Privacy Policy — TidalAI

1. Data Controller

TidalAI Technologies Inc., Halifax, Nova Scotia. Contact: hello@tidalai.ca

2. Data We Collect

Clients: Name, contact info, business details relevant to service delivery, service address
Technical info: Device ID, IP address, usage logs, browser version, operating system
Location data: Geographic data for service matching and local SEO optimization
Payment information: Payment card details processed through Stripe

3. Why We Collect Data

Facilitate service delivery and payment processing
Configure and maintain AI automation workflows
Match businesses with appropriate service configurations
Send service update notifications
Improve platform functionality through analytics
Comply with PIPEDA obligations

4. Data Storage

All data stored on Canadian servers (Google Cloud Platform — Montreal region)
Encrypted in transit using TLS 1.3 and at rest using AES-256
Access logged and restricted to authorized personnel only
Regular security audits and penetration testing conducted

5. Sharing

Data shared only with:

Payment processors (Stripe)
Analytics providers (Firebase/Google) in anonymized form
Notification services (Firebase Cloud Messaging)
Regulators and law enforcement if legally required

6. Analytics Data Collection (Firebase Analytics)

Data Collected:

Usage events: page views, button clicks, feature usage patterns
Device information: model, OS version, browser version
Pseudonymous identifiers: Firebase installation ID
Geographic data: country and region (not precise location)
Session data: duration, visits, crashes and errors

Usage: Analyze performance, understand user behavior, monitor errors, generate aggregate statistics.

Your Control: Opt out via browser settings; limit tracking through browser privacy controls.

7. Payment Processing (Stripe)

Data Handled by Stripe:

Payment card information (never stored on our servers)
Billing address for verification and fraud prevention
Transaction history

Security: Stripe is PCI DSS Level 1 certified. Card details are tokenized and encrypted using industry-standard protocols with fraud detection systems in place.

8. Push Notifications (Firebase Cloud Messaging)

Data Collected:

FCM Token (unique device identifier)
Device platform
Notification preferences

Types: Service updates, payment confirmations, security alerts, workflow notifications.

Your Control: Disable in browser/device settings; manage categories in account settings; tokens deleted at logout.

9. Data Retention Periods

Data Type	Retention Period
Account information	Until deletion + 30 days
Transaction/payment records	7 years (tax/legal)
Analytics data	14 months
Audit/security logs	2 years
FCM tokens	Until logout/uninstall

After retention periods, data is securely deleted or anonymized.

10. Your Rights

Under Canadian privacy law (PIPEDA):

Right to Access

Request copies of all personal data within 30 days; receive in machine-readable format.

Right to Correction

Request correction of inaccurate data; update through your account or contact us.

Right to Deletion

Request deletion (subject to legal retention requirements); account deletable via support.

Right to Data Portability

Receive data in JSON or CSV format; transfer to another provider where feasible.

Right to Withdraw Consent

Withdraw optional data processing consent anytime.

How to Exercise Rights:

Email: hello@tidalai.ca

Response timeline: 30 days. File complaints with the Office of the Privacy Commissioner of Canada or Nova Scotia Privacy Commissioner.

11. Breach Notification

Affected users notified within 72 hours of discovery
Office of the Privacy Commissioner notified as required
Clear information provided about affected data and protective steps

12. Changes to This Policy

Updates communicated via email, in-app notification, and date updates. Continued use constitutes acceptance.

13. Contact Us

Email: hello@tidalai.ca

Address: TidalAI Technologies Inc., Halifax, Nova Scotia, Canada