At $$$, privacy is built into the product. Our accounting platform helps Canadian firms keep accurate books with audit-ready controls and clear data practices. This Policy describes what we collect, how we use and share it, the safeguards we apply, and the choices available to you. It covers our websites, web and mobile apps, and APIs used in Canada (the “Services”).

Roles briefly

• Customer Data in your workspace (e.g., ledgers, invoices, receipts, payroll, bank-feed items, end-client records): you decide the purposes; we process on your instructions under our DPA.
• Account, billing, security, and operational data: we act as the controller to run, secure, and improve the Services and to meet Canadian legal obligations (PIPEDA and applicable provincial laws).

We design for data minimization, strong encryption, role-based access, and comprehensive audit logs—so you get dependable records without sacrificing privacy.

---

Executive Summary

Built for Canadian compliance

Aligned with PIPEDA and, where applicable, Alberta PIPA, BC PIPA, and Québec Law 25. Marketing follows CASL.

Your data remains yours

You own your accounting data. We handle it to provide, protect, and improve the Services and to meet legal requirements—no more.

Bank-grade handling without bank passwords

• Read-only bank feeds through an approved aggregator. We don’t collect or store online-banking passwords.
• Payments with PCI-compliant processors. We store tokens, not raw card numbers or CVV.

Security you can rely on

Encryption in transit and at rest, key management, RBAC/least-privilege, MFA/SSO support, audit logs, backups, change management, and incident response.

No sale of personal information

We do not sell personal information. We share data only with vetted service providers/sub processors under contract to operate the Services (see our Sub processor List).

Control and transparency

Export tools, sensible retention and deletion paths (subject to legal holds), and choices to access/correct information, manage marketing preferences, and set cookie controls.

If there’s an incident

We investigate promptly, notify you when required, and work with you on remediation.

Contact (privacy)

privacy@.ca"•" PrivacyOffice,, [City/Province], Canada

Related Pages

• Data Processing Addendum (DPA)
• Sub Processor List
• Security Overview / Responsible Disclosure
• Cookies & Preferences
• Regional Notices (Canada)

2. Data We Collect

Why we collect data: to operate core accounting features, secure the platform, provide support, meet Canadian record-keeping obligations, and improve the Services. We practice data minimization.

2.1 Account & Profile (B1)

• Name, business name, role/title, email, phone, mailing address.
• Authentication data (hashed credentials), SSO identifiers, MFA factors.
• Firm settings, user permissions, team roster, and audit trails of account actions.

2.2 Financial Content (B2)

• Ledgers and journals; invoices, bills, receipts, credit notes, quotes/estimates, purchase orders.
• Payroll records you process (e.g., pay runs, T4/T4A data), inventory items, product/service catalogs.
• Documents and images you upload or capture (attachments, receipt scans).

2.3 End-Client / Counterparty Data (B3)

• Your clients’, vendors’, and employees’ identifiers (names, contact details), account references, transactions, balances, and notes your record.
• You confirm you have authority/consent to upload this data.

2.4 Banking Data (B4)

• Read-only bank feeds via an approved aggregator (account identifiers, balances, transactions, metadata).
• We do not collect or store online-banking passwords. Aggregator access tokens are used and managed by the aggregator.

2.5 Payments Data (B5)

• Payment tokens/IDs from PCI-compliant processors; payer/payee details, settlement/charge status, reconciliation references.
• We do not store raw card numbers (PAN), CVV, or magnetic-stripe data.

2.6 Usage & Device (B6)

• IP address, device/browser type, OS, language, time zone.
• App and API events, session metadata, feature interactions, crash/error logs, and telemetry.
• Cookie/SDK identifiers (see Cookies & Preferences).

2.7 Support & Communications (B7)

• Support tickets, emails, chat transcripts, and—where permitted—call recordings.
• Feedback, surveys, and troubleshooting artifacts (e.g., redacted screenshots, diagnostic logs).

2.8 Inferred / Derived (B8)

• Risk and fraud indicators, anomaly scores, and performance metrics.
• Product analytics and model outputs derived from the categories above to keep the Services reliable and secure.

2.9 Optional / Sensitive Inputs (by you)

• Business Numbers (BN) and tax identifiers you enter for filings or records.
• Employee identifiers for payroll you choose to process.
• We do not require Social Insurance Numbers (SIN) except where you initiate workflows that legally require them (e.g., payroll/T-slips).

2.10 Aggregated & De-identified Data

• We may create aggregated or de-identified statistics from the data above and use them for security, capacity planning, and product improvement.
• We do not attempt to re-identify such data.

2.11 Children’s Information

• The Services are for businesses and professionals. We do not knowingly collect information about children under the age of majority in their province/territory.

2.12 Sources of Data

• You: manual entry, CSV/receipt uploads, mobile capture, or API imports.
• Connected services you enable bank-feed aggregators, payment processors, payroll, or other integrations.
• Systems: logs, telemetry, and security tooling generated by the Services.

2.13 What We Don’t Do

• We do not sell personal information.
• We do not store online-banking passwords.
• We do not store raw card PAN/CVV.

i> (Cross-references: Section 3 (How We Use Data), Section 5 (Sharing and Sub-processors), Section 7 (Cookies and Analytics), Section 9 (Retention and Deletion).)

3. How We Use Data (Purposes)

We process information to run and improve the Services, protect users, and meet Canadian legal obligations. We apply data minimization and use the least intrusive methods to achieve each purpose. (See Section 4: Legal Bases for the “why” in law.)

Category References

(B1) Account & Profile • (B2) Financial Content • (B3) End-Client / Counterparty • (B4) Banking Data • (B5) Payments • (B6) Usage & Device • (B7) Support & Comms • (B8) Inferred / Derived

C1. Provide and Operate the Services

What this covers: Core accounting features—ledger, reconciliation, reporting, document capture, collaboration, exports, and integrations you enable.
Typical data used: B1, B2, B3, B4, B5, B6
Why it’s necessary: Without this processing, the platform won’t function. Notes: Read-only bank feeds via aggregator; payments via PCI-compliant processors (tokens only).

C2. Security, Abuse, and Fraud Prevention

• What this covers: Access control, session management, anomaly detection, anti-fraud checks, audit logs, threat monitoring, and incident response.
• Typical data used: B1, B4, B5, B6, B7, B8
• Techniques: Risk scoring, rate-limiting, device signals, and automated alerts.
• Notes: We may temporarily restrict actions (e.g., payouts, bulk exports) to protect users and the platform.

C3. Customer Support and Service Communications

• What this covers: Responding to tickets, troubleshooting, training tips, release notes, and transactional messages (e.g., password resets, MFA prompts, maintenance notices).
• Typical data used: B1, B2 (as needed for repro), B6, B7
• Notes: Support artifacts (screenshots/logs) are redacted where feasible; recordings are used only where permitted by law and for quality assurance.

C4. Product Improvement and Analytics

• What this covers: Understanding feature adoption, performance, and reliability; improving accuracy (e.g., transaction categorization), usability, and capacity planning.
• Typical data used: B2 (minimized), B6, B8
• Safeguards: We prefer aggregated or de-identified analytics. Individual-level review occurs only when strictly necessary (e.g., to resolve a defect).
• Choices: Where required, you can opt out of certain analytics that are not essential to the service (see Section 7: Cookies/Analytics).

C5. Legal, Compliance, and Record-Keeping

• What this covers: Meeting Canadian legal obligations (e.g., PIPEDA principles, provincial privacy statutes, tax and financial-record requirements), responding to lawful requests, enforcing our terms, preventing financial crime.
• Typical data used: B1–B8, limited to what is necessary.
• Notes: We retain records and audit trails consistent with statutory or contractual obligations (see Section 9: Retention & Deletion).

C6. Marketing and Optional Notifications

• What this covers: Product updates, webinars, newsletters, surveys, and offers relevant to accounting workflows.
• Typical data used: B1, B6 (preference signals), B7
• Controls: We follow CASL. You can opt in or out at any time via links in emails or in-app settings. Transactional or service-critical emails are not marketing and may still be sent.

Automated Decision-Making (ADM) & Model-Assisted Features

• Scope: Primarily C2 (security/fraud) and C4 (product features).
• Human review: Available for consequential issues; we do not make decisions with legal or similarly significant effects on individuals without appropriate human involvement.
• Controls: You can correct data, contest outcomes, or request human review via support (see Section 8: Your Rights & Choices).

Aggregated, De-identified, and Statistical Uses

• We may convert data to aggregated or de-identified form and use it to enhance reliability, capacity planning, benchmarking, and security research.
• We do not re-identify such data.

What We Don’t Do

• No sale of personal information.
• No storage of online-banking passwords.
• No storage of raw card PAN/CVV.

Cross-References

• Section 2: Data We Collect
• Section 4: Legal Bases (Canada)
• Section 5: Sharing & Sub Processors
• Section 7: Cookies / Analytics
• Section 8: Your Rights & Choices
• Section 9: Retention & Deletion
• Section 10: Security Measures

4. Legal Bases (Canada)

We process personal information under Canadian privacy law—primarily PIPEDA and, where applicable, Alberta PIPA, BC PIPA, and Québec Law 25. Our bases are consent (express or implied), appropriate purposes (PIPEDA s.5(3) “reasonable person” test), and legal obligation. For email/SMS marketing, we also comply with CASL.

4.1 Our Bases Explained

• Consent: Your voluntary agreement—express (e.g., checkbox) or implied (e.g., you upload client ledgers to use reconciliation). You may withdraw consent at any time (see Section 8), subject to legal or contractual limits.
• Appropriate Purposes (Reasonable-Person Standard): We process information for purposes a reasonable person would deem appropriate in the circumstances (e.g., security, fraud prevention, service reliability, audit logs). We apply necessity, proportionality, and safeguards.
• Legal Obligation: We process or retain certain data to meet statutory duties (e.g., tax and record-keeping), respond to lawful requests, and comply with court orders or regulatory requirements.
• Québec Law 25 Additions:We apply privacy-by-default, conduct PIAs for high-risk features, and ensure contractual safeguards for cross-border processing by sub processors supporting the Services.

4.2 Purpose-to-Basis Map (links to Section 3)

The table below maps each processing purpose to its typical data categories and lawful bases under Canadian privacy law.

4.3 Your Choices & Withdrawals

• Access/Correction/Deletion: See Section 8.
• Marketing Opt-Outs: CASL-compliant unsubscribe links and in-app preferences.
• Analytics/Cookies: Manage preferences in the Cookies Center (Section 7).
• Effect of Withdrawal: Some features may stop working if consent is withdrawn for essential processing.

4.4 Balancing & Safeguards (Appropriate Purposes)

For security and reliability (C2/C4), we apply a balancing test: limit scope, use least intrusive signals, prefer de-identified data, and maintain technical/organizational safeguards (encryption, access controls, auditability). Human review is available for consequential outcomes (see ADM in Section 3).

4.5 Legal Requests & Exceptions

We may process or disclose information without consent where permitted by law (e.g., investigations, fraud prevention, compliance with court orders/subpoenas). We document requests and challenge overbroad demands where appropriate.

4.6 Children & Sensitive Identifiers

The Services are for businesses/professionals. We only process sensitive identifiers (e.g., SIN) when you initiate workflows that legally require them (e.g., payroll/T-slips), and we apply heightened safeguards.

Cross-references: Section 3 Purposes • Section 5 Sharing & Sub-processors • Section 7 Cookies/Analytics • Section 8 Your Rights & Choices • Section 9 Retention & Deletion • Section 10 Security Measures.

5. Sharing & Sub-processors

We do not sell personal information. We share information only to operate, secure, and support the Services, or as required by law. All sub-processors are bound by written data-protection terms, security obligations, and—where applicable—cross-border safeguards (see Section 11).

5.1 How We Vet and Govern Sub-processors

• Due diligence: security, privacy, compliance posture (PIPEDA; Alberta/BC PIPA; Québec Law 25).
• Contracts: confidentiality, purpose limitation, breach notice, deletion/return, and onward-transfer controls (e.g., SCCs where applicable).
• Minimum security: encryption in transit/at rest, access controls, logging, vulnerability management, and incident response.
• Monitoring: risk reviews and performance oversight; removal if obligations are not met.

5.2 Categories of Sharing (E1–E9)

E1. Infrastructure (cloud, storage, CDN)
Purpose: hosting, compute, database, content delivery, backups.
Data: B1–B3, B4–B8 as necessary. Regions disclosed in the Sub-processor List.

E2. Bank Data Aggregators (read-only)
Purpose: bank feeds and reconciliation.
Data: B4 (account identifiers, balances, transactions). No banking passwords shared or stored.

E3. Payments (PCI processors)
Purpose: payment acceptance, settlement, refunds, chargebacks.
Data: B5 (tokens/IDs, payer/payee details). No raw PAN/CVV stored by the Service.

E4. Analytics & Telemetry
Purpose: reliability, performance, product improvement, error tracking.
Data: primarily B6/B8; B2 minimized and only as needed. Preferences in Section 7.

E5. Communications & Support
Purpose: email/SMS delivery, in-app messaging, help desk, call/chat handling.
Data: B1, B6, B7 (and limited B2 for troubleshooting when necessary).

E6. Security Tools
Purpose: threat detection, logging, IDS/IPS, DDoS protection, fraud/risk scoring.
Data: B1, B6, B8 (plus limited B4/B5 signals where required to prevent abuse).

E7. Professional Services & Advisors
Purpose: auditors, legal counsel, accounting/compliance advisors.
Data: least necessary; subject to confidentiality.

E8. Government & Legal Requests
Purpose: comply with applicable law, court orders, and lawful requests.
Approach: we assess scope, push back on overbroad demands, and notify you where permitted.

E9. Business Transfers (M&A)
Purpose: corporate transactions (merger, acquisition, financing, asset sale).
Protections: continue policy commitments or provide notice with choices, including data export/deletion options.

5.3 Public Sub-processor List

We maintain a live list with purpose, data categories, processing region(s), and transfer safeguard status (e.g., SCCs).
Link placeholder: [Sub-processor List]

We will post updates and (for paid plans) provide advance notice (e.g., 30 days) for material additions. Enterprise plans may contract for a right to object, with reasonable alternatives or termination options.

5.4 Your Integrations (Third-Party Services You Enable)

If you connect third-party services (e.g., payroll, payments, bank feeds), you instruct us to exchange data with them. Their privacy practices are governed by their own policies and contracts; you should review those terms.

5.5 De-identified & Aggregated Use

We may share de-identified or aggregated statistics (e.g., reliability metrics, security research) that do not identify individuals or your firm.

5.6 Cross-Border Processing

Some sub-processors may process outside Canada. We use contractual and technical safeguards (e.g., SCCs, access controls, encryption) and detail regions in the Sub-processor List. See Section 11 for transfer specifics.

Cross-references: Section 2 (Data) • Section 3 (Purposes) • Section 7 (Cookies/Analytics) • Section 9 (Retention) • Section 10 (Security) • Section 11 (Transfers) • Section 12 (Roles & DPA).

6. Banking & Payments Data Handling

We design our banking and payments flows to minimize sensitive data exposure while preserving accurate reconciliation and auditability.

6.1 Bank Feeds (Read-Only Aggregator)

• Connection method: Bank feeds are enabled through an approved read-only data aggregator you choose to connect.
• Credentials: The Service does not collect or store online-banking usernames or passwords. Authentication happens directly with the aggregator or financial institution.
• Data retrieved: Account identifiers, balances, transactions, and related metadata needed for reconciliation (see B4).
• Use: Import, categorize, match, and reconcile transactions (see C1).
• Security: OAuth or token-based access; encryption in transit and at rest; scoped access tokens; periodic token refresh.

6.2 Payments (Tokenized via PCI-Compliant Processors)

• Processors: Card and other payment rails run through PCI DSS–compliant processors.
• Data stored: Tokens/IDs only (e.g., customer/payment method tokens, last 4 digits, brand, expiry month/year). We do not store raw card numbers (PAN), CVV, or magnetic-stripe data.
• Operational data: Payer/payee details, authorization/settlement/charge status, and references required for bookkeeping (see B5).
• Use: Receiving payments, issuing refunds, reconciliation, chargeback handling (see C1/C2/C5).
• Your choice of processor: If you enable or connect a processor, you authorize data exchange with that provider (see Section 5.4).

6.3 Reconciliation & Accounting Artifacts

• What we generate/store: Matches, categorizations, audit logs, and supporting artifacts (e.g., documents or receipts you attach) to maintain accurate books.
• Edits & overrides: You or your staff may review and override suggested categorizations; such actions are logged for auditability.

6.4 Tokens, Keys, and Secrets

• Segregation: Payment tokens and bank-feed access tokens are logically separated from application data.
• Key management: Encryption keys are managed using industry-standard controls with strict role-based access (see Section 10).

6.5 Fraud, Risk, and Compliance Controls

• Purpose: Prevent misuse, protect users, and meet legal obligations.
• Signals: Device/session indicators, velocity limits, anomaly detection, and processor/aggregator risk feedback (see B8/C2).
• Actions: We may delay or restrict actions (e.g., large exports, payouts) if risk thresholds are triggered, and we will review promptly.

6.6 Chargebacks, Disputes, and Error Resolution

• Who handles what: Card chargebacks and payment disputes are handled under your payment processor’s rules and timelines.
• Our role: We provide logs, references, and exports necessary to support your case.
• Bank-feed errors: If a feed returns incomplete or duplicated entries, we surface status and allow re-sync or correction; we may coordinate with the aggregator to resolve.

6.7 Canadian Payment Methods & Notices (Informational)

• Card rails: Processed via your PCI-compliant processor; only tokenized data is stored within the Service.
• Bank rails (e.g., EFT/Pre-Authorized Debits): If enabled through an integration, that provider’s terms, disclosures, and consent mechanisms apply.
• Interac/other methods: If supported through an integration, the third-party provider’s policies govern financial data handling.

6.8 Retention & Deletion (Banking/Payments)

• Bank feeds: Transaction data retained consistent with workspace retention settings and legal record-keeping requirements (see Section 9).
• Payment records: Tokenized references and settlement artifacts are retained for reconciliation, audits, and dispute defense, then deleted or anonymized per Section 9.
• Token revocation: Disconnecting a bank feed or payment method revokes tokens going forward; historical accounting entries remain for audit and accounting integrity.

6.9 Your Responsibilities

• Config & consent: Ensure you have authority/consent to connect bank accounts and process payments for your business or clients.
• Accuracy: Review and validate categorizations and reconciliations; correct as needed.
• Third-party terms: Review and comply with terms and privacy policies of any aggregator or processor you enable (see Section 5.4).

Cross-references: Section 2 (B4/B5) • Section 3 (C1–C2) • Section 5 (Sharing & Sub-processors) • Section 9 (Retention & Deletion) • Section 10 (Security) • Section 11 (Transfers) • Section 12 (Roles & DPA).

7. Cookies & Analytics

We use cookies and similar technologies to run the Services, secure accounts, understand product performance, and—if you allow—deliver helpful updates. We practice data minimization and prefer aggregated/de-identified analytics where feasible.

7.1 Types of Technologies (I1)

• Essential (strictly necessary): session management, authentication/MFA, load balancing, fraud prevention, and security logging. These are required for the Services to function.
• Analytics & Performance: feature adoption measurement, reliability metrics, crash/error telemetry, and A/B testing. Optional where not strictly necessary.
• Marketing & Preferences: email attribution, campaign measurement, in-app announcements, and preference storage. Optional and based on consent.

Mobile applications may use analogous SDKs that perform similar functions to cookies.

7.2 Our Legal Basis & Consent (Canada) (I2)

• Essential cookies: processed under appropriate purposes and implied consent (see Section 4), as the Services cannot function without them.
• Analytics/Marketing cookies: we request express consent through a banner or preferences center where required. You may withdraw consent at any time without affecting essential functionality.
• We comply with CASL for marketing communications. Cookie consent is separate from email/SMS consent.

7.3 Your Controls

• Preferences Center: manage categories (Essential, Analytics, Marketing) at any time from the banner link or Settings → Privacy.
• Browser settings: you may block or delete cookies; however, essential features may degrade if essential cookies are blocked.
• Do Not Track / Global Privacy Control (GPC) (I3): where supported, we treat valid GPC signals as an opt-out for non-essential cookies.

7.4 What We Use (Illustrative)

We do not use non-essential cookies without your consent. We do not store raw card data or online-banking credentials in cookies/SDKs.

7.5 Third-Party Tools

Where we use third-party analytics, messaging, or error-tracking tools, they act as sub-processors under contract and are listed on our Sub-processor List (see Section 5). Where available, we enable IP-truncation or similar minimization safeguards.

7.6 Measuring Email & In-App Engagement

If you opt into marketing, we may track opens/clicks to understand relevance and to avoid over-messaging. You can unsubscribe from marketing at any time; transactional/security notices will still be sent.

7.7 Changes to This Notice

We may update cookie categories, vendors, or retention periods as our Services evolve. Material changes will be reflected in the Preferences Center and/or communicated in-app.

Cross-references: Section 2 (B6/B8) , Section 3 (C4–C6), Section 4 (Legal Bases), Section 5 (Sub-processors), Section 8 (Your Rights & Choices), Section 9 (Retention & Deletion), Section 10 (Security).

8. Your Rights & Choices

You have meaningful choices over your information. The options below apply to our Services used in Canada and are designed to meet PIPEDA and, where applicable, Alberta PIPA, BC PIPA, and Québec Law 25.

8.1 Global Rights Summary

• Access: Obtain a copy of personal information we hold about you.
• Correction: Update or rectify inaccurate or incomplete information.
• Deletion: Request deletion, subject to legal/record-keeping obligations.
• Portability: Receive a machine-readable copy of your data where feasible.
• Objection/Restriction: Object to or restrict non-essential processing (e.g., certain analytics/marketing).
• Consent Withdrawal: Withdraw consent at any time; some features may stop working if essential processing is withdrawn (see Section 4).

8.2 Canada-Specific Notes

• PIPEDA “appropriate purposes”: We assess necessity and proportionality for security/fraud and reliability processing (Sections 3–4).
• Québec Law 25: Privacy by default, PIAs where required, and data-transfer safeguards for service providers. You may also request de-indexing in limited cases provided by law.
• Provincial statutes (AB/BC PIPA): Comparable access/correction rights; we apply consistent standards across Canada.

8.3 Marketing & Notifications (CASL)

• Opt-in/Opt-out: Manage email/SMS marketing in Settings → Preferences or via the unsubscribe link.
• Transactional messages (e.g., invoices, security alerts, service notices) are not marketing and will continue.

8.4 Cookies & Analytics Choices

• Use the Cookies/Preferences Center to manage Essential / Analytics / Marketing categories (see Section 7).
• We honour valid Global Privacy Control (GPC) signals for non-essential cookies where supported.

8.5 Data Export & Portability

• Exports: Administrators can export accounting records (e.g., journals, invoices, contacts) in standard formats (CSV/JSON/PDF where applicable).
• Bank/Payments: You can export reconciliation artifacts and references (tokens, not raw PAN/CVV or banking passwords).

8.6 How to Exercise Your Rights

• Submit a request: privacy@$$$.ca
• What we need: Enough detail to identify you and the data in question (e.g., account email, workspace). We may request additional verification (see 8.7).
• Who is the controller? For Customer Data inside your workspace, your firm (Customer) is the controller; we act as processor (see Section 12). If you are an end client of a firm using our Services, please contact that firm first. We will assist them as required by the DPA.

8.7 Verification, Timing, and Fees

• Verification: We verify identity using reasonable methods (e.g., email confirmation, admin validation, or additional proof for sensitive requests).
• Response time: We aim to respond within 30 days of receipt and verification (or notify you if an extension is needed, per law).
• Fees: Requests are free. A reasonable fee may apply for repetitive/excessive requests or for producing non-standard copies, where permitted.

8.8 Limits & Exceptions

We may retain or withhold certain information to comply with legal holds, tax/record-keeping laws, protect security/integrity, or respect third-party confidentiality. Where we deny or limit a request, we will provide the legal basis.

8.9 Appeals

If you disagree with our response, you may appeal by replying to our decision email or writing to privacy@$$$.ca with “Appeal” in the subject. A senior reviewer will reassess your request.

8.10 Complaints to Regulators

If we cannot resolve your concern, you may contact:

• Office of the Privacy Commissioner of Canada (OPC) — priv.gc.ca
• Alberta OIPC — oipc.ab.ca
• BC OIPC — oipc.bc.ca
• Commission d’accès à l’information (Québec) — cai.gouv.qc.ca

Contact for privacy matters: privacy@$$$.ca • Privacy Office, [City/Province], Canada

(Cross-references: Section 2 Data We Collect • Section 3 Purposes • Section 4 Legal Bases • Section 5 Sharing & Sub-processors • Section 7 Cookies • Section 9 Retention & Deletion • Section 12 (Roles & DPA).)

9. Retention & Deletion

We retain information only for as long as it is necessary to provide the Services, meet legal/record-keeping obligations, resolve disputes, and maintain security/auditability. We use category-based defaults, allow customer configuration where available, honour legal holds, and apply secure deletion/anonymization when data is no longer needed.

9.1 Defaults by Data Category (G1)

• Account & Profile (B1): Life of the Account + up to 24 months after closure for billing, fraud prevention, and dispute defense.
• Financial Content (B2): Life of the workspace + customer-set retention (see 9.2), subject to statutory record-keeping (often 6—7 years under Canadian tax/accounting norms).
• End-Client/Counterparty (B3): Mirrors B2, subject to your firm’s obligations and instructions.
• Banking Data (B4): Synced transactions per B2; access tokens retained only while a feed is connected; revoked at disconnect.
• Payments (B5): Tokens/IDs and settlement artifacts retained for reconciliation, chargeback defense, and anti-fraud—typically 24 months–7 years depending on regulatory/contractual needs.
• Usage & Device (B6): Security and operations logs 90 days—24 months (shorter for high-volume telemetry; longer for security/audit).
• Support & Communications (B7): Tickets and related artifacts 12—24 months (longer if an incident, dispute, or legal hold applies).
• Inferred/Derived (B8): Risk scores/flags and product analytics up to 24 months, then aggregate or delete.

These are standard defaults; exact periods may vary by feature, processor/aggregator requirements, or law. See your Admin → Data Retention settings.

9.2 Customer-Configurable Retention (G2)

Where supported, Administrators can configure retention windows (e.g., Financial Content archival at N years; log retention at 6/12/18 months). Settings apply prospectively and are bounded by legal minimums/maximums. Exports remain available per Section 8.5 while data exists.

9.3 Legal Holds & Record-Keeping (G3)

We may preserve specific data beyond configured periods when required by law, regulation, litigation, audits, or to investigate security issues. When a legal hold ends, affected data follows the normal deletion schedule.

9.4 Secure Deletion & Anonymization (G4)

When data reaches end-of-life (or you request deletion, where applicable), we:

• Queue deletion in production systems.
• Cryptographically shred/overwrite indexes and search artifacts.
• Anonymize or aggregate where live metrics must persist.
• Expire backups on a rolling schedule (see 9.5).

We maintain audit logs of deletion jobs and conduct periodic verification.

9.5 Backups & Disaster Recovery

Encrypted backups exist to ensure continuity. Deleted items may persist in backups until rotation completes (typically 30–120 days). Backup data is not used for production processing and is restored only for disaster recovery; upon restore, deletion jobs re-run.

9.6 Account Closure & Post-Termination Window

• Exports: Admins get a post-termination export window (e.g., 30 days) to download records (journals, invoices, attachments, logs where applicable).
• Deletion: After the window, we begin deletion per categories above, excluding data under legal hold. Tokens/keys (bank feeds, payments) are revoked immediately on disconnect/closure.
• Certificates: Enterprise plans may request a certificate of deletion.

9.7 Requests to Delete Personal Information

• As Controller (Customer Data): For End-Client data inside your workspace, your firm is the controller. Submit requests via Admin tools; we will assist as processor under the DPA.
• As Controller (Operational Data): For account, billing, and security data where we are the controller, submit requests to privacy@$$$.ca; we will assess and act consistent with legal obligations and this Policy.

9.8 Exceptions & Integrity Constraints

Certain artifacts (e.g., audit logs, financial records, fraud indicators, chargeback evidence) may be retained for mandated periods. Historical accounting entries may be preserved to maintain ledger integrity even when a bank feed or payment method is disconnected (sensitive tokens remain revoked).

(Cross-references: Section 2 Categories • Section 3 Purposes • Section 4 Legal Bases • Section 5 Sub-processors • Section 6 Banking/Payments • Section 8 Rights & Choices • Section 10 Security )

10. Security Measures

We design for confidentiality, integrity, and availability using layered technical and organizational controls. Security is shared: $$$ secures the platform; you secure your users, configurations, and data you choose to upload.

10.1 Core Controls (F1)

• Encryption: TLS in transit; AES-256 (or equivalent) at rest; encryption keys managed with strict separation of duties.
• Access Controls (RBAC/Least Privilege): Role-based permissions, just-in-time elevation for administrators, mandatory MFA for privileged access.
• Network & Segmentation: Firewalling, private subnets, security groups, WAF/DDoS protections, bastion access with short-lived credentials.
• Auditability: Immutable audit logs for administrative actions, authentication events, data exports, and sensitive configuration changes.
• Secrets Management: Centralized KMS/secret vault; rotation and scoping of tokens/keys (bank feeds, payment tokens).
• Hardening & Baselines: CIS-aligned OS baselines, container image scanning, minimal package sets.
• Monitoring: Centralized logging, SIEM correlation, anomaly and intrusion detection.

10.2 Secure Development (F2)

• SDLC: Threat modeling, code review, and mandatory security checks in CI/CD.
• Dependency Hygiene: SCA (software composition analysis), pinned versions, vulnerability alerts, and rapid patch SLAs for critical issues.
• Testing: Unit/integration tests, dynamic scanning, and periodic independent penetration tests; remediations tracked to closure.
• Change Management: Peer review, staged rollouts, canary deploys, and rollback plans.

10.3 Operations & Resilience (F3)

• Backups & DR: Encrypted backups with periodic restore tests; RPO/RTO targets consistent with business-critical SaaS.
• Availability: Redundant components, health checks, auto-scaling, and circuit breakers.
• Incident Response: 24×7 monitoring, documented runbooks, triage/severity classifications, customer notifications as required by law and contract.
• Vendor Risk: Sub-processor due diligence, contractual controls, and ongoing monitoring (see Section 5).
• Business Continuity: Tested procedures for regional disruption, cloud provider incidents, or supply-chain vulnerabilities.

10.4 Customer Security Features (F4)

• SSO & MFA: SSO (where supported) and per-user MFA; enforced MFA policies for workspaces.
• Role Permissions: Granular roles for Admin/Staff; view/edit/export controls; least-privilege defaults.
• Export Controls: Admin-guarded exports with logging; optional IP allowlisting (where available).
• Data Tools: Bulk import/export, redaction tools for support sharing, and workspace-level retention settings (see Section 9).
• Session Controls: Session timeouts, device/session review, and revoke-all-sessions capability.

10.5 Responsible Disclosure

We welcome vulnerability reports from security researchers and commit to good-faith, no-retaliation handling. (Link placeholder: Security Overview / Responsible Disclosure.)

10.6 Limits

No internet service can be guaranteed 100% secure. Our commitments above—combined with your correct configuration and user practices—reduce risk materially. See Terms of Service for warranty and liability terms.

Cross-references: Section 2 (Data Categories) • Section 3 (Purposes C2/C4) • Section 5 (Sub-processors) • Section 6 (Banking/Payments) • Section 7 (Cookies/Analytics) • Section 9 (Retention) • Section 11 (Transfers) • Section 12 (Roles & DPA).

---

11. International Data Transfers

Our Services are Canada-focused, but some sub-processors or support operations may process outside Canada (e.g., the United States). When we transfer personal information across borders, we apply contractual, technical, and organizational safeguards to ensure a level of protection comparable to that required under Canadian law.

11.1 Where Processing May Occur

• Primary operations: Canada (hosting and core services, where available).
• Ancillary processing: Other jurisdictions (e.g., U.S.) for specific functions such as email delivery, analytics, error tracking, or 24×7 support.
• Live regions: Disclosed on our Sub-processor List with purpose and processing region(s).

11.2 Safeguards We Use

• Contracts: Written data-protection terms with sub-processors (confidentiality, purpose limitation, deletion/return, breach notice, onward-transfer controls).
• Security controls: Encryption in transit/at rest, strict access controls, logging/auditability, key management (see Section 10).
• Access minimization: Role-based access, least privilege, and data minimization for support.
• Transparency: Advance notice of material sub-processor additions (see Section 5.3).

11.3 Québec Law 25 (Cross-Border)

For transfers outside Québec, we conduct a privacy impact assessment considering sensitivity, purposes, safeguards, and legal frameworks of the destination, and we ensure the recipient offers adequate protection by contract. Where required, we provide clear notice of cross-border processing.

11.4 Your Choices & Controls

• Integration choices: If you enable third-party integrations (e.g., bank-feed aggregator, payment processor), you instruct us to exchange data with those providers, which may process outside Canada (see Section 5.4).
• Data residency options: Where available, Administrators may select regional settings or Canada-preferred routing for certain features.
• Export at any time: You can export records for your own archiving or local storage (see Section 8.5).

11.5 EU/UK Personal Data (If received)

If we later receive or process EU/EEA or UK personal data (e.g., your client base expands), we will rely on appropriate transfer tools such as the EU Standard Contractual Clauses (SCCs) and the UK Addendum, plus the technical safeguards described above.

Cross-references: Section 2 (Data Categories) • Section 5 (Sub-processors) • Section 8 (Your Rights & Choices) • Section 10 (Security) • Section 12 (Roles & DPA) .

12. Customer Roles (Controller/Processor) & DPA Linkage

12.1 Role Allocation

• Customer (you) — Controller. For Customer Data in your workspace (e.g., ledgers, invoices, receipts, payroll, bank-feed items, end-client records), you determine the purposes and means of processing.
• $$$ — Processor. We process Customer Data only on your documented instructions under the Data Processing Addendum (DPA).
• $$$ — Controller (operational data). For account, billing, usage, security, fraud-prevention, and support metadata, we act as controller to operate, secure, and improve the Services and meet legal obligations (see Sections 2–4, 10).

12.2 Data Processing Addendum (DPA)

• Incorporation. The DPA is incorporated by reference into this Policy and the Terms of Service.
• Scope. Defines processing instructions, confidentiality, security measures, sub-processor conditions, assistance for rights requests, breach notification, deletion/return, and transfer safeguards.
• Order of precedence. If there is a conflict, DPA → this Policy → ToS → Documentation, unless an Order Form states otherwise.
• Link placeholder: Data Processing Addendum (DPA).

12.3 Customer Responsibilities (Controller)

• Lawful basis & notices. Obtain and document appropriate consent/authority to process End-Client/Counterparty data (PIPEDA; AB/BC PIPA; Québec Law 25).
• Configuration & access. Manage SSO/MFA, roles/permissions, retention settings, and integrations (Sections 7–10).
• Accuracy & minimization. Input accurate data and avoid uploading unnecessary sensitive information.
• Requests from individuals. Route data-subject requests through Admin tools or to us for assistance (Section 8).

12.4 $$$ Responsibilities (Processor)

• Instructions. Process Customer Data only per your documented instructions (including in-app settings and APIs).
• Confidentiality & security. Ensure personnel are bound by confidentiality and follow the controls in Section 10 and the Security Annex to the DPA.
• Sub-processors. Engage sub-processors under written terms; keep a public Sub-processor List; give advance notice of material additions and provide objection/alternative options for eligible plans (Section 5.3).
• Assistance. Provide reasonable technical/organizational measures to help you respond to access, correction, deletion, portability, and objection requests (Section 8).
• Breach notification. Notify you without undue delay after becoming aware of a breach involving Customer Data, and cooperate on investigation, mitigation, and reporting.
• Deletion/return. On termination or upon your instruction, delete or return Customer Data and delete residual copies from active systems; backups expire on rotation (Section 9).
• Audit & assurance. Make available independent audit reports or summaries (e.g., pen-test attestations) and respond to reasonable information requests. Site audits, where necessary, are subject to confidentiality, scope, and scheduling limits under the DPA.

12.5 International Processing & Québec Law 25

• Cross-border safeguards. Where Customer Data is processed outside Canada, we apply contractual, technical, and organizational safeguards (Section 11).
• PIA (Law 25). For transfers from Québec, we support your privacy impact assessments and provide information on applicable legal frameworks and safeguards.

12.6 Government & Legal Requests

We assess scope, challenge overbroad demands where appropriate, and notify you unless legally prohibited. Disclosure is limited to what is strictly necessary (Sections 4.5 and 5.2–E8).

12.7 Documentation & Records

We maintain internal records of processing activities; for higher-risk features, we perform threat/privacy assessments and document mitigations (Sections 3–4, 10–11).

Cross-references: • Section 2 (Data Categories) • Section 3 (Purposes) • Section 4 (Legal Bases) • Section 5 (Sub-processors) • Section 8 (Your Rights) • Section 9 (Retention) • Section 10 (Security) • Section 11 (Transfers) • Section 12 (Roles & DPA)

13. Third-Party Links & Integrations

Our Services may link to or interoperate with third-party products. Their processing of personal information is governed by their privacy policies and contracts—not this Policy.

13.1 Third-Party Links (Informational)

• Our website/app may include links to non-affiliated sites (e.g., knowledge bases, government resources).
• We are not responsible for the privacy, security, or content practices of those sites. Review their policies before sharing information.

13.2 Integrations You Enable (Controller Instruction)

When you connect an integration (e.g., bank-feed aggregator, payment processor, payroll, storage, CRM), you instruct $$$ to exchange data with that provider to deliver the requested functionality.

• Data exchanged: limited to what is necessary for the integration (see Section 2).
• Roles: The third party typically acts as its own controller (or processor to you). $$$ remains your processor for Customer Data within the Services (see Section 12).

13.3 Banking & Payments (Special Cases)

• Bank feeds: Provided via read-only aggregator; no online-banking passwords are collected or stored by $$$ (see Section 6.1).
• Payments: Handled by PCI-compliant processors using tokens; no raw PAN/CVV stored by $$$ (see Section 6.2).

13.4 Responsibility Boundaries

• We configure and support the connector inside the Services.
• The third-party provider is responsible for its availability, security, data handling, and consents under its policies.
• If an integration is down or changes its API, functionality may be degraded until restored or reconfigured.

13.5 Consent & Notices

• You are responsible for obtaining any consents/authority required to share End-Client/Counterparty data with integrations you enable (see Sections 4 & 12.3).
• We provide in-app disclosures describing the integration’s purpose and the data it accesses where feasible.

13.6 Disconnecting an Integration

• Administrators can disconnect integrations at any time. We then revoke tokens/keys going forward.
• Historical accounting entries and reconciliation artifacts remain to preserve ledger integrity (see Section 9).

13.7 Integration Changes & Sunset

• We may add, modify, or sunset integrations (e.g., due to third-party policy or technical changes).
• For material changes affecting personal information flows, we provide reasonable notice and guidance on alternatives where available.

Cross-references: • Section 2 (Data Categories) • Section 3 (Purposes) • Section 5 (Sharing & Sub-processors) • Section 6 (Banking/Payments) • Section 9 (Retention) • Section 11 (Transfers) • Section 12 (Roles & DPA).

14. Changes to This Policy

We may update this Privacy Policy to reflect changes to our Services, legal requirements, or security and privacy practices.

14.1 How We Decide to Update

• Triggers: new features or integrations, changes to data uses or categories, updates to Canadian law (e.g., PIPEDA guidance, Québec Law 25), or improvements to safeguards.
• Principles: necessity, proportionality, transparency, and privacy-by-default.

14.2 Notice of Changes

• Material changes: new data categories, new purposes, new types of recipients, or material shifts in retention/transfer practices. We provide advance notice via in-app banner or email to Administrators and post the revised Policy with a new "Effective Date."
• Minor/administrative changes: wording clarifications, formatting updates, or link updates; posted without advance notice.

14.3 Your Options

• Review & continue: Continued use after the Effective Date means you accept the updated Policy.
• Consent refresh: Where Canadian law requires express consent (e.g., new non-essential analytics/marketing), we request it before proceeding.
• If you disagree: Administrators may adjust settings, disable optional features, or export data and close the Account (see Section 9.6 and the Terms of Service).

14.4 Versioning & Archive

We maintain an archive of past versions with a brief changelog describing material updates.

Link placeholder: Archive of Privacy Policy Versions.

Cross-references: • Section 2 (Data Categories) • Section 3 (Purposes) • Section 4 (Legal Bases) • Section 5 (Sub-processors) • Section 7 (Cookies/Analytics) • Section 9 (Retention) • Section 11 (Transfers).

15. Contact & Complaints

We take privacy seriously and respond promptly to questions, requests, and concerns.

15.1 Contact $$$ (Privacy)

• Email: privacy@$$$.ca
• Postal: Privacy Office, $$$, [Street Address], [City], [Province], [Postal Code], Canada
• Subject line tips: "Access Request," "Correction," "Deletion," "Appeal," or "Privacy Question" (as applicable)

15.2 Response & Escalation

• We acknowledge most requests within 5 business days and aim to respond within 30 days of verifying your identity (or explain why more time is needed, as permitted by law).
• If you disagree with our decision, you may appeal by replying to our response or emailing privacy@$$$.ca with "Appeal" in the subject; a senior reviewer will reassess.

15.3 Complaints to Regulators (Canada)

If we cannot resolve your concern, you may contact the appropriate regulator:

• Office of the Privacy Commissioner of Canada (OPC) — www.priv.gc.ca
• Alberta OIPC — www.oipc.ab.ca
• BC OIPC — www.oipc.bc.ca
• Commission daces à information (Québec) — www.cai.gouv.qc.ca

We will cooperate with regulators and follow their guidance to resolve complaints.

15.4 Authorized Agents & Representatives

Where allowed, you may appoint an authorized representative to act on your behalf. We will verify both your identity and the agent’s authority consistent with Section 8.7.

15.5 Language

We provide privacy communications in English and French upon request.

Cross-references: Section 8 (Your Rights & Choices) → Section 9 (Retention & Deletion) → Section 12 (Roles & DPA)

16. Regional Addenda

16.1 Canada (National — PIPEDA)

• Scope: Applies to all Services used in Canada.
• Standards: We follow PIPEDA principles (accountability, identifying purposes, consent, limiting collection/use/retention, accuracy, safeguards, openness, access, challenge).
• Breach handling: We keep records of all breaches of security safeguards; where a breach creates a real risk of significant harm, we notify the OPC and affected individuals, and document remedial steps.
• Access & correction: See Section 8; responses targeted within 30 days (or as extended by law).
• Cross-border: Allowed with safeguards (see Section 11). We disclose categories of foreign processors and measures taken.
• Children: Business service — not intended for minors; we do not knowingly collect children’s data.

16.2 Alberta (PIPA – supplement)

• Mandatory breach notice: If a breach creates a real risk of significant harm, we notify the Alberta OIPC without unreasonable delay and affected individuals as directed.
• Agent duties: Where we act as a service provider, we notify the Customer of privacy incidents that impact their data and assist with required notifications.

16.3 British Columbia (PIPA – supplement)

• Access/correction: Comparable to PIPEDA; we apply consistent Canada-wide processes.
• Service provider role: We act on Customer instructions, apply safeguards, and limit use to the purposes set out in Sections 3–4 & 12.

16.4 Québec (Law 25 – supplement)

• Privacy by default: Settings default to the highest confidentiality compatible with the Services’ functions.
• PIA for transfers: For cross-border processing, we conduct/assist with privacy impact assessments and ensure recipients offer adequate protection by contract (see Section 11).
• Breach notification: If an incident risks serious injury, we notify the CAI and affected individuals as required and maintain incident registers.
• Person in charge of the protection of personal information:
  • Title: Privacy Officer, $$$
  • Contact: privacy@$$$.ca (see Section 15)
• Automated decision-making: On request, we provide the main factors of any ADM that significantly affects an individual and how to submit observations (see Section 3).

16.5 Canada — CASL (Commercial Electronic Messages)

• Consent: We obtain express or implied consent before sending CEMs; transactional/service messages still occur.
• Unsubscribe: One-click or in-app; processed without delay.
• Records: We maintain consent logs and preference states.

---

Optional Future Addenda (placeholders)

These do not apply at launch. They are provided so you can expand quickly without re-drafting the core policy.

16.X European Union / United Kingdom (GDPR/UK GDPR) — [Inactive]

• When it applies: If $$$ later targets or materially monitors individuals in the EEA/UK.
• Bases & rights: Lawful bases (Art. 6), special-category safeguards (Art. 9), DPS/DPO details if appointed.
• Transfers: EU SCCs + UK Addendum; TIA summaries available.
• Contacts: EU/UK representative details to be published when activated.

16.Y United States State Laws (e.g., CPRA/CPA/CTDPA/VDCPA) — [Inactive]

• When it applies: If $$$ later offers services to U.S. residents at scale.
• Disclosures: Sale/share = No; targeted advertising = Not at launch; sensitive data = by exception, with consent.
• Rights: Access, delete, correct, portability, opt-out controls; appeals process per state law.

Cross-references: Section 4 (Legal Bases) → Section 8 (Your Rights) → Section 10 (Security) → Section 11 (Transfers) → Section 12 (Roles & DPA) → Section 15 (Contact & Complaints)

1. Introduction, Acceptance, Updates

1.1 About these Terms

These Terms govern access to, and use of the accounting software, websites, mobile apps, and APIs provided by $$$ (the "Services"). If you create an account, click "accept," or use the Services, you agree to these Terms, the Privacy Policy, and, where applicable, the Data Processing Addendum (DPA).

1.2 Who is bound

These Terms are binding on the business or sole proprietor identified in your signup flow ("Customer") and on everyone you authorize to use the Services ("Authorized Users/Staff"). You represent that you have authority to bind the Customer.

1.3 Order of precedence

If there is a conflict: any Order Form/SOW → DPA → these Terms → the Documentation.

1.4 Updates to the Services and Terms

We may enhance or modify the Services from time to time. We may update these Terms to reflect product changes, legal requirements, or security/practice improvements. Material changes will be notified via email or in-app notice to Administrators with a new Effective Date. Continued use after the Effective Date constitutes acceptance. If a change materially reduces your rights and you do not agree, you may discontinue use and exercise any termination/export rights available to you (see Section 21 and Section 20 of these Terms).

1.5 Policies incorporated by reference

• Privacy Policy (Canada)
• DPA (when we process Customer Data as processor)
• Acceptable Use (Section 7) and any posted product-specific terms
• Any SLA/Support terms, if published for your plan

1.6 Contact

Questions about these Terms: legal@$$$.ca

2. Definitions

• Account: means the Customer's registered instance of the Services administered by an Administrator.
• Administrator: means the individual authorized by Customer to manage the Account, invite/remove users, assign roles, and manage billing.
• Authorized User or Staff: means any individual provisioned by the Administrator to access the Services under Customer's Account.
• End Client: means a client of the Customer (e.g., accounting client) whose data is processed in the Services.
• Customer or you: means the business entity or sole proprietor that accepts these Terms and is responsible for all activity under the Account.
• Services: means the hosted accounting software, websites, mobile apps, APIs, and related features provided by $$$, as described in the Documentation.
• Site: means public-facing websites operated by $$$.
• Documentation: means user guides, developer docs, and product materials describing the Services.
• Order Form: means an ordering document (including online checkout) specifying plan, term, quantity, and pricing, executed by Customer and $$$.
• Professional Services: means implementation, migration, training, or other consulting provided under an Order Form or statement of work (SOW).
• Integration or Third-Party Service: means a non-$$$ product or service you enable to interoperate with the Services (e.g., bank-feed aggregator, payment processor, payroll).
• Sub processor: means a third party engaged by $$$ to process Customer Data on its behalf.
• Customer Data: means data submitted to or generated in the Services by or for Customer, including accounting records, bank-feed data, payroll, invoices, bills, receipts, attachments, and End-Client/Counterparty information.
• Confidential Information: means non-public information disclosed by one party to the other that is marked or reasonably understood as confidential, including Customer Data and $$$'s security, product, and commercial information.
• Acceptable Use Policy (AUP): means the usage rules in Section 7 and any posted service-specific restrictions.
• Personal Information: has the meaning given under applicable Canadian privacy law and includes information about an identifiable individual processed in connection with the Services.
• Beta Features: means pre-release or experimental features identified as alpha/beta/preview/early access.
• Fees: means amounts payable for the Services or Professional Services under an Order Form or plan.
• DPA: means the Data Processing Addendum incorporated by reference when $$$ processes Customer Data as processor.
• SLA: means any published service level terms for your plan (if applicable).
• Law: means all applicable laws and regulations, including PIPEDA, Alberta/BC PIPA, and Québec Law 25.
• Harmful Code: means malware, ransomware, time bombs, or other code intended to disrupt or gain unauthorized access.
• Export Laws: means applicable export control, sanctions, and trade laws.

(Order of precedence: Order Form/SOW → DPA → these Terms → Documentation — see Section 1.3.)

3. Eligibility & Account Registration

3.1 Authority

You represent and warrant that you (a) have the authority to bind the Customer, and (b) will ensure all Authorized Users comply with these Terms and the AUP.

3.2 Minimum age

The Services are for business use. Authorized Users must be the age of majority in their province/territory.

3.3 Accurate information

Customer will provide accurate, current account, billing, and contact details and keep them updated.

3.4 Credentials & security

Keep usernames, passwords, API keys, and tokens confidential. Do not share credentials or circumvent access controls. Notify $$$ promptly of any suspected compromise or unauthorized use.

3.5 Account setup

An Administrator must be designated to manage roles/permissions, MFA/SSO settings, integrations, and data-retention preferences.

3.6 Our rights

We may refuse, suspend, or terminate accounts where we reasonably suspect fraud, abuse, non-payment, or security risk, per Section 19.

4. Roles & Responsibilities (Firm/Admin vs. Staff vs. End Clients)

4.1 Customer responsibilities

• User management: Inviting/removing users; assigning least-privilege roles; enforcing MFA/SSO policies.
• Lawful data: Ensuring Customer has authority/consent to process End-Client/Counterparty data and that uploads are accurate and lawful.
• Configuration: Setting retention/export choices; reviewing integrations; managing cookie/marketing preferences consistent with law.
• Use compliance: Ensuring Authorized Users comply with these Terms, the AUP (Section 7), and applicable Law.
• Devices & networks: Securing endpoints and network environments used to access the Services.

4.2 Authorized Users (Staff)

Staff must use the Services only for Customer's legitimate business purposes, follow assigned permissions, and avoid prohibited activities (Section 7).

4.3 End Clients

End Clients may be granted limited access (e.g., to view/pay invoices or upload documents). Customer is responsible for End Client onboarding, notices/consents, and any instructions provided to $$$ regarding End Client data.

4.4 Data roles (summary)

For Customer Data in the workspace, Customer = controller and $$$ = processor under the DPA. For account, billing, usage, and security data, $$$ = controller (see Privacy Policy & Section 12 of the Privacy Policy).

4.5 No professional advice

The Services, outputs, and any in-app suggestions are informational only and do not constitute legal, tax, or accounting advice. Customer should consult qualified professionals.

4.6 Cooperation

Each party will reasonably cooperate on security, compliance, and incident handling, including responding to lawful requests and data-subject requests as set out in the Privacy Policy/DPA.

5. Use of the Services (License & Access)

5.1 License grant

Subject to these Terms and timely payment of Fees, $$$ grants Customer a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the Services during the applicable subscription term, solely for Customer's internal business purposes.

5.2 Scope & seats

Access is limited to the quantity/plan limits shown on the Order Form (e.g., users, workspaces, features, storage, API rate limits). Sharing logins is prohibited.

5.3 Documentation

Use must conform to the Documentation and any posted product-specific terms. We may update Documentation to reflect improvements or compliance needs.

5.4 Restrictions

Customer and Users shall not:

• (a) copy, modify, translate, or create derivative works of the Services;
• (b) reverse engineer, decompile, disassemble, or otherwise attempt to derive source code, except to the extent permitted by law;
• (c) bypass or interfere with security or access controls;
• (d) remove or alter proprietary notices;
• (e) access the Services to build a competing product;
• (f) use web scraping or data harvesting except via approved APIs/webhooks within published limits;
• (g) upload unlawful, infringing, or harmful content or Harmful Code.

5.5 Acceptable Use

Customer's use must comply with the Acceptable Use Policy (Section 7), including fair-use limits for exports and APIs.

5.6 Customer environment

Customer is responsible for compatible devices, browsers, connectivity, and for configuring SSO/MFA, roles/permissions, retention, and integrations (see Privacy Policy §§10, 12).

5.7 Availability & modifications

We may modify features, introduce equivalents, or discontinue legacy components that are obsolete or insecure. Material deprecations will be communicated with reasonable notice, and we will provide guidance on alternatives where available.

5.8 Feedback

If Customer or Users submit ideas or suggestions, $$$ may use them without restriction and without obligation; no feedback will be treated as Confidential Information unless expressly agreed.

5.9 Beta features

Beta/preview features may be offered at no additional charge, "as is," for evaluation only and may change or end at any time (see Section 13 for Beta terms, if applicable).

5.10 Third-party components

The Services may include or interface with open-source or third-party components subject to their own licenses; we will make required notices available upon request.

5.11 Reservation of rights

Except for the limited license above, $$$ and its licensors retain all rights, title, and interest in and to the Services and underlying IP. No rights are granted by implication.

service level terms for your plan (if applicable).

6. Fees, Billing, Taxes, and Plan Limits

6.1 Fees & currency

Fees are stated on the Order Form or plan page and are payable in CAD unless specified otherwise.

6.2 Billing method

Unless an Order Form provides invoicing terms, Customer authorizes card/ACH charges for all Fees, overages, and applicable taxes. Enterprise invoices are Net 30 by default.

6.3 Term & auto-renewal

Subscriptions run for the initial term on the Order Form and auto-renew for successive terms of equal length unless canceled per 6.8. The then-current pricing applies at renewal (subject to notice in 6.7).

6.4 Seats, metered usage, and overages

• Seats/units: Billed per the highest number provisioned in a billing period.
• Metered features: (e.g., documents, storage, API calls) may have included quotas; usage beyond quota incurs overage Fees at posted rates.
• Real-time meters: We may surface real-time meters and alerts; Customer remains responsible for charges.

6.5 Upgrades, downgrades, add-ons

• Upgrades / add-ons: Prorated for the remainder of the current term and billed immediately.
• Downgrades: Take effect at the next renewal unless otherwise agreed. Feature reductions may limit access to historical data; exports are available per the Privacy Policy.

6.6 Refunds

Fees are non-refundable and non-cancelable for the committed term, except where required by law or expressly stated in an Order Form or SLA credit.

6.7 Price changes

We may change prices effective on renewal with at least 30 days' notice to Administrators. Mid-term price changes apply only to new services, upgrades, or add-ons Customer elects to purchase.

6.8 Cancellation

Customer may cancel auto-renewal in-app or by notice to billing@$$$.ca at least one business day before the renewal date. Service continues through the end of the paid term.

6.9 Taxes

Fees are exclusive of taxes. Customer is responsible for applicable GST/HST/PST/QST and similar charges, which we will invoice and collect unless a valid exemption certificate is provided.

6.10 Late payments & failures

• Failures: If a payment method fails, we may retry, request an alternative method, or limit/suspend the Services after notice.
• Late fees: Unpaid amounts may accrue the lesser of 1.5% per month or the maximum allowed by law, plus reasonable collection costs.
• Reactivation: We may charge a reinstatement fee to restore suspended accounts.

6.11 Billing disputes

Disputes must be sent to billing@$$$.ca within 30 days of the invoice or charge date with reasonable detail. We will investigate in good faith; undisputed amounts remain due.

6.12 Chargebacks

Initiating a chargeback without first submitting a billing dispute may result in immediate suspension. We will provide supporting records to the payment provider; resolution follows card-network rules.

6.13 Free trials & promotions

• Trials: If not canceled before the trial ends, the selected plan begins and becomes billable.
• Promotional credits/discounts: Apply only to the stated period and expire if not used. Promotions do not convert to cash and may not be stacked unless expressly stated.

6.14 Plan limits & fair use

• We may publish plan caps (users, workspaces, storage, API rate limits, monthly documents).
• Fair-use: We may throttle or restrict excessive, abnormal, or abusive usage that threatens performance or security, consistent with Section 7 (AUP).

6.15 Price errors

Obvious pricing errors may be corrected; if an error materially affects your order, we will notify you and allow cancellation without penalty.

6.16 Withholding & setoff

Customer will pay amounts due without setoff or deduction and is responsible for withholding taxes (if any). If withholding applies, Fees are increased so $$$ receives the full amount it would have received absent withholding.

6.17 Records & receipts

We provide invoices/receipts electronically; historical invoices are available in the billing portal upon request.

(Cross-refs: Section 5 Use; Section 7 AUP; Section 18 SLA/Support (if applicable); Section 19 Suspension/Termination; Privacy Policy Sections 8–9 for exports and post-termination handling .)

7. Acceptable Use & Prohibited Activities

You and your Authorized Users must use the Services lawfully, responsibly, and only for Customer's legitimate business purposes. We may monitor for compliance and may suspend or terminate access under Section 19 for violations.

7.1 Security & Access

• Keep credentials, API keys, and tokens confidential; enable MFA/SSO where available.
• Do not circumvent authentication, authorization, rate limits, or technical safeguards.
• No probing, scanning, or penetration testing without our prior written authorization (see Security/Responsible Disclosure).

7.2 Prohibited Content & Conduct

• Unlawful content or activity; violations of IP rights (copyright, trademark, trade secrets).
• Harmful Code (malware, ransomware, time bombs, web scraping bots designed to overload).
• Abuse or interference: DDoS, excessive automated requests, or actions that degrade Service performance.
• Privacy violations: doxxing, unauthorized tracking, or collecting personal information without lawful authority/consent.
• Harassment, threats, hate, or fraud; phishing or social-engineering campaigns.
• Circumvention of plan limits, seats, or Fees (e.g., credential sharing, spoofing origins, creating sham accounts).

7.3 Data Restrictions (Accounting Context)

• Do not upload raw card data (PAN, full track, CVV) or online-banking passwords—the Services use tokenized payments and read-only bank feeds.
• Upload SIN or other sensitive identifiers only when legally required for workflows you initiate (e.g., payroll/T-slips) and in designated fields.
• Do not store special-category data unrelated to accounting use cases (e.g., health/medical records subject to PHIPA/HIPAA) unless expressly permitted in writing.

7.4 API, Webhooks, and Automation

• Use only documented endpoints, API keys, and published rate limits.
• No reverse engineering of APIs, no resale or offering the API as a service, and no use to build a competing product.
• Webhooks must be secured (e.g., secret validation, TLS) and handled within reasonable time without creating loops or excessive retries.

7.5 Exports, Integrations, and Fair Use

• Exports and integrations must respect plan caps and fair-use limits; no bulk extraction designed to replicate the Service or bypass Fees.
• Do not misuse integrations to exfiltrate data contrary to the integration's stated purpose or applicable law/policies.

7.6 Impersonation & Misrepresentation

No misrepresenting identity, contact details, affiliation, or spoofing communications that appear to be from $$$, banks, or payment processors.

7.7 Compliance with Law & Third-Party Terms

• Comply with Canadian law (including PIPEDA, AB/BC PIPA, Québec Law 25, CASL, anti-spam/anti-fraud laws) and applicable banking/payments and aggregator terms for connections you enable.
• Respect third-party licenses (open-source and commercial) embedded or linked in the Services.

7.8 Anti-Corruption, Sanctions, and Export

• Do not use the Services in, or for the benefit of, sanctioned/embargoed jurisdictions or restricted parties.
• Comply with applicable export controls and sanctions laws. Do not use the Services to facilitate bribery or other corrupt practices.

7.9 Reporting Abuse

Report suspected abuse or security issues to security@$$$.ca (or via the Responsible Disclosure page). Do not attempt to exploit issues.

7.10 Enforcement

• We may throttle, suspend, or terminate access (with or without notice, per Section 19) to protect the Service, other users, or comply with law.
• We may remove or disable content that violates this AUP.
• Repeated or severe violations may result in account termination and legal action. Unused Fees are non-refundable unless required by law.

(Cross-refs: Section 5 Use; Section 6 Fees/Plan Limits; Section 10 Security; Section 13 Beta/API terms if applicable; Section 19 Term/Suspension; Privacy Policy §§6–7–10.)

8. Customer Data, Ownership, and Data Portability

8.1 Ownership

As between the parties, Customer owns all right, title, and interest in and to Customer Data. No rights to Customer Data are transferred to $$$ except the limited rights expressly granted in these Terms.

8.2 License to (limited purpose)

Customer grants a non-exclusive, worldwide, royalty-free license to host, copy, process, transmit, and display Customer Data solely to:

• Provide, maintain, and support the Services.
• Prevent, investigate, or remediate security, fraud, or abuse.
• Comply with law and enforce these Terms.
• Improve the Services in accordance with the Privacy Policy (preferring aggregated/de-identified analytics). No sale of personal information.

8.3 Responsibility for Customer Data

Customer is responsible for the accuracy, quality, legality, and means of acquisition of Customer Data, including obtaining all consents/authority required to process End-Client/Counterparty information.

8.4 Data portability & exports

During the subscription term, Administrators may export records (e.g., journals, invoices, bills, contacts, payments, attachments, audit logs where applicable) in standard formats (CSV/JSON/PDF). We may provide export tooling per plan. Upon termination, a post-termination export window applies as set out in Section 20 and Privacy Policy §9.6.

8.5 Backups & disaster recovery

$$$ maintains encrypted backups for continuity. Deleted items may persist in backups until rotation completes; backup data is not used for production processing and is restored only for disaster recovery.

8.6 Deletion & retention

We delete or anonymize Customer Data per category-based schedules and your Admin settings, subject to legal holds and record-keeping obligations (see Privacy Policy §9). On Customer request or termination, we delete or return Customer Data as provided in §20 and the DPA.

8.7 Sensitive data boundaries

Do not upload raw card PAN/CVV or online-banking passwords. Sensitive identifiers (e.g., SIN) should be provided only where required for workflows you initiate (e.g., payroll/T-slips) and in designated fields.

8.8 Derived data & telemetry

We may generate Derived Data (e.g., risk scores, reconciliation suggestions, performance metrics) from operation of the Services. $$$ owns Derived Data that does not disclose Customer Confidential Information or identify individuals, and may use it to maintain, secure, and improve the Services, subject to the Privacy Policy.

8.9 Third-party services & data flows

If Customer enables an Integration (e.g., bank-feed aggregator, payment processor, payroll), Customer instructs $$$ to exchange data with that provider. The third party's terms govern their handling; $$$ is not responsible for third-party outages or policies (see Sections 11 & 13 of the Privacy Policy and Section 11 of these Terms).

8.10 Legal requests

If $$$ receives a legal request (e.g., subpoena) for Customer Data, we will notify Customer (unless legally prohibited), challenge overbroad demands where appropriate, and limit disclosure to what is legally required.

8.11 Security & access

We apply the safeguards in the Security Measures (Privacy Policy §10). Customer must configure SSO/MFA, roles/permissions, and retention to reflect its obligations and risk posture.

8.12 No professional advice

Outputs and in-app suggestions are informational and not legal, tax, or accounting advice.

(Cross-refs: Section 7 AUP; Section 11 Third-Party Services; Section 20 Effects of Termination; Privacy Policy §§2–3–5–6–8–9–10 Section 12 DPA .)

9. Privacy; Data Protection; DPA Incorporation

9.1 Incorporation by reference

The Privacy Policy (Canada) and the Data Processing Addendum (DPA) are incorporated into these Terms. By using the Services, Customer agrees to their application.

9.2 Roles

For Customer Data in the workspace, Customer = controller and $$$ = processor under the DPA. For account, billing, usage, security, and support metadata, Customer = controller (see Privacy Policy §§2, 12).

9.3 Lawful basis & notices

Customer is responsible for providing lawful basis, notices, and consents to End Clients and other data subjects, as required by PIPEDA/Alberta PIPA/BC PIPA/Québec Law 25 and CASL (for marketing).

9.4 Sub processors & transparency

$$$ may use sub processors to operate the Services, subject to written data-protection terms, minimum security controls, and transfer safeguards. We maintain a public Sub processor List and will give advance notice of material additions (Privacy Policy §5.3).

9.5 Security & incidents

$$$ implements the safeguards described in Privacy Policy §10 and the Security Annex to the DPA. Incident notice: We will notify Customer without undue delay after becoming aware of a breach of security safeguards involving Customer Data and cooperate on investigation, remediation, and notifications as required by law.

9.6 International processing

Some processing may occur outside Canada (e.g., U.S.). $$$ applies contractual, technical, and organizational safeguards to ensure protection comparable to Canadian requirements (Privacy Policy §11). For Québec transfers, PIAs and adequacy assessments are supported per Law 25.

9.7 Assistance with data subject requests

$$$ will provide reasonable assistance (technical/organizational measures) for access, correction, deletion, portability, and objection requests, consistent with the Privacy Policy §8 and the DPA. Customer remains responsible for responding as controller.

9.8 Cookies/analytics & marketing

Non-essential cookies/SDKs are used only with consent (Privacy Policy §7). Marketing communications comply with CASL and include unsubscribe mechanisms. Transactional/security notices are not marketing.

9.9 Government/legal requests

If $$$ receives a lawful request for Customer Data, we will notify Customer (unless legally prohibited), challenge overbroad demands where appropriate, and disclose only what is strictly necessary (see Privacy Policy §§4.5, 5.2-E8).

9.10 Deletion/return at end of term

Upon termination or Customer request, $$$ will delete or return Customer Data per the DPA and Privacy Policy §9 (with backup expiration on rotation). Enterprise plans may request a certificate of deletion.

9.11 Order of precedence

In case of conflict: DPA → these Terms → Privacy Policy → Documentation, unless otherwise stated in an Order Form.

(Cross-refs: Privacy Policy §§2–12; Toss §§8, 11, 20.)

10. Confidentiality

10.1 Definition

"Confidential Information" means non-public information disclosed by or on behalf of a party ("Discloser") to the other ("Recipient") that is marked confidential or would reasonably be understood as confidential under the circumstances, including Customer Data, business plans, pricing, product designs, security measures, and audit reports. Exclusions: information that (a) is or becomes public through no breach; (b) was known to Recipient without duty of confidentiality; (c) is independently developed without use of the Discloser's information; or (d) is rightfully received from a third party without duty of confidentiality.

10.2 Obligations

Recipient will (a) use Confidential Information only to perform under these Terms; (b) protect it using at least the same degree of care it uses for its own similar information (and no less than reasonable care); and (c) limit access to personnel, contractors, and sub processors with a need to know who are bound by written confidentiality obligations no less protective than this Section.

10.3 Customer Data

As between the parties, Customer Data is Customer's Confidential Information. $$$ will handle Customer Data per this Section, the Privacy Policy, the DPA, and the Security Measures. For avoidance of doubt, no rights to Customer Data are granted except as expressly set out in these Terms.

10.4 Compelled disclosure

Recipient may disclose Confidential Information to comply with law, regulation, subpoena, or court/administrative order, provided it (a) gives prompt notice to Discloser (unless legally prohibited) to allow objection or protective order, and (b) discloses only what is legally required. Recipient will cooperate to challenge overbroad demands where appropriate.

10.5 Return/Destruction

Upon Discloser's written request or termination, Recipient will return or destroy Confidential Information and certify destruction, except that (a) Recipient may retain copies required by law or for legitimate record-keeping, compliance, and dispute defense; and (b) standard backup/archival copies will expire on normal rotation (see Privacy Policy §9).

10.6 Residuals

Recipient may use residual knowledge retained in unaided memory by persons who had access to Confidential Information, provided such use does not include disclosing or using any Customer Data or sensitive technical specifications and does not violate IP rights.

10.7 Injunctive relief

Unauthorized use or disclosure may cause irreparable harm. The Discloser is entitled to equitable relief (including injunctions) in addition to other remedies.

10.8 Survival

Confidentiality obligations survive for five (5) years from disclosure; obligations for trade secrets and Customer Data survive as long as such information remains confidential or as required by law/DPA.

(Cross-refs: Privacy Policy §§10 & 12; Toss §§8–9; DPA.)

11. Third-Party Services, Bank Feeds, and Integrations

11.1 Overview

The Services may interoperate with third-party products (each an Integration or Third-Party Service), including bank-feed aggregators, payment processors, payroll, document capture/storage, and communications tools. Enabling an Integration authorizes $$$ to exchange data with that provider to deliver the requested functionality.

11.2 Roles & responsibility boundaries

• Your instruction: By enabling an Integration, Customer instructs $$$ to share the minimum necessary data with the Third-Party Service.
• Third-party terms: Each Integration is governed by its own terms and privacy policy; $$$ is not responsible for third-party availability, security, pricing, or policies.
• Our duty: $$$ provides and supports the connector inside the Services, revokes tokens on disconnect, and surfaces status where feasible.

11.3 Bank feeds (read-only)

• Method: Connections are established via an approved read-only bank-data aggregator.
• Credentials: $$$ does not collect or store online-banking usernames or passwords. Authentication occurs with the aggregator/financial institution.
• Data: Account identifiers, balances, and transactions for reconciliation.
• Controls: Token-scoped access; encryption in transit/at rest; periodic refresh; revocation on disconnect.

11.4 Payments (tokenized, PCI processors)

• Processor role: Card and other rails run through PCI DSS–compliant processors.
• Data in $$$: Tokens/IDs only (e.g., payment method tokens, last four, brand, expiry)—no raw PAN/CVV.
• Artifacts: Settlement status, chargebacks, refunds, and references for reconciliation. Processor rules and timelines govern disputes.

11.5 Changes, deprecation, and outages

• Third-party changes: APIs, pricing, or policies of Third-Party Services may change; features can degrade or cease without fault of $$$.
• Deprecation: If an Integration is materially changed or sunset, we will give reasonable notice and guidance on alternatives where available.
• Outages: Third-party outages are excluded from any uptime commitments or SLA credits unless expressly stated.

11.6 Due diligence & security

• Sub processors: Where a Third-Party Service acts on $$$’s behalf, it is treated as a sub processor subject to written data-protection terms and safeguards (see Privacy Policy §5).
• Customer-enabled apps: If you connect directly to a Third-Party Service as your processor/controller, you are responsible for vetting and managing that provider.

11.7 Consents and notices

Customer is responsible for obtaining any consents/authority required to share End-Client/Counterparty data with Integrations and for providing any required notices (Privacy Policy §§4 & 12).

11.8 Usage limits and fair use

Integrations and exports must respect plan caps, API/webhook rate limits, and fair-use rules (Section 7). We may throttle or restrict abusive or unsafe traffic.

11.9 Data retention and disconnect

• On disconnect: We revoke access tokens going forward. Historical accounting entries and reconciliation artifacts remain to preserve ledger integrity (see Privacy Policy §9).
• Deletion: Data held by Third-Party Services is subject to their retention/deletion practices.

11.10 Support scope

We support the $$$ side of the connector. Issues within the Third-Party Service (e.g., bank portal changes, processor holds) must be resolved with that provider; we will supply relevant logs/headers where feasible.

11.11 No endorsement; no warranties

Listing or enabling an Integration does not constitute endorsement. Integrations are provided “as is” and at your option. To the maximum extent permitted by law, $$$ disclaims liability for Third-Party Services except to the extent caused by $$$’s breach of these Terms.

(Cross-refs: Section 5 Use; Section 6 Fees; Section 7 AUP; Section 8 Customer Data; Section 18 SLA/Support (if any); Privacy Policy §§5–6, 11–13.)

12. Professional Services / Success Packs

12.1 Scope & Ordering

Professional Services (implementation, migration, configuration, training, advisory) are provided under an Order Form or Statement of Work (SOW) describing scope, timeline, Fees (fixed or time-and-materials), and acceptance criteria.

12.2 Dependencies & Customer Obligations

Customer will provide timely access to knowledgeable personnel, data, environments, and decisions. Delays or changes outside $$$’s control may require schedule or Fee adjustments via change order.

12.3 Change Orders

Material changes to scope, assumptions, or timeline require a written change order (email sufficient) specifying impacts on effort, schedule, and Fees.

12.4 Deliverables & Acceptance

Deliverables are deemed accepted on the earlier of:

• Customer’s written acceptance, or
• 5 business days after delivery if no rejection with specific, reasonable, and reproducible defects against the SOW criteria. Rejected items will be remediated and resubmitted.

12.5 Personnel & Subcontractors

$$$ may use qualified employees or subcontractors and remains responsible for their work. Background or security requirements will be applied where agreed in writing.

12.6 Fees; Expenses; Cancellation

• Billing: As stated in the SOW (milestones or monthly). Time-and-materials tracked in 0.25-hour increments unless stated otherwise.
• Expenses: Pre-approved reasonable travel & out-of-pocket expenses are billable at cost.
• Cancellation/Reschedule: Sessions canceled or rescheduled < 2 business days before start may be charged up to 100% of the day rate (or as specified in the SOW).

12.7 No Staff Augmentation or Agency

Professional Services do not create an employment, fiduciary, or agency relationship. Customer retains responsibility for business decisions and outcomes.

12.8 IP & License to Deliverables

• Background IP: Each party retains ownership of its pre-existing IP and general know-how.
• Work Product: Unless the SOW states otherwise, $$$ owns tools, templates, scripts, and methodologies created or used in delivery, and grants Customer a perpetual, worldwide, non-exclusive, royalty-free license to use the Deliverables internally with the Services.
• Customer Materials: Customer grants $$$ a limited license to use Customer Materials solely to perform the Professional Services.

12.9 Confidentiality & Data Handling

Professional Services are performed under Section 10 (Confidentiality), the Privacy Policy, and the DPA (where applicable). Customer will avoid transferring unnecessary personal or sensitive data and will use redacted/synthetic data where feasible.

12.10 Warranties; Disclaimer

$$$ warrants that services will be performed in a professional and workmanlike manner consistent with industry standards. Exclusive remedy: re-performance of the nonconforming services. Except as stated, Professional Services are provided “AS IS”, no guarantee of business, tax, or legal outcomes.

12.11 Non-solicitation (optional)

During the engagement and for 6 months after, Customer will not actively solicit for employment $$$ personnel who directly perform Professional Services for Customer, except through general advertising; this does not restrict hiring after mutual written consent.

12.12 Survival

Sections on Fees, IP, Confidentiality, and Warranties/Disclaimers survive completion or termination of Professional Services.

(Cross-refs: Section 6 Fees; Section 8 Customer Data; Section 9 Privacy/DPA; Section 10 Confidentiality; Section 18 Support/SLA (if any) .)

13. Beta / Trial Features and Previews

13.1 Nature of Beta

Certain features may be identified as alpha, beta, labs, preview, early access, or similar (“Beta Features”). Beta Features are provided for evaluation only, may be unstable or incomplete, may change or be withdrawn at any time, and are not guaranteed for general availability.

13.2 Access & Eligibility

We may approve or deny participation at our discretion and may impose usage caps, geographic limits, or preconditions (e.g., MFA/SSO enabled, specific plans).

13.3 Data Handling

Beta Features may involve limited logging or additional telemetry to evaluate performance and reliability. We apply the Privacy Policy and DPA (where we act as processor) and prefer aggregated/de-identified analysis where feasible. Do not upload unnecessary sensitive data (e.g., raw PAN/CVV or banking passwords) into Beta Features.

13.4 Support & SLA

Beta Features are provided without SLA, uptime commitments, or dedicated support. Issues may not be resolved on any timeline.

13.5 Feedback License

If you submit feedback, suggestions, or bug reports, $$$ may use them without restriction or compensation to improve the Services. Feedback is not Confidential Information.

13.6 Disclaimers

BETA FEATURES ARE PROVIDED “AS IS” AND AT YOUR OPTION AND RISK. TO THE MAXIMUM EXTENT PERMITTED BY LAW, $$$ DISCLAIMS ALL WARRANTIES (EXPRESS, IMPLIED, STATUTORY), INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

13.7 Liability

To the extent permitted by law, $$$’s aggregate liability for Beta Features is limited to $0. The exclusions and caps in Section 23 also apply.

13.8 Exit & Reversion

When a Beta Feature ends or you opt out, we may disable access and revert to the stable version (if any). You should export any data from Beta Features before exit; we may delete Beta data after a reasonable period consistent with the Privacy Policy §9.

13.9 Conflicts

If this Section conflicts with any other part of these Terms for a Beta Feature, this Section controls for that feature.

14. APIs, Webhooks, and Developer Terms

14.1 Access & License

Subject to these Terms, $$$ grants Customer (and, if applicable, Customer’s developers) a limited, non-exclusive, non-transferable, revocable license to use documented APIs, SDKs, and webhooks solely to integrate Customer’s internal systems or approved apps with the Services.

14.2 Credentials & Security

• Keys/tokens are confidential. Rotate on suspicion of compromise.
• Secure calls with TLS, store secrets in a vault, and implement least-privilege scopes.
• Validate webhooks using shared secrets/signatures; ensure idempotency and replay protection.

14.3 Rate Limits & Fair Use

We publish per-plan rate limits/quotas. Do not exceed limits, open excessive concurrent connections, or create polling loops. We may throttle or suspend abusive traffic.

14.4 Prohibited Uses

No:

• Reverse engineering or benchmarking to build a competing service.
• Reselling or offering the API as a service.
• Scraping outside documented endpoints.
• Removing attributions, notices, or headers.
• Ingesting raw PAN/CVV or online-banking passwords.

14.5 Data Minimization & Privacy

Collect and retain only what is necessary. Cache personal information no longer than needed for the stated purpose. Honor end-user rights (access, correction, deletion) surfaced by Customer. Follow the Privacy Policy and any DPA terms applicable to your integration.

14.6 Logging & Audit

Maintain request IDs, timestamps, and error logs sufficient to investigate incidents without storing unnecessary personal data. We log API calls and webhook deliveries for security and billing.

14.7 Changes & Deprecation

We may modify or deprecate endpoints, schemas, or headers. For breaking changes, we’ll provide reasonable notice and versioning where feasible. You must migrate within the announced window.

14.8 Availability & Support

APIs/webhooks are provided “as is” with no separate SLA unless expressly stated. Support is via docs and standard channels; elevated support may require an enterprise plan.

14.9 Attribution & Branding

Use $$$ names and marks only as permitted by our brand guidelines (no endorsement implied). Do not register confusing domains or apps.

14.10 Third-Party Apps (Built by You)

• Provide an accurate privacy policy and terms.
• Obtain consents and present clear notices.
• Secure data at rest and in transit.
• Promptly patch vulnerabilities.
• Offer a mechanism to delete user data on request.

14.11 Security Incidents (Your Side)

Notify security@$$$.ca without undue delay of any breach affecting data obtained via the APIs/webhooks and cooperate on containment, investigation, and notice obligations.

14.12 Suspension & Revocation

We may revoke keys, throttle, or suspend API/webhook access (with or without notice) if we detect abuse, security risk, legal non-compliance, or violation of this Section/AUP.

14.13 Compliance & Export

Your API usage must comply with Canadian law, sanctions/export controls, and third-party rights. Do not use the APIs in sanctioned jurisdictions or for restricted parties.

14.14 Ownership

Except for the limited license above, $$$ and its licensors retain all rights in the APIs, SDKs, specs, and documentation. Feedback may be used without restriction.

14.15 Order of Precedence

If these Developer Terms conflict with other Terms for API use, this Section 14 controls for APIs/webhooks/SDKs.

(Cross-refs: Section 5 Use; Section 6 Fees/Plan Limits; Section 7 AUP; Section 8 Customer Data; Section 9 Privacy/DPA; Section 10 Confidentiality; Section 11 Integrations .)