CanucktAI
Legal
v1.0

Privacy Policy

Last updated: March 2026·Canuckt AI Solutions (Canuckt Synergy Solutions Inc.), Halifax, NS, Canada

Summary: We collect minimal data, use it only to run our service and process payments, and never sell it. This policy explains exactly what we collect and why.

Overview

Canuckt Synergy Solutions Inc., operating as Canuckt AI Solutions ("Canuckt", "we", "us", or "our") is committed to protecting the privacy of our customers and website visitors. This Privacy Policy describes how we collect, use, and safeguard personal information when you use our website at canuckt.ai and our software products, including Shielk and Valdra.

This policy applies to all users of our website and products located in Canada and internationally. By using our services, you consent to the practices described in this policy.

Information We Collect

We collect information that is necessary to provide our services and process your transactions. We collect only what we need.

Account and License Data

When you purchase a plan or create an account, we collect:

  • Email address — used to deliver your account access, send renewal notices, and provide support
  • Subscription tier — Free, Pro, or Agency, used to apply correct feature limits
  • Purchase date and expiry date — used to manage subscription validity and send renewal reminders

Payment Data

All payment processing is handled by Stripe, a certified PCI-DSS Level 1 payment processor. We do not receive or store your full credit card number, CVV, or banking details. We receive from Stripe:

  • A Stripe Customer ID (an anonymous reference token)
  • A Stripe Order ID and subscription status
  • Last four digits of your card (for your reference in your account dashboard)
  • Your billing country and currency

Stripe's own privacy policy governs how Stripe handles your payment information. You can review it at stripe.com/privacy.

Technical and Usage Data

When you visit our website or use our products, we may collect:

  • IP address — used for rate limiting and approximate geographic analytics
  • Browser type and version — for compatibility and troubleshooting
  • Pages visited and time on site — for aggregate analytics to improve our content

PII Data Processed by Shielk

When you use Shielk, documents you submit for anonymization are processed to detect and redact personal information. Our processing model is built on privacy-by-design:

  • Documents are processed in-memory and are not stored after the redaction result is returned
  • The 11-layer detection pipeline runs on our servers (Canadian cloud provider, Quebec — Canadian data residency)
  • No document content is sent to third-party AI providers without your explicit configuration

How We Use Your Information

We use your personal information only for the purposes for which it was collected:

  • Account management — creating accounts, processing activations, enforcing plan limits
  • Payment processing — completing transactions through Stripe, managing subscriptions
  • Customer support — responding to support requests and troubleshooting issues
  • Service communications — renewal reminders, payment failure notices, and important security updates
  • Product improvement — aggregate, anonymized analytics to understand how the service performs
  • Security and abuse prevention — rate limiting, detecting unauthorized use, and preventing fraud

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Data Sharing and Third Parties

We share data with a small number of trusted third-party service providers who help us operate our business. These providers are bound by contractual obligations to protect your data.

Service ProviderPurposeData Shared
StripePayment processingEmail, billing details (handled directly by Stripe)
Canadian cloud provider (Quebec, Canada)Web hosting — Canadian data residencyAll web traffic (server logs)
CloudflareCDN, DDoS protectionIP addresses, request headers
PostmarkTransactional emailEmail address, email content

We may disclose your information if required by law or in response to a valid legal process (court order, warrant, or regulatory request).

Cookies and Tracking

We use cookies and similar technologies to operate our website. See our Cookie Policy for a full list. In summary:

  • Strictly necessary cookies — session management and CSRF security tokens. These cannot be disabled without breaking core functionality.
  • Functional cookies — remembering dismissed banners and preferences.
  • Analytics cookies — aggregate, anonymized traffic data. You may opt out via our cookie preferences banner.

Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations:

  • Active account data — retained for the life of your subscription plus 60 days after cancellation
  • Payment records — retained for 7 years as required by Canadian tax law
  • Support correspondence — retained for 2 years after the ticket is closed
  • Server access logs — retained for 90 days, then deleted
  • Shielk processing logs — not retained; documents are processed and discarded

You may request earlier deletion of your personal data by contacting us at [email protected], subject to our legal obligations to retain certain records.

Cross-Border Data Transfers

Canuckt is based in Halifax, Nova Scotia, Canada. Our primary infrastructure is hosted on Canadian servers in Quebec — Canadian data residency for all Shielk and Valdra data.

PIPEDA Cross-Border Disclosure: Some service providers (Stripe, Cloudflare) operate servers in the United States. When your data is processed by these providers, it is transferred outside Canada. US laws may differ from Canadian privacy laws and may permit government access to your data. By using our services, you consent to this transfer.

Your Privacy Rights

Under PIPEDA and applicable Canadian privacy law, you have the following rights:

  • Right to access — request a copy of the personal data we hold about you
  • Right to correction — request correction of inaccurate or incomplete information
  • Right to withdrawal of consent — withdraw consent to processing (may affect your ability to use our services)
  • Right to complain — lodge a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca

To exercise any of these rights, contact our Privacy Officer at [email protected]. We will respond within 30 days.

Data Security

We implement industry-standard technical and organizational security measures, including:

  • TLS/HTTPS encryption for all data in transit
  • Encrypted storage of sensitive values at rest
  • Regular security audits of our codebase
  • CSRF protection on all form submissions
  • Rate limiting to prevent brute force and abuse
  • Stripe's PCI-DSS Level 1 certification for all payment data

In the event of a data breach that poses a real risk of significant harm, we will notify affected users and the Office of the Privacy Commissioner as required by law.

Children's Privacy

Our services are not directed at children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected].

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email.

Contact Us

Canuckt Synergy Solutions Inc.
Halifax, Nouvelle-Écosse, Canada
Email: [email protected]

Privacy Policy | Canuckt AI