Privacy Policy
Last updated: April 5, 2025 · Compliant with PIPEDA and Quebec Law 25 (Bill 64)
1. Who We Are & Your Privacy Officer
KaizenFit Inc. ("KaizenFit") operates kaizenfit.ca. We are accountable for all personal information under our control. Our designated Privacy Officer can be reached at:
Toronto, Ontario, Canada
For urgent data breach notifications: breach@kaizenfit.ca
2. Information We Collect & Why (Identifying Purposes)
Information you provide directly
- Account information — name, email, password. Purpose: account creation and authentication.
- Payment information — processed entirely by Stripe. KaizenFit does not store card numbers. Purpose: payment processing.
- Province of residence — collected at checkout. Purpose: calculating and remitting applicable GST/HST/PST/QST as required by the Excise Tax Act.
- Certification documents — Creators only, stored in encrypted private storage. Purpose: credential verification for verified badges.
- Program content — uploaded by Creators. Purpose: displaying and delivering programs to buyers.
- AI Trainer messages — messages sent during a session. Purpose: generating AI responses. Not retained beyond your session.
Information collected automatically
- IP address and approximate location
- Browser type and device information
- Pages visited, clicks, and time spent (analytics cookies — only with your consent)
- Purchase history
3. Consent
We obtain your meaningful consent at the time of collection and explain the purpose for which information is collected. Consent may be express (explicit checkbox) or, for routine transactions, implied by your use of the service.
Marketing emails (CASL): We only send promotional communications to users who have provided express opt-in consent at account registration. Every marketing email includes a working unsubscribe link. You may withdraw marketing consent at any time without cost.
Cookies: Non-essential cookies (analytics) are only set after you accept our cookie banner. Essential cookies (session authentication, security) are set without consent as they are required for the service to function.
You may withdraw consent for non-essential processing at any time by contacting privacy@kaizenfit.ca. Note that withdrawal of consent for essential processing (e.g., payment data) may prevent us from providing services.
4. Who We Share Your Information With
Payment processing and Stripe Connect creator payouts. Your payment data is governed by Stripe's Privacy Policy. Servers in the United States.
Database storage, user authentication, and file storage. Servers in the United States. Protected by standard contractual data transfer clauses.
AI Trainer functionality. Messages sent to the AI Trainer are processed by Anthropic's API. Per Anthropic's data policy, messages are not used to train models and are not retained beyond the session.
GST/HST remittance reporting as required by the Excise Tax Act. Tax identification data (province, transaction amounts) is reported.
We do not sell personal information. We do not share personal information with advertisers or for advertising purposes.
5. International Data Transfers
Some service providers (Stripe, Supabase, Anthropic) process data in the United States. Data transferred internationally is protected by contractual safeguards requiring these providers to maintain privacy protections comparable to PIPEDA. By using KaizenFit, you acknowledge that your information may be transferred to and processed in the United States.
6. Data Retention
- Account data: retained while account is active and for 7 years after closure (tax/legal compliance)
- Purchase records: 7 years as required by the Income Tax Act
- Certification documents: for the duration of Creator's active status plus 2 years
- AI Trainer sessions: not retained after your session ends
- CASL consent records: 3 years after the business relationship ends
7. Your Rights Under PIPEDA
- Access — request a copy of personal information we hold about you
- Correction — request correction of inaccurate information
- Withdrawal of consent — withdraw consent for non-essential processing
- Challenge compliance — lodge a complaint with the Office of the Privacy Commissioner
To exercise these rights, email privacy@kaizenfit.ca. We will respond within 30 days.
8. Quebec Residents — Additional Rights (Law 25)
If you are a resident of Quebec, you have additional rights under Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25 / Bill 64), including the right to data portability, the right to de-indexation, and the right to be forgotten in certain circumstances. Contact privacy@kaizenfit.ca to exercise these rights or request a copy of our Privacy Impact Assessment.
9. Security Safeguards
We implement technical, physical, and organisational safeguards including: TLS encryption for all data in transit; encrypted database storage; role-based access controls; regular security reviews. In the event of a security breach posing real risk of significant harm to individuals, we will notify affected users and the Office of the Privacy Commissioner of Canada as required by PIPEDA's mandatory breach reporting provisions (in force since November 1, 2018).
10. Cookies & Tracking
Essential cookies (no consent required): authentication session cookies, security tokens.
Analytics cookies (consent required): usage analytics to improve the platform. Only set after you accept our cookie banner. You may decline analytics cookies without affecting platform functionality.
You may change your cookie preferences at any time by clearing your browser cookies. A new consent prompt will appear on your next visit.
11. Contact & Complaints
Office of the Privacy Commissioner of Canada1-800-282-1376 · www.priv.gc.ca
Commission d'accès à l'information (Quebec residents)www.cai.gouv.qc.ca