Privacy Policy
Effective: May 6, 2026 · DRAFT — pending Canadian privacy counsel review.
Your immigration application contains some of the most personal information you'll ever share online. This policy explains, in plain language, what we collect, how we use it, who we share it with, where it lives, and what rights you have. We follow Canadian privacy law — the Personal Information Protection and Electronic Documents Act (PIPEDA) federally, and Quebec's Act respecting the protection of personal information in the private sector (Law 25) for Quebec residents.
1. Who is responsible for your data
Krilaha Immigration Services Inc., doing business as Canopath ("Canopath"), is the controller of personal information collected through this Service. You can reach our Privacy Officer at:
- Email: [email protected]
- Mail: [Your Canadian business address — to be inserted by the user before publication]
2. What we collect
We collect personal information in three categories.
(a) Account information
- Email address, password (hashed using a one-way bcrypt-style function — we never see your plain-text password);
- First and last name;
- Country of citizenship (optional, captured at signup);
- Acceptance timestamp and IP address for our Terms of Service and this Privacy Policy.
(b) Application information (the largest category)
- Personal details: date of birth, gender, marital status, native language, languages spoken;
- Travel document data: passport number, country of issue, issue and expiry dates;
- Contact information: home address, phone, mailing address;
- Trip information: purpose of visit, travel dates, cities, funds available;
- Employment: employer name, job title, address, income, dates;
- Family: spouse, parents, children — names, dates of birth, relationships;
- Background: prior visa refusals, criminal records (if any), prior visits to Canada;
- Inviter information (if applicable): full name, address, status, relationship to you;
- Documents you upload: passport scans, photos, financial statements, employment letters, invitation letters, other supporting documents.
(c) Operational and technical information
- Payment metadata: tier purchased, transaction timestamp, Stripe Checkout Session ID. We do not see, store, or process your full credit card number — that is handled exclusively by Stripe.
- Eligibility wizard responses (if you used the wizard before signing up — anonymized session ID until linked to your account);
- Usage logs: pages you visit, actions you take, error logs (used for support and security);
- IP address, browser user-agent, approximate geolocation derived from IP (used for security and rate-limiting);
- Authentication audit log (logins, password resets, extension pairing);
- Email engagement (delivery, bounces, opens — for transactional emails only).
3. Why we collect it (purposes and legal basis)
We process your information for the following purposes:
- To provide the Service: render your forms, draft your letter of explanation, autofill the IRCC portal. Legal basis: performance of the contract between you and Canopath.
- To process payments: charge your card via Stripe and send you a receipt. Legal basis: performance of the contract.
- To send transactional emails: account verification, password reset, payment confirmation, support replies. Legal basis: performance of the contract.
- To facilitate RCIC review (Plus and Premium tiers): share your application materials with the Reviewing RCIC you select. Legal basis: performance of the contract; explicit consent at the moment of tier selection.
- To improve security and prevent fraud: monitor for unusual login patterns, brute-force attempts, and suspicious activity. Legal basis: legitimate interests in protecting our users and platform.
- To meet legal and regulatory obligations: financial recordkeeping (Income Tax Act), CICC compliance (where Reviewing RCIC services are involved), responses to lawful requests from authorities. Legal basis: legal obligation.
- To improve the Service: anonymized, aggregated usage analysis. Legal basis: legitimate interests; we use no individually-identifying data for this purpose.
We do not use your application data, your documents, or your draft letter for any marketing, profiling, or AI-model-training purpose.
4. AI processing of your data
Canopath uses third-party AI models to extract information from documents you upload, draft your letter of explanation, and map your data to IRCC form fields. The current AI provider is Anthropic, PBC. Your data is sent to Anthropic only to generate the immediate output requested (e.g., draft a letter from the answers you provided), and:
- Anthropic does not retain your data beyond the operational windows described in its commercial terms;
- Anthropic does not use your data to train its general-purpose AI models;
- The data sent is the minimum required to produce the output (your questionnaire answers, your name and trip details — not, for example, your full passport scan if a text excerpt suffices).
We may change AI providers in the future. We will update this section before any change takes effect, and we will not silently route your data to a provider with weaker privacy commitments.
5. Subprocessors and who else sees your data
We work with the following third-party service providers ("subprocessors"). We select subprocessors with contractual commitments to protect your data, and we limit each subprocessor's access to the minimum needed to perform their function.
| Subprocessor | Purpose | Where data is processed |
|---|---|---|
| Amazon Web Services (AWS) | Hosting, file storage, database | AWS Canada (Central) — Montreal |
| Stripe Payments Canada, Ltd. | Payment processing | Canada and the United States |
| Anthropic, PBC | AI model inference (drafting, extraction, mapping) | United States |
| Postmark (Wildbit) | Transactional email delivery | United States |
| Cloudflare, Inc. | DNS, CDN, WAF (security) | Global edge network (no application data stored) |
Reviewing RCIC (Plus and Premium tiers only). If you purchase a tier that includes RCIC review, the assigned Reviewing RCIC accesses your application materials for the limited purpose of conducting the review. The Reviewing RCIC operates as a separate independent controller of your data for that limited purpose, bound by the CICC Code of Professional Ethics.
We do not sell or rent your personal information. We do not share it with advertisers, data brokers, or marketing networks.
6. Where your data lives (data residency)
Your application data, documents, and account information are stored in Canada, specifically in AWS's Canada (Central) region in Montreal. Documents are encrypted at rest using AES-256. Data in transit is protected with TLS 1.3.
Some of our subprocessors (Stripe, Anthropic, Postmark) process limited data in the United States, as described in the table above. We rely on subprocessor commitments and contractual terms (including the EU Standard Contractual Clauses, where applicable) for these transfers. If you have concerns about cross-border processing, contact our Privacy Officer.
7. How long we keep it
We keep your data for as long as you have an active account, plus the following retention periods:
- Application data and documents: 60 days after account closure, then permanently deleted from active systems. Encrypted backup snapshots may persist for an additional 30 days before being purged on the rolling backup cycle.
- Account records and transaction logs: 6 years from the date of the last transaction, as required for Canadian tax/financial recordkeeping.
- RCIC review materials (Plus/Premium tiers): retained as required by the CICC and the Reviewing RCIC's professional obligations (typically 6-10 years), independent of your Canopath account status.
- Authentication audit logs: 24 months for security investigation purposes.
- Anonymized aggregate analytics: indefinitely (no individual identifiers).
8. Your rights under PIPEDA
As a user of Canopath, you have the following rights regarding your personal information. To exercise any of them, email [email protected] from the email address associated with your account. We will respond within 30 days, or sooner where required by law.
- Right of access: request a copy of all personal information we hold about you.
- Right of correction: ask us to correct inaccuracies. Most fields you can correct yourself in your account; for ones you can't, we'll do it.
- Right to deletion: ask us to delete your account and personal information, subject to the legal-retention exceptions in Section 7.
- Right to data portability: receive your data in a structured, machine-readable format (JSON or CSV).
- Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. Note: withdrawal of consent for essential data may make the Service unusable; in that case we will close your account.
- Right to lodge a complaint: if you believe we have mishandled your data, you can complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca). For Quebec residents, the Commission d'accès à l'information (cai.gouv.qc.ca) has jurisdiction.
9. Quebec residents — Law 25 specific provisions
If you reside in Quebec, additional rights apply under Quebec's Law 25 (effective in stages 2022-2024), including:
- Right to be informed of any decision based exclusively on automated processing that produces legal effects, and to contest such a decision. Canopath note: we do not make automated decisions about your application — IRCC does. AI in our Service drafts and extracts; it does not decide.
- Right to data portability extends to data we have provided to us by you and processed automatically, in a commonly-used technological format.
- Right to be informed of cross-border processing and any associated risks (see Section 6).
- You may direct us to share your data with another organization that has agreed to receive it, subject to feasibility.
Our Privacy Officer (Section 1) is the designated person responsible for the protection of personal information for purposes of Law 25.
10. Children
The Service is intended for users aged 18 and older (or the age of majority in their jurisdiction). We do not knowingly collect personal information from children under that age. If you believe a child has provided us with personal information, contact us and we will delete the data.
11. Cookies and similar technologies
We use a small number of strictly necessary cookies required to keep you signed in and protect against forgery (CSRF) attacks. These cookies do not track you across other websites and cannot be disabled without breaking the Service.
We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking. If we add privacy-respecting analytics in the future (such as Plausible or Fathom, which do not set cookies or fingerprint visitors), we will update this policy.
12. Security
We protect your data with measures including:
- AES-256 encryption at rest for documents and sensitive credentials;
- TLS 1.3 in transit;
- Cloudflare WAF and rate-limiting at the network edge;
- Account lockout after multiple failed login attempts (anti-brute-force);
- Cloudflare Turnstile CAPTCHA on signup and password reset (optional in dev, enabled in prod);
- Per-user audit logging of authentication events;
- Quarterly review of access permissions and subprocessor list.
Data breach notification. In the event of a "real risk of significant harm" breach, we will notify affected users and the Office of the Privacy Commissioner of Canada without undue delay, as required by PIPEDA. Quebec residents will be notified per Law 25.
13. Changes to this Policy
We may update this Privacy Policy from time to time. The "Effective" date at the top reflects the current version. For material changes — particularly any change that broadens our use of your data, adds a subprocessor, or affects your rights — we will email you at least thirty (30) days before the change takes effect.
We maintain prior versions of this policy at /privacy/archive/ (coming soon).
14. Contact
Privacy questions, access/correction requests, or complaints:
Privacy Officer · [email protected]
For general support, write to [email protected].