Legal
Privacy Policy
Your privacy matters. This policy explains what data we collect, how we use it, and what control you have over it. We've written it in plain English — no legal maze.
1 What Data We Collect
Data you give us directly
- Account information — your name, email address, and password when you sign up.
- Financial data — any figures you enter manually or upload via CSV (asset values, liabilities, account balances, holdings, etc.).
- Profile preferences — currency, country, tax account types (RRSP, TFSA, ISA, etc.), and any goals or risk preferences you set for the AI CFO.
- Communications — if you contact support, we keep a record of that conversation.
Data we collect automatically
- Usage data — pages visited, features used, session duration, and click patterns. This helps us understand what's working and what isn't.
- Device & browser data — browser type, operating system, IP address, and approximate location (country/region level).
- Cookies & similar technologies — we use cookies for authentication (keeping you logged in) and basic analytics. We don't use advertising cookies. See Section 7 for more.
Data we do NOT collect
We don't connect to your bank, brokerage, or any financial institution directly. All financial data on Captiver is entered by you or imported via CSV. We have no access to your actual accounts.
2 How We Use Your Data
We use your data to:
- Run the platform — display your net worth dashboard, calculate returns, power the AI CFO, and show elite investor research.
- Improve Captiver — analyse anonymised, aggregated usage patterns to fix bugs and build better features. We never analyse your individual financial data for this purpose.
- Communicate with you — send account confirmations, billing receipts, product updates, and (if you opt in) tips and new feature announcements.
- Maintain security — detect fraud, enforce our Terms, and protect both you and the platform.
- Comply with the law — meet our obligations under Canadian federal and provincial legislation, including PIPEDA (Personal Information Protection and Electronic Documents Act).
We do not use your data to sell you third-party financial products, serve you targeted advertising, or profile you for any purpose beyond operating Captiver.
3 AI CFO & Your Financial Data
The AI CFO uses the financial data you've entered in Captiver to generate personalised insights and scenario models. This processing happens within Captiver's systems.
We do not send your identifiable financial data to external AI providers in a way that could be used to train their models or identify you. Queries to AI models are processed with your data in context but are not retained or used for third-party model training.
4 How We Share Your Data
We don't sell your data. Full stop.
We share data with third parties only in these limited cases:
| Recipient | Why | Safeguards |
|---|---|---|
| Hosting & infrastructure providers (e.g. cloud servers) | To store and serve the platform | Data processing agreements in place |
| Analytics tools | Anonymised, aggregated usage data only | No personal or financial data shared |
| Payment processor (Stripe) | To handle subscription billing securely | Stripe handles payment data directly — we never see your full card number |
| Legal authorities | If required by a valid court order or Canadian law | We'll notify you if legally permitted to do so |
No other sharing takes place without your explicit consent.
5 Data Storage & Security
- All data is stored on servers located in Canada or the United States with providers who maintain SOC 2 compliance.
- Data is encrypted in transit (TLS) and at rest (AES-256).
- Access to your data within our team is strictly limited to personnel who need it to operate or support the platform.
- We conduct regular security reviews and promptly address vulnerabilities.
Despite these measures, no system is 100% secure. If a breach occurs that affects your personal data, we will notify you as required under PIPEDA and applicable provincial legislation.
6 Data Retention
- Account data is retained for as long as your account is active, plus up to 90 days after deletion to allow for recovery requests.
- Financial data you've entered is deleted permanently when you close your account or request deletion (see Section 8).
- Usage & analytics data is retained in anonymised, aggregated form indefinitely.
- Billing records are retained for 7 years as required by Canadian tax law.
7 Cookies
We use a small number of cookies:
| Cookie type | Purpose | Can you opt out? |
|---|---|---|
| Essential | Authentication, session management | No — the platform won't work without these |
| Analytics | Understanding how the platform is used (anonymised) | Yes — contact us or use your browser settings |
| Preferences | Remembering your display settings | Yes — clearing cookies resets these |
We do not use advertising, retargeting, or social media tracking cookies.
8 Your Rights
Under PIPEDA and applicable Canadian provincial privacy law, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to correct inaccurate information.
- Deletion — request that we delete your account and personal data. We'll action this within 30 days, subject to legal retention obligations (see Section 6).
- Withdraw consent — opt out of non-essential communications at any time via your account settings or by emailing us.
- Data portability — request an export of your financial data in CSV format at any time.
Residents of Quebec have additional rights under Law 25 (Act respecting the protection of personal information in the private sector), including the right to data portability and the right to be informed of automated decision-making. Please contact us to exercise these rights.
To make any request, email privacy@captiver.com. We'll respond within 30 days.
9 Children's Privacy
Captiver is not intended for anyone under 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us and we will delete it promptly.
10 Changes to This Policy
When we update this policy, we'll change the "Last updated" date at the top. For material changes — ones that meaningfully affect how we use your data — we'll notify you by email or in-app notice at least 14 days before they take effect.
11 Contact & Complaints
For privacy questions or to exercise your rights:
Captiver — Privacy Officer
478 King Street W, Toronto, ON, M5V 0A8
privacy@captiver.com
If you're not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca or, if you're in Quebec, with the Commission d'accès à l'information du Québec at cai.gouv.qc.ca.