitment**:
- **Security Investments**: Continuous investment in security technology and expertise
- **Employee Training**: Regular security training for all employees
- **Incident Drills**: Regular practice of our incident response procedures
- **Security Partnerships**: Collaboration with security experts and law enforcement
- **User Education**: Resources to help users protect their own accounts and data
---
## Changes to This Policy
### Notification of Changes
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
**How We Notify You of Changes**:
- **Advance Notice**: 30 days advance notice for material changes
- **Multiple Channels**: Notification through email, in-app messages, and website posting
- **Clear Summary**: Summary of key changes in plain language
- **Full Policy**: Complete updated policy available in the app and on our website
### Types of Changes
**Material Changes** (30 days notice):
- Changes to how we collect, use, or share personal information
- Changes to your privacy rights or how to exercise them
- Changes to data retention periods or deletion practices
- Changes to our legal basis for processing your information
**Minor Changes** (immediate effective):
- Clarifications that don't change the substance of our practices
- Updates to contact information or legal entity names
- Corrections of errors or typos
- Updates to reflect new legal requirements without changing our practices
### Your Choices After Changes
**If You Disagree with Changes**:
- **Review Period**: 30-day period to review material changes before they take effect
- **Account Deletion**: Option to delete your account if you disagree with changes
- **Continued Use**: Continued use of the service constitutes acceptance of changes
- **Contact Us**: Reach out with questions or concerns about any changes
---
## Contact Information
### Privacy Inquiries
For questions about this Privacy Policy or our privacy practices:
**Primary Contact**:
- **Email**: privacy@saveo.ca
- **Subject Line**: Please include "Privacy Inquiry" in the subject line
- **Response Time**: We respond to privacy inquiries within 48 hours
### Privacy Rights Requests
To exercise your privacy rights under applicable laws:
**Email**: privacy@saveo.ca
**Subject Line**: Include "Privacy Rights Request" in the subject line
**Required Information**:
- Full name and email address associated with your account
- Specific nature of your request (access, correction, deletion, etc.)
- Verification information for security purposes
### Your Consumer Rights
**Available Rights (Depending on Your Location)**:
- **Right to Access**: Request a copy of the personal information we have about you
- **Right to Correct**: Request correction of inaccurate or incomplete personal information
- **Right to Delete**: Request deletion of your personal information (subject to legal retention requirements)
- **Right to Limit Use**: Request that we limit our use of your sensitive personal information
- **Right to Opt-Out**: Opt out of marketing communications and non-essential data sharing
- **Right to Data Portability**: Request your data in a portable format (where technically feasible)
**How We Handle Your Requests**:
- **Response Time**: We respond to all privacy rights requests within 30 days
- **Identity Verification**: We may request additional information to verify your identity for security
- **No Fees**: We do not charge fees for most privacy rights requests
- **Appeal Process**: If we deny your request, you may appeal our decision by contacting us again
**California Residents Additional Rights (CCPA/CPRA)**:
- **"Do Not Sell My Personal Information"**: We do not sell personal information, but you can contact us to confirm this
- **Sensitive Personal Information**: Right to limit use and disclosure of sensitive personal information
- **Non-Discrimination**: We will not discriminate against you for exercising your privacy rights
### Customer Support
For general questions about the Saveo service:
**Email**: contact@saveo.ca
**Website**: https://saveo.ca
**Business Hours**: Monday-Friday, 9 AM - 5 PM EST
**Provincial Privacy Commissioners**:
Contact information varies by province - visit the Privacy Commissioner of Canada website for specific contact details.
---
## Accessibility Statement
### Our Commitment to Accessibility
Saveo is committed to ensuring digital accessibility for all users, including those with disabilities. We strive to provide an inclusive experience that allows everyone to access and use our financial management services effectively.
### Accessibility Standards
**Our Accessibility Efforts**:
- **Web Content Accessibility Guidelines (WCAG) 2.1**: We aim to conform to WCAG 2.1 Level AA standards
- **Screen Reader Compatibility**: Our app is designed to work with common screen readers
- **Keyboard Navigation**: Full keyboard navigation support for users who cannot use a mouse or touchscreen
- **Visual Design**: High contrast ratios and scalable text for users with visual impairments
- **Alternative Text**: Descriptive alternative text for images and visual elements
### Accessibility Features
**Built-in Accessibility Support**:
- Support for device accessibility settings (font size, contrast, voice control)
- Compatible with iOS VoiceOver and Android TalkBack
- Semantic markup for proper screen reader interpretation
- Focus indicators for keyboard navigation
- Sufficient color contrast ratios
### Feedback and Assistance
**How to Get Help**:
- **Email**: accessibility@saveo.ca
- **Subject Line**: Include "Accessibility Support" in the subject line
- **Response Time**: We respond to accessibility inquiries within 48 hours
- **Alternative Formats**: We can provide information in alternative formats upon request
### Reporting Accessibility Issues
If you encounter accessibility barriers while using Saveo:
- Contact us immediately at accessibility@saveo.ca
- Describe the specific issue and where you encountered it
- Include your device type and any assistive technology you're using
- We will work to address the issue promptly
### Ongoing Improvement
**Our Commitment**:
- Regular accessibility testing and updates
- User feedback integration into accessibility improvements
- Staff training on accessibility best practices
- Periodic review of accessibility standards and compliance
---
**By using Saveo, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy.**
---
*Last Updated: September 28, 2025*
*Document Version: 3.0*
*Effective for all users starting September 28, 2025*
*Updated: Added subscription and billing data collection practices*