Privacy Policy

1. Information We Collect

We collect the following types of information:

• Identification information: name, email address, phone number
• Payment information: credit card data (encrypted), transaction history
• Usage data: app interactions, preferences, shopping habits
• Technical data: IP address, device type, operating system
• Location data: with your consent, to locate partner stores

2. How We Use Your Information

Your information is used to:

• Provide and improve our services
• Process your payments securely
• Personalize your user experience
• Send you relevant communications (with your consent)
• Prevent fraud and ensure security
• Comply with our legal obligations

3. Information Sharing

We never sell your personal data. We may share your information with:

• Partner retailers: only the information necessary to process your purchases
• Service providers: hosting, payment processing, analytics (under confidentiality agreements)
• Legal authorities: if required by law

4. Data Security

We use industry-standard security measures, including:

• SSL/TLS encryption for all data transmissions
• PCI-DSS compliance for payment data
• Two-factor authentication available
• Regular security audits

5. Your Rights

In accordance with Quebec's Act respecting the protection of personal information and the GDPR, you have the right to:

• Access your personal data
• Correct your information
• Delete your account and data
• Withdraw your consent
• Transfer your data to another service

6. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with our legal obligations. Transaction data is retained for 7 years in accordance with Canadian tax requirements.

7. Changes to This Policy

We may update this policy from time to time. We will notify you of any significant changes by email or through the application.

8. Payment Processing

Payments made through YandiPay are processed by PCI-DSS Level 1 certified third-party providers, including Clover (Fiserv), Global Payments, and Moneris. We never store complete card numbers on our servers. Payment information is replaced by secure tokens (tokenization) generated by these providers. Only the last 4 digits of the card are retained for identification purposes. The security code (CVV) is never stored and is immediately transmitted to the payment provider then deleted from our system.

9. Encryption and Security

All data transmissions are protected by the TLS 1.2 protocol or higher. Sensitive data is encrypted at rest using the AES-256 algorithm. We maintain our compliance with PCI-DSS standards for the processing of payment data.

10. Third-Party Providers

We share certain transaction data with our payment providers (Clover/Fiserv, Global Payments, Moneris) for the purpose of payment processing. These providers are subject to their own privacy policies. See Clover's privacy policy: https://www.clover.com/privacy-policy

11. PIPEDA and Act 25 Compliance

As a Quebec-based company, we comply with the Act respecting the protection of personal information in the private sector (Act 25) as well as the Personal Information Protection and Electronic Documents Act (PIPEDA). We only collect the information necessary to provide our services.

12. Data Breach

In the event of a data breach likely to present a serious risk of harm, we will notify affected users and the relevant authorities as soon as possible, in accordance with the law.