Privacy Policy

1. INTRODUCTION AND COMPANY INFORMATION

1.1 Company Identification

This Privacy Policy (“Policy”) governs the collection, use, disclosure, and protection of personal information by The Rajma Company Inc. (“Company,” “we,” “us,” or “our”), a corporation incorporated under the laws of Ontario, Canada, in connection with our financial technology application known as PsyFi (“App”) and all related services, features, content, and applications (collectively, the “Services”).

1.2 Contact Information

The Rajma Company Inc.
2712-20 Bruyeres Mews
Toronto, Ontario M5V 0G8
Canada

Customer Service Phone Number: +1-647-336-1177

Privacy Inquiries Email: info@psyfiapp.com

1.3 Privacy Officer

In accordance with the Personal Information Protection and Electronic Documents Act (“PIPEDA”), we have designated a Privacy Officer who is accountable for our compliance with this Policy and applicable privacy laws. The Privacy Officer's contact information will be provided upon appointment.

1.4 Scope and Effective Date

This Policy applies to all personal information collected, used, or disclosed by the Company through the App and Services, including information collected through our use of the Plaid API, Open Banking API, and other third-party services. This Policy is effective as of 11.26.2025 and supersedes any prior versions.

1.5 Definitions

For the purposes of this Policy:

• “Personal information” means information about an identifiable individual, including financial information.
• “Financial information” means any information related to an individual's financial accounts, transactions, credit, investments, spending patterns, and related data.
• “User” or “you” means any individual who accesses or uses our Services.
• “API” means Application Programming Interface, which allows different software applications to communicate with each other.

2. INFORMATION WE COLLECT

2.1 Personal Information Collected Through APIs

When you connect your financial accounts to our Services through Plaid API or Open Banking API, we may collect and process the following categories of personal information:

1. Account Information: Account numbers, account types, account balances, account ownership details, financial institution names, and branch information.
2. Transaction Data: Transaction dates, amounts, categories, merchant information, payment methods, transaction descriptions, and location data associated with transactions.
3. Investment Information: Investment holdings, portfolio composition, investment transaction history, asset allocations, investment performance data, and related investment account information.
4. Credit Information: Credit scores, credit account details, payment history, credit utilization, and other credit-related data as permitted by applicable law and with your express consent.
5. Spending Patterns: Aggregated and categorized spending data, recurring transactions, spending trends, and budget-related information derived from your transaction history.

2.2 Information Collected Directly from Users

In addition to information collected through APIs, we may collect the following information directly from you:

1. Account Information: Name, email address, phone number, mailing address, date of birth, and other information necessary to verify your identity and establish your account.
2. Authentication Information: Username, password, security questions and answers, and other authentication credentials.
3. Financial Goals and Preferences: Information about your financial objectives, risk tolerance, savings goals, budgeting preferences, and other financial planning information you provide.
4. Communications: Records and copies of your correspondence with us, including email communications, support tickets, chat logs, and recordings of phone calls (with your consent).
5. Feedback and Surveys: Information you provide when completing surveys, participating in user research, or providing feedback about our Services.

2.3 Information from Third-Party Sources

We may collect information about you from third-party sources, including:

1. Identity Verification Services: Information from identity verification and fraud prevention services to verify your identity and comply with regulatory requirements.
2. Credit Reporting Agencies: With your express consent, we may obtain credit reports and related information from credit reporting agencies.
3. Public Sources: Publicly available information from government databases, public records, and other lawfully available sources.

2.4 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your interactions with our Services. This information may include:

1. Device Information: Device type, operating system, browser type and version, screen resolution, and other technical information about the device you use to access our Services.
2. Usage Data: Pages visited, features used, time spent on pages, navigation paths, and other information about how you interact with our Services.
3. Location Data: General location information derived from your IP address or more precise location data if you grant permission for location services.
4. Analytics Data: Information collected through analytics tools such as Google Analytics and Facebook Pixel to help us understand user behavior and improve our Services.

For more information about our use of cookies and tracking technologies, please see Section 11 of this Policy.

3. HOW WE USE YOUR INFORMATION

3.1 Primary Purposes for Financial Data Processing

We collect and process your personal information, including financial data, for the following primary purposes:

1. Financial Insights and Analytics: To analyze your financial data and provide personalized insights, recommendations, and analytics that help you make informed financial decisions.
2. Account Aggregation: To aggregate information from your various financial accounts to provide a comprehensive view of your financial situation.
3. Service Provision: To provide, maintain, and improve our Services, including to process transactions, maintain your account, and enable the features and functionality of our App.
4. Authentication and Security: To verify your identity, secure your account, and protect against fraudulent or unauthorized access to your information.

3.2 AI-Powered Recommendations and Analytics

We use advanced artificial intelligence and machine learning technologies to process your financial data for the following purposes:

1. Personalized Recommendations: To generate personalized financial recommendations, insights, and advice based on your financial profile, spending patterns, and stated financial goals.
2. Financial Forecasting: To create predictive models and forecasts of your financial situation based on historical data and trends.
3. Pattern Recognition: To identify patterns in your financial behavior that may help you optimize your financial decisions, reduce costs, or improve financial outcomes.
4. Risk Assessment: To analyze potential financial risks and opportunities based on your financial profile and market conditions.

When we use AI systems for automated decision-making that may significantly affect you, we will:

1. Obtain your express opt-in consent before processing your data for these purposes;
2. Provide clear information about how the AI system works in general terms;
3. Explain the logic involved in any automated decision that significantly affects you upon request;
4. Provide a mechanism for you to request human intervention, express your point of view, and contest any automated decision; and
5. Regularly test our AI systems for bias, accuracy, and fairness.

3.3 Service Improvement and Customer Support

We may use your personal information to:

1. Improve Our Services: Analyze usage patterns, troubleshoot technical issues, and enhance the functionality, features, and user experience of our Services.
2. Customer Support: Respond to your inquiries, provide technical support, and resolve issues related to your account or our Services.
3. Training and Quality Assurance: With your consent, use recordings of customer service interactions for training, quality assurance, and service improvement purposes.
4. Research and Development: Conduct research and development activities to improve our existing Services and develop new features, products, or services.

3.4 Communications

We may use your personal information to:

1. Service Communications: Send you important information regarding our Services, such as technical notices, security alerts, and administrative messages.
2. Marketing Communications: With your consent, send you marketing communications, newsletters, promotional offers, and information about new features or services that may interest you.
3. Surveys and Feedback: Invite you to participate in surveys, provide feedback, or engage in user research to help us improve our Services.

3.5 Legal and Regulatory Compliance

We may use your personal information to:

1. Comply with Legal Obligations: Fulfill our legal and regulatory obligations, including anti-money laundering (AML) and know-your-customer (KYC) requirements.
2. Enforce Our Terms: Enforce our Terms of Service, this Privacy Policy, and other agreements.
3. Protect Rights and Safety: Protect our rights, property, and safety, as well as the rights, property, and safety of our users or others.
4. Legal Proceedings: Establish, exercise, or defend legal claims, or respond to legal process or lawful requests from governmental authorities.

4. LEGAL BASIS FOR PROCESSING

4.1 Express Consent

We primarily rely on your express consent as the legal basis for collecting, using, and disclosing your personal information. Before we collect your financial information through Plaid API or Open Banking API, we will:

1. Clearly explain what information we will collect and how we will use it;
2. Obtain your express written consent through a clear affirmative action (such as checking a box or clicking a button);
3. Provide you with the option to withdraw your consent at any time; and
4. Not make the provision of our Services conditional on consent to processing that is not necessary for the provision of those Services.

4.2 Express Consent for Specific Processing Activities

We will obtain separate express consent for:

1. Connecting to your financial accounts through Plaid API or Open Banking API;
2. Using your financial data for AI-powered recommendations and analytics;
3. Sharing your information with third-party service providers;
4. Sending you marketing communications; and
5. Using cookies and similar tracking technologies for non-essential purposes.

4.3 Legitimate Interests

In certain limited circumstances, we may process your personal information based on our legitimate interests, provided that these interests are not overridden by your rights and freedoms. These legitimate interests include:

1. Protecting the security of our Services and detecting and preventing fraudulent activities;
2. Improving and optimizing the performance and user experience of our Services;
3. Enforcing our legal rights and complying with our legal obligations; and
4. Conducting business analytics and operations necessary to provide and improve our Services.

When we rely on legitimate interests as a legal basis, we will conduct a balancing test to ensure that our interests do not override your fundamental rights and freedoms.

4.4 Legal Obligations

We may process your personal information when necessary to comply with our legal obligations under applicable laws and regulations, including:

1. Financial services regulations;
2. Anti-money laundering and counter-terrorist financing laws;
3. Tax reporting requirements;
4. Court orders or subpoenas; and
5. Other legal requirements applicable to our business operations.

4.5 Contractual Necessity

We may process your personal information when necessary for the performance of our contract with you (our Terms of Service) or to take steps at your request prior to entering into such a contract.

5. INFORMATION SHARING AND DISCLOSURE

5.1 Third-Party Service Providers

We may share your personal information with third-party service providers who perform services on our behalf and require access to your information to provide these services. These service providers are contractually obligated to use your information only for the purposes of providing the services we have engaged them to provide and to maintain appropriate security measures to protect your information. These service providers may include:

1. Cloud Storage and Hosting Providers: Companies that provide infrastructure to store and process your information securely.
2. Analytics Providers: Services that help us understand how users interact with our App and improve our Services, such as Google Analytics and Facebook Pixel.
3. Customer Support Services: Platforms that help us manage customer inquiries and support tickets, such as Zendesk.
4. Identity Verification Services: Companies that help us verify your identity and prevent fraud.
5. Payment Processors: Services that process payments on our behalf, if applicable.
6. Communication Services: Providers that help us send emails, notifications, and other communications to you.

5.2 API Partners

To provide our Services, we necessarily share certain information with our API partners:

1. Plaid: When you connect your financial accounts through Plaid, we share information with Plaid as necessary to facilitate the connection and maintain access to your financial data. Plaid's use of your information is governed by their privacy policy, which is available at https://plaid.com/legal/#privacy-policy.
2. Open Banking API Providers: When you connect your financial accounts through Open Banking APIs, we share information with the relevant API providers as necessary to facilitate the connection and maintain access to your financial data. Each provider's use of your information is governed by their respective privacy policies.

We limit the information shared with these partners to what is necessary to provide our Services and maintain the connections you have authorized.

5.3 Legal Disclosures and Regulatory Requirements

We may disclose your personal information if required to do so by law or in response to valid requests from public authorities (e.g., a court or government agency). These disclosures may include:

1. Responding to court orders, subpoenas, or legal process;
2. Complying with regulatory requirements, such as those imposed by financial regulatory authorities;
3. Reporting to tax authorities when required by law;
4. Cooperating with law enforcement investigations or inquiries; and
5. Complying with other legal obligations applicable to our business.

5.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information through our website or by direct communication.

5.5 With Your Consent

We may share your personal information with other third parties when you have provided your explicit consent to such sharing.

5.6 No Sale of Personal Information

We do not sell, rent, or lease your personal information to third parties for monetary or other valuable consideration. We only share your information as described in this Privacy Policy.

5.7 Aggregated and De-identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for various purposes, including data analytics, research, and service improvement.

6. DATA SECURITY AND PROTECTION

6.1 Technical Safeguards and Encryption

We implement and maintain reasonable technical, administrative, and physical safeguards designed to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These safeguards include:

1. End-to-End Encryption: We employ industry-standard encryption protocols (such as TLS/SSL) to protect data in transit between your device and our servers, as well as encryption for sensitive data at rest.
2. Secure Data Storage: We store your personal information in secure environments with restricted access and appropriate monitoring systems.
3. Network Security: We utilize firewalls, intrusion detection systems, and other network security technologies to prevent unauthorized access to our systems.
4. Application Security: We implement secure coding practices, vulnerability scanning, and regular security updates to protect our applications from common security threats.
5. Data Minimization: We collect and retain only the personal information necessary to provide our Services and comply with legal obligations.

6.2 Access Controls and Authentication

We restrict access to personal information to authorized employees, contractors, and service providers who need access to that information to perform their assigned functions. These access controls include:

1. Strong Authentication: We require multi-factor authentication for administrative access to systems containing personal information.
2. Role-Based Access: We implement role-based access controls to ensure that employees and contractors can only access the information necessary for their specific job functions.
3. Access Logging and Monitoring: We maintain logs of access to systems containing personal information and regularly monitor these logs for suspicious activity.
4. Secure API Authentication: We implement secure authentication mechanisms for all API connections, including OAuth 2.0 protocols and API keys with appropriate security controls.

6.3 Regular Security Audits and Penetration Testing

We conduct regular security assessments to identify and address potential vulnerabilities in our systems and processes, including:

1. Regular Security Audits: We perform comprehensive security audits of our systems, applications, and processes on a regular basis.
2. Third-Party Penetration Testing: We engage qualified third-party security professionals to conduct penetration testing of our applications and infrastructure to identify and remediate potential security vulnerabilities.
3. Vulnerability Scanning: We regularly scan our systems and applications for known vulnerabilities and promptly address any issues identified.
4. Compliance Assessments: We assess our compliance with relevant security standards and best practices, including those specific to the financial services industry.

6.4 Employee Training and Awareness

We provide regular security and privacy training to our employees and contractors to ensure they understand their responsibilities regarding the protection of personal information, including:

1. Security Awareness Training: All employees receive regular training on security best practices, threat recognition, and incident reporting.
2. Privacy Training: Employees who handle personal information receive specialized training on privacy laws, regulations, and our privacy policies and procedures.
3. Secure Development Training: Our development team receives specialized training on secure coding practices and application security.

6.5 Incident Response Procedures

We maintain a comprehensive incident response plan to address security incidents involving personal information promptly and effectively. Our incident response procedures include:

1. Incident Detection and Reporting: Systems and processes to detect potential security incidents and mechanisms for employees and users to report suspected incidents.
2. Incident Assessment and Containment: Procedures to assess the nature and scope of incidents and implement containment measures to limit potential harm.
3. Notification Procedures: Processes for notifying affected individuals, regulatory authorities, and other stakeholders as required by law or as appropriate under the circumstances.
4. Remediation and Prevention: Procedures to address the root causes of incidents and implement measures to prevent similar incidents in the future.

6.6 Limitations and User Responsibilities

While we implement reasonable security measures to protect your personal information, no security system is impenetrable, and we cannot guarantee the absolute security of your information. You are responsible for:

1. Keeping your account credentials confidential and not sharing them with others;
2. Using strong, unique passwords for your account and changing them regularly;
3. Ensuring the security of your devices and networks when accessing our Services;
4. Promptly notifying us of any suspected unauthorized access to your account or other security concerns; and
5. Logging out of your account after using our Services on shared devices.

7. CROSS-BORDER DATA TRANSFERS

7.1 Canada-US Operations

As our Services are available to users in both Canada and the United States, your personal information may be transferred to, stored, and processed in either country. This means that your information may be subject to the laws of both jurisdictions.

7.2 Adequacy Determinations and Safeguards

When we transfer personal information across borders, we take appropriate measures to ensure that the transfer complies with applicable privacy laws and that your information receives an adequate level of protection. These measures include:

1. Data Transfer Agreements: Implementing appropriate contractual measures, such as standard contractual clauses or data processing agreements, with recipients of your personal information.
2. Security Measures: Ensuring that recipients of your personal information maintain appropriate security measures to protect your information.
3. Privacy Shield Compliance: Where applicable, working with service providers who are certified under privacy frameworks such as the EU-U.S. Privacy Shield or similar programs.
4. Vendor Assessment: Conducting privacy and security assessments of third-party service providers before sharing personal information with them.

7.3 User Consent for International Transfers

By using our Services, you consent to the transfer of your personal information to Canada, the United States, and other countries where we or our service providers operate. If you do not want your information transferred to or processed or stored in these countries, you should not use our Services.

7.4 Compliance with Multiple Jurisdictions

We strive to comply with the privacy laws of both Canada and the United States, including:

1. PIPEDA: Canada's Personal Information Protection and Electronic Documents Act, which governs the collection, use, and disclosure of personal information in the course of commercial activities.
2. US State Privacy Laws: Various state privacy laws in the United States, which may provide additional rights and protections for residents of those states.

If you are a resident of a jurisdiction with specific privacy rights not addressed in this Policy, please contact our Privacy Officer for information about how we address those rights.

8. YOUR PRIVACY RIGHTS

8.1 Access, Correction, and Deletion Rights

You have the right to access, correct, and request deletion of your personal information in our possession, subject to certain exceptions permitted by law. Specifically, you have the right to:

1. Access Your Information: Request a copy of the personal information we have collected about you and information about how we have used and shared it.
2. Correct Your Information: Request that we correct inaccurate or incomplete personal information we maintain about you.
3. Delete Your Information: Request that we delete personal information we maintain about you, subject to certain exceptions such as information we are required to retain for legal or regulatory purposes.

8.2 Support Ticket System Process

To exercise your privacy rights, you may submit a request through our support ticket system by:

1. Logging into your account and submitting a support ticket through the App;
2. Sending an email to info@psyfiapp.com; or
3. Calling our customer service at +1-647-336-1177.

When submitting a request, please:

1. Clearly state which right(s) you wish to exercise;
2. Provide sufficient information to allow us to verify your identity; and
3. Describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to it.

We will respond to your request within 30 days of receipt. If we require additional time to respond, we will inform you of the reason and extension period in writing.

8.3 Consent Withdrawal Procedures

You have the right to withdraw your consent to our collection, use, and disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice. To withdraw your consent:

1. Account Connections: You can disconnect your financial accounts from our Services at any time through the App settings.
2. Marketing Communications: You can opt out of marketing communications by following the unsubscribe instructions in any marketing email we send or by updating your communication preferences in your account settings.
3. Complete Withdrawal: You can withdraw all consent by closing your account, as described in Section 9.2 of this Policy.

Please note that withdrawing your consent may impact our ability to provide certain features or services to you. We will inform you of the consequences of withdrawing your consent before processing your request.

8.4 Portability and Objection Rights

In addition to the rights described above, you may have the following rights:

1. Data Portability: Request a copy of your personal information in a structured, commonly used, and machine-readable format, where technically feasible.
2. Objection: Object to our processing of your personal information based on our legitimate interests, including for direct marketing purposes.
3. Automated Decision-Making: Request human intervention, express your point of view, and contest any decision based solely on automated processing that produces legal or similarly significant effects concerning you.

8.5 Verification Process

To protect your privacy and security, we will take reasonable steps to verify your identity before granting access to your personal information or processing your requests. This may include:

1. Requesting specific information from you to confirm your identity;
2. Requiring you to log into your account before processing certain requests; or
3. Using other verification methods appropriate to the nature of the request and the sensitivity of the information involved.

If we cannot verify your identity with the information provided, we may request additional information or deny your request.

8.6 Response Timelines

We will respond to your privacy rights requests within the following timeframes:

1. Initial Response: We will acknowledge receipt of your request within 10 business days.
2. Substantive Response: We will provide a substantive response to your request within 30 days of receipt.
3. Extension: If we require additional time to respond due to the complexity or number of requests, we may extend the response period by up to an additional 30 days, in which case we will inform you of the extension and the reason for it within the initial 30-day period.

8.7 Fees

We will not charge a fee for processing your privacy rights requests unless your request is manifestly unfounded, excessive, or repetitive. If we determine that a fee is appropriate, we will inform you of the reason for the fee and provide you with a cost estimate before processing your request.

9. DATA RETENTION AND DELETION

9.1 Retention Periods for Active Accounts

We retain your personal information for as long as necessary to provide you with our Services and for the purposes outlined in this Privacy Policy. Specifically:

1. Account Information: We retain your account information for as long as your account is active and for a period of 2 years after your last activity on the account.
2. Financial Data: We retain financial data obtained through Plaid API and Open Banking API for 2 years after your last activity to provide ongoing service improvements and to maintain a history of your financial information for reference and analysis.
3. Communication Records: We retain records of our communications with you for as long as necessary to address your inquiries, resolve disputes, and comply with legal obligations.
4. Transaction Records: We retain records of transactions and activities performed through our Services as required by applicable laws and regulations, which may extend beyond the general retention period.

9.2 Post-Termination Data Handling

When you close your account or terminate your relationship with us:

1. Account Closure Process: You may close your account at any time through the App settings or by contacting our customer support.
2. Grace Period: We will maintain your personal information for a 30-day grace period after account closure to allow for account recovery if the closure was unintentional or if you change your mind.
3. Immediate Deletion: After the grace period, we will delete all personal data associated with your account, except as noted below.
4. Exceptions to Deletion: We may retain certain information even after account closure:

• Information required to comply with legal obligations, such as financial transaction records required by tax or financial regulations;
• Information necessary to prevent fraud or future abuse;
• Information required to enforce our terms or protect our legal rights; and
• Aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you.

9.3 Automatic Deletion Processes

We have implemented automated processes to ensure that personal information is deleted or anonymized when it is no longer needed:

1. Scheduled Deletion: Our systems are configured to automatically flag inactive accounts and initiate the deletion process after the specified retention period.
2. Data Minimization: We regularly review the personal information we hold and delete or anonymize information that is no longer necessary for the purposes for which it was collected.
3. Backup Retention: Information may persist in our backup systems for a limited period after deletion from active systems. These backups are secured and will be overwritten or deleted according to our backup rotation schedule.

9.4 Retention for Legal and Regulatory Compliance

Notwithstanding the above retention periods, we may retain your personal information for longer periods when required by law, regulation, or legal process. This may include:

1. Records required to be maintained under financial services regulations;
2. Information relevant to an ongoing investigation, legal claim, or regulatory inquiry;
3. Information subject to a legal hold or preservation order; and
4. Information required to be maintained for tax or accounting purposes.

When retention is based on legal or regulatory requirements, we will limit access to the information and maintain appropriate security measures to protect it.

10. AGE RESTRICTIONS AND VERIFICATION

10.1 18+ Age Requirement

Our Services are intended for use only by individuals who are at least 18 years of age. We do not knowingly collect personal information from individuals under 18 years of age. If you are under 18, please do not use or provide any information on or through our Services.

10.2 Verification Procedures

To enforce our age restriction and comply with applicable laws, we implement the following verification procedures:

1. Age Verification During Registration: During the account registration process, we require you to confirm that you are at least 18 years of age and may request your date of birth.
2. Identity Verification: We may use third-party identity verification services to verify your age and identity before allowing you to connect financial accounts or access certain features of our Services.
3. Additional Verification: In some cases, we may request additional documentation to verify your age and identity, such as a government-issued identification document.

10.3 Discovery of Underage Users

If we discover or have reason to believe that we have collected personal information from an individual under 18 years of age:

1. We will promptly delete the information from our records;
2. We will terminate the account associated with the underage user; and
3. We will take reasonable measures to ensure that the underage user cannot create a new account.

10.4 Parental Consent Not Applicable

Because our Services are restricted to users who are at least 18 years of age, we do not offer a parental consent mechanism or special protections for users under 18. If you believe that we have inadvertently collected information from a person under 18, please contact our Privacy Officer immediately.

10.5 Compliance with Youth Privacy Laws

While our Services are not directed to individuals under 18, we are committed to complying with all applicable laws regarding the privacy of young people, including:

1. The Children's Online Privacy Protection Act (COPPA) in the United States; and
2. Provincial laws in Canada that protect the privacy of minors.

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 Types of Cookies Used

We use various types of cookies and similar tracking technologies on our Services, including:

1. Essential Cookies: Cookies that are necessary for the operation of our Services, such as cookies that enable you to log into secure areas or use essential features.
2. Functional Cookies: Cookies that remember your preferences and settings to enhance your experience when using our Services.
3. Analytics Cookies: Cookies that help us understand how users interact with our Services by collecting and reporting information anonymously.
4. Marketing Cookies: Cookies that track your browsing habits and are used to deliver targeted advertising that is relevant to your interests.
5. Session Cookies: Temporary cookies that are deleted when you close your browser.
6. Persistent Cookies: Cookies that remain on your device for a specified period or until you delete them.

11.2 Analytics and Marketing Tools

We use the following analytics and marketing tools that may use cookies or similar tracking technologies:

1. Google Analytics: We use Google Analytics to collect information about how users interact with our Services. Google Analytics uses cookies to collect information and report website usage statistics without personally identifying individual visitors. For more information about Google Analytics and how to opt out, visit: https://tools.google.com/dlpage/gaoptout.
2. Facebook Pixel: We use Facebook Pixel to measure the effectiveness of our advertising, understand the actions you take on our website, and deliver targeted advertisements on Facebook. For more information about Facebook Pixel and how to control your ad preferences, visit: https://www.facebook.com/help/568137493302217.
3. Other Analytics Services: We may use other analytics services to help us understand user behavior and improve our Services. Information collected by these services is subject to the privacy policies of the respective service providers.

11.3 User Control and Opt-Out Options

You have several options to control or limit how we and our partners use cookies and similar tracking technologies:

1. Browser Settings: Most web browsers allow you to control cookies through their settings preferences. You can typically delete existing cookies, block certain types of cookies, or set your browser to notify you when you receive a cookie. Please note that if you block essential cookies, you may not be able to use all features of our Services.
2. Opt-Out Tools: You can opt out of many third-party analytics and advertising cookies using industry opt-out tools such as:

• Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
• Digital Advertising Alliance (DAA) WebChoices Tool: https://optout.aboutads.info/
• Network Advertising Initiative (NAI) Opt-out Tool: https://optout.networkadvertising.org/

3. Do Not Track Signals: Some browsers have a “Do Not Track” feature that signals to websites that you do not want to have your online activities tracked. Because there is not yet a common understanding of how to interpret these signals, our Services do not currently respond to browser “Do Not Track” signals.
4. Mobile Device Settings: On mobile devices, you can limit tracking through your device settings, such as the “Limit Ad Tracking” setting on iOS devices or “Opt out of Ads Personalization” on Android devices.

11.4 Cookie Policy Updates

We may update our use of cookies and similar tracking technologies from time to time. Any significant changes will be reflected in updates to this Privacy Policy or in a separate Cookie Policy that will be made available on our website.

12. MARKETING COMMUNICATIONS

12.1 Consent for Promotional Emails

With your consent, we may send you marketing communications, including:

1. Newsletters: Regular updates about our Services, financial tips, and industry news.
2. Promotional Offers: Information about special offers, promotions, or new features.
3. Product Updates: Announcements about new products, services, or significant updates to existing Services.
4. Educational Content: Financial education materials, guides, and resources.

We will obtain your express consent before sending you marketing communications, typically during the account registration process or through a separate opt-in mechanism.

12.2 Opt-Out Procedures

You can opt out of receiving marketing communications from us at any time by:

1. Unsubscribe Link: Clicking the “unsubscribe” link included in every marketing email we send.
2. Account Settings: Adjusting your communication preferences in your account settings within the App.
3. Customer Support: Contacting our customer support team at +1-647-336-1177 or through the support ticket system.

We will process your opt-out request promptly, but please note that you may continue to receive non-marketing communications that are necessary for the administration of your account or to provide you with important information about your account or our Services.

12.3 Communication Preferences

We provide you with options to customize the types of communications you receive from us. Through your account settings, you can:

1. Select which types of marketing communications you wish to receive;
2. Choose the frequency of communications (e.g., daily, weekly, monthly); and
3. Update your contact information for communications.

12.4 Compliance with Anti-Spam Legislation

All marketing communications we send comply with Canada's Anti-Spam Legislation (CASL) and other applicable laws governing electronic communications. This means that:

1. We will obtain your express consent before sending marketing communications;
2. Each communication will clearly identify us as the sender;
3. Each communication will include our contact information; and
4. Each communication will provide a simple and effective way to unsubscribe.

13. PRIVACY BREACH RESPONSE

13.1 Incident Assessment Procedures

In the event of a suspected or confirmed privacy breach involving personal information under our control, we will:

1. Breach Identification: Promptly identify and investigate the suspected breach to determine its nature, scope, and potential impact.
2. Risk Assessment: Assess the risk of harm to affected individuals, considering factors such as:

• The sensitivity of the information involved;
• The likelihood of misuse;
• The number of individuals affected; and
• The potential consequences for affected individuals.

3. Containment Measures: Implement appropriate measures to contain the breach and minimize potential harm, such as:

• Stopping the unauthorized practice;
• Recovering the personal information where possible;
• Shutting down affected systems; and
• Revoking or changing access credentials.

4. Documentation: Document the breach, our response actions, and the outcome of our investigation.

13.2 Notification Requirements and Timelines

We will notify affected individuals and relevant authorities of privacy breaches in accordance with applicable laws and regulations:

1. Regulatory Notification: Where required by law, we will notify the Office of the Privacy Commissioner of Canada and other relevant regulatory authorities as soon as feasible after determining that a breach has occurred that creates a real risk of significant harm to individuals.
2. Timeline for Notification: We will provide notifications as required by law, which typically requires notification as soon as feasible after a breach has been discovered.
3. Content of Notification: Our notifications will include, to the extent known at the time:

• A description of the circumstances of the breach;
• The date or period during which the breach occurred;
• A description of the personal information involved;
• Steps taken to reduce the risk of harm;
• Steps affected individuals can take to reduce the risk of harm; and
• Contact information for questions or concerns.

13.3 User Notification Process

When notifying affected individuals of a privacy breach:

1. Direct Notification: Where possible, we will notify affected individuals directly through email, telephone, or mail, depending on the contact information we have and the circumstances of the breach.
2. Indirect Notification: If direct notification is not possible or would cause further harm, we may use indirect methods such as posting notices on our website or issuing public announcements.
3. Timing of Notification: We will notify affected individuals as soon as feasible after confirming the breach and assessing the risk of harm, in accordance with legal requirements.
4. Support Resources: We will provide affected individuals with information about steps they can take to protect themselves and resources for additional support or information.

13.4 Remediation and Prevention

Following a privacy breach, we will:

1. Root Cause Analysis: Conduct a thorough analysis to identify the root cause of the breach.
2. Remediation Plan: Develop and implement a plan to address the cause of the breach and prevent similar incidents in the future.
3. Policy and Procedure Review: Review and update our privacy and security policies, procedures, and practices as necessary.
4. Staff Training: Provide additional training to staff on privacy and security best practices, if appropriate.
5. Follow-up Monitoring: Implement enhanced monitoring or auditing measures to detect and prevent similar breaches.

14. COMPLAINTS AND DISPUTE RESOLUTION

14.1 Internal Complaint Process

If you have concerns or complaints about how we handle your personal information, we encourage you to contact us first so that we can address your concerns promptly:

1. Initial Contact: Submit your complaint through our support ticket system, by email to info@psyfiapp.com, or by phone at +1-647-336-1177.
2. Required Information: Please provide details about your concern, including:

• Your contact information;
• The nature of your complaint;
• Any relevant dates, communications, or documentation; and
• Your desired resolution.

3. Acknowledgment: We will acknowledge receipt of your complaint within 5 business days.
4. Investigation: Our Privacy Officer will investigate your complaint, reviewing relevant information and consulting with appropriate personnel as necessary.
5. Resolution: We will provide you with a substantive response to your complaint within 30 days, including an explanation of our findings and any actions we have taken or will take to address your concerns.

14.2 Privacy Commissioner Escalation

If you are not satisfied with our response to your complaint, you have the right to escalate your concern to the Office of the Privacy Commissioner of Canada or your provincial privacy commissioner:

1. Office of the Privacy Commissioner of Canada

• 30 Victoria Street
  Gatineau, Quebec K1A 1H3
• Toll-free: 1-800-282-1376
• Website: https://www.priv.gc.ca

2. Information and Privacy Commissioner of Ontario

• 2 Bloor Street East, Suite 1400
  Toronto, Ontario M4W 1A8
• Toll-free: 1-800-387-0073
• Website: https://www.ipc.on.ca

14.3 Response Timelines and Procedures

We are committed to responding to privacy complaints in a timely and effective manner:

1. Acknowledgment: We will acknowledge receipt of your complaint within 5 business days.
2. Investigation Timeline: We will investigate your complaint and provide a substantive response within 30 days.
3. Extension: If we require additional time to investigate your complaint due to its complexity, we will notify you of the extension and provide an estimated timeline for resolution.
4. Documentation: We will document all complaints, our investigations, and the resolutions provided.
5. Follow-up: Where appropriate, we will follow up with you after providing a resolution to ensure your concerns have been adequately addressed.

14.4 Continuous Improvement

We view complaints as an opportunity to improve our privacy practices:

1. Pattern Identification: We will analyze complaints to identify patterns or systemic issues that may require broader policy or procedural changes.
2. Policy Updates: Where appropriate, we will update our privacy policies and procedures based on lessons learned from complaints.
3. Staff Training: We will use insights from complaints to enhance staff training on privacy matters.

15. POLICY UPDATES AND CHANGES

15.1 Amendment Procedures

We may update this Privacy Policy from time to time to reflect changes in our practices, our Services, or legal requirements:

1. Regular Review: We will review this Privacy Policy at least annually to ensure it remains accurate, comprehensive, and compliant with applicable laws.
2. Approval Process: Significant changes to this Policy will be reviewed and approved by our Privacy Officer and, where appropriate, legal counsel before implementation.
3. Version Control: We will maintain a record of all versions of this Policy, including the dates of any changes and a summary of the changes made.

15.2 User Notification Requirements

When we make changes to this Privacy Policy:

1. Notice of Material Changes: We will provide clear notice of any material changes through appropriate channels, which may include:

• Prominent notices on our website or within the App;
• Direct communications to users via email or in-app notifications; or
• Other effective means of notification.

2. Timing of Notice: We will provide notice of material changes at least 30 days before the changes take effect, where feasible.
3. Content of Notice: Our notices will include:

• A summary of the key changes;
• The effective date of the changes;
• Information about how to access the updated Policy; and
• Information about how to exercise your privacy rights or ask questions about the changes.

15.3 Effective Date of Changes

1. Clear Indication: Each version of this Policy will clearly indicate its effective date at the beginning of the document.
2. Grace Period: Where appropriate, we may provide a grace period before material changes take effect to allow users to review the changes and make informed decisions about their continued use of our Services.
3. Continued Use: Your continued use of our Services after the effective date of any changes to this Policy constitutes your acceptance of the revised Policy.

15.4 Archived Versions

We will maintain archived versions of this Privacy Policy and make them available upon request. To request a copy of a previous version of this Policy, please contact our Privacy Officer.

16. CONTACT INFORMATION

16.1 Dedicated Privacy Officer

Our Privacy Officer is responsible for ensuring our compliance with this Privacy Policy and applicable privacy laws. You may contact our Privacy Officer with any questions, concerns, or requests regarding your personal information or this Privacy Policy:

Privacy Officer
The Rajma Company Inc.
2712-20 Bruyeres Mews
Toronto, Ontario M5V 0G8
Canada

Email: info@psyfiapp.com

Phone: +1-647-336-1177

16.2 Customer Service Contact Information

For general inquiries about our Services or for assistance with your account, you may contact our customer service team:

Customer Service

The Rajma Company Inc.

Phone: +1-647-336-1177

Email: info@psyfiapp.com

Support Ticket System: Available through the App

16.3 Physical Address and Mailing Information

Our physical address for correspondence, including privacy-related matters:

The Rajma Company Inc.
2712-20 Bruyeres Mews
Toronto, Ontario M5V 0G8
Canada

16.4 Electronic Communications

For electronic communications regarding privacy matters:

Email: info@psyfiapp.com

Website: https://psyfiapp.com

16.5 Response Commitment

We are committed to responding to privacy inquiries and requests in a timely manner:

1. We will acknowledge receipt of general privacy inquiries within 5 business days.
2. We will provide substantive responses to privacy inquiries within 30 days.
3. We will process privacy rights requests as described in Section 8 of this Policy.