Privacy Policy
Effective Date: December 10, 2025 | Last Updated: December 10, 2025
1. Who We Are
Prosperi is a personal finance management application designed for Canadians. We help you track spending, create budgets, and make better financial decisions through AI-powered insights.
Privacy Officer: Aayush (Founder)
Contact: support@prosperi-finance.com
Mailing Address: 301 Seaton Street, Toronto, Ontario
PIPEDA Compliance: Prosperi complies with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), the federal privacy standard for private-sector organizations in Canada.
2. Information We Collect
2.1 Account Information
- Email address: Required for account creation and authentication
- Password: Encrypted and stored securely
2.2 Financial Transaction Data
When you upload CSV files from your bank, we extract and store only:
- Transaction date: e.g., December 5, 2025 (to organize transactions chronologically)
- Amount: e.g., $23.45 (to calculate spending totals and budgets)
- Description: e.g., "Tim Hortons" (to categorize and analyze spending)
What We DON'T Collect or Store:
- Bank account numbers (full or partial)
- Credit or debit card numbers
- Banking passwords or credentials
- Account balances
- Bank or institution names
- Branch codes or routing numbers
- Social Insurance Numbers
- Your original CSV files (deleted immediately after processing)
2.3 Payment Information
We use Stripe to process subscription payments. We store only:
- Subscription status (active, cancelled, expired)
- Billing date and amount
We never see or store your full credit card number. All payment details are handled securely by Stripe.
2.4 Usage and Technical Information
- Pages visited and features used within the app
- IP address (for security and fraud prevention)
- Browser type and device information
- Date and time of access
3. How We Use Your Information
3.1 To Provide the Service
- Create and manage your account
- Store and organize financial transactions
- Generate spending reports and visualizations
- Calculate budget recommendations
- Categorize transactions
- Provide personalized financial insights
3.2 AI-Powered Features
When you use AI features, we send only transaction descriptions to our AI service provider for categorization. For AI-generated insights, we send anonymized, aggregated summaries (never raw transaction data). Transaction amounts, dates, and personal identifiers are never sent.
What gets sent to AI: Merchant names only for categorization (e.g., "Tim Hortons", "Metro") and anonymized summaries for insights (no raw transactions).
What doesn't get sent: Amounts, dates, your email, or any account identifiers.
Our AI provider has a zero-retention policy for API data, meaning the information is processed and immediately deleted.
3.3 To Improve the Service
We analyze aggregated, anonymized usage patterns to improve features, fix bugs, and optimize performance.
3.4 To Communicate With You
- Send transactional emails (password resets, payment confirmations)
- Notify you of important account changes
- Respond to support requests
- Send optional product updates (you can unsubscribe)
3.5 For Security and Compliance
- Detect and prevent unauthorized access
- Protect against fraud and abuse
- Comply with legal obligations
- Enforce our Terms of Service
5. Data Security
We protect your data with industry-standard security measures:
5.1 Encryption
- In transit: All data transmitted between your device and our servers is encrypted using TLS 1.3
- At rest: All data stored in our database is encrypted using AES-256
- Passwords: Encrypted using secure hashing (we cannot see your actual password)
5.2 Access Controls
- Database-level access controls ensure your data is isolated and accessible only with valid authentication
- Secure token-based authentication with automatic session expiration
- Limited employee access to production systems
5.3 CSV File Handling
What happens when you upload a CSV:
- File temporarily stored in server memory (not written to disk)
- Extract only date, amount, and description fields
- Write extracted data to encrypted database
- Delete CSV from memory immediately (2-5 seconds total)
No file backups. No logs containing CSV data. No temporary storage.
5.4 Your Responsibilities
Security is a shared responsibility. You should:
- Use a strong, unique password
- Never share your password
- Log out on shared devices
- Report suspicious activity immediately
Important: No method of transmission over the internet is 100% secure. While we implement strong protections, we cannot guarantee absolute security.
6. Data Retention
6.1 Active Accounts
We retain your data for as long as your account is active:
- Transaction data: Stored while your account is active
- Account information: Stored while your account is active
- Usage data: Retained for up to 2 years for analytics
6.2 Deleted Accounts
When you delete your account:
- All personal data is deleted within 48 hours
- Data is removed from backups within 30 days
- Aggregated, anonymized analytics may be retained (cannot be linked back to you)
6.3 Legal Retention
We may retain certain information longer if required by law (e.g., tax records, payment information, or to resolve disputes).
6.4 CSV Files
Retention period: 2-5 seconds. CSV files are processed in memory and deleted immediately.
7. Your Privacy Rights
Under PIPEDA, you have the following rights:
7.1 Right to Access
You can request a copy of all personal information we hold about you. Contact us at support@prosperi-finance.com. We will respond within 30 days.
7.2 Right to Correction
You can correct inaccurate or incomplete information by editing transactions in the app or contacting us.
7.3 Right to Deletion
You can request deletion of your personal information by using the "Delete Account" button in your account settings or contacting us. Data is deleted within 48 hours.
7.4 Right to Withdraw Consent
You can withdraw consent for certain uses of your information:
- Marketing emails: Use the unsubscribe link
- Analytics cookies: Opt out in settings
- AI features: Don't use AI-powered features
Withdrawing consent may limit functionality of the Service.
7.5 Right to Lodge a Complaint
If you believe we've violated your privacy rights:
- Contact us first at support@prosperi-finance.com
- If unsatisfied, file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or 1-800-282-1376
8. Cookies & Tracking Technologies
8.1 What Are Cookies?
Cookies are small text files stored on your device that help websites remember your preferences.
8.2 Cookies We Use
- Authentication: Keep you logged in (Required)
- Preferences: Remember your settings (Required)
- Security: Detect fraud and abuse (Required)
- Analytics: Understand usage patterns (Optional)
8.3 Managing Cookies
You can control cookies through your browser settings or by opting out of analytics cookies in your account settings.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Post a notice on our website and in-app
- Send an email to your account address
- Update the "Last Updated" date at the top
Your continued use of the Service after changes constitutes acceptance of the updated policy. If you don't agree, you must stop using the Service and delete your account.
For significant changes (e.g., new data collection practices), we will provide at least 30 days' notice.
10. Contact Us
If you have questions or concerns about this Privacy Policy, contact us:
Name: Aayush (Founder)
Email: support@prosperi-finance.com
Mailing Address: 301 Seaton Street, Toronto, Ontario
Response Time: Within 30 days for privacy requests
Office of the Privacy Commissioner of Canada
If you're not satisfied with our response:
Website: www.priv.gc.ca
Phone: 1-800-282-1376
Email: info@priv.gc.ca
Last Updated: December 10, 2025