Privacy Policy

Effective Date: June 3, 2024

Last Updated: [Date of Last Update]

Welcome to FUNDament, a personal budget management web application operated by FUNDament ("we," "our," or "us"). Your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website at https://fundament.ca and use our services. By using FUNDament, you agree to the terms of this Privacy Policy.

Who We Are
Definitions
Legal Basis for Processing Personal Data
How We Collect Data About You
What Data We Collect and Why
Your Responsibilities
How We Use Your Information
Consent Mechanisms
Cookies and Tracking Technologies
How We Share Your Information
International Data Transfers
Data Retention and Deletion
Your Rights
Security Measures
Data Breach Notification
Children’s Privacy
Limitations of Liability
Rights to Content
Third-Party Links
Marketing Communications
Governing Law and Dispute Resolution
Changes to This Privacy Policy
Accessibility
Contact Us

1. Who We Are

Legal Entity: FUNDament
Website Name: FUNDament
Website Domain: https://fundament.ca
Contact Information: Email: [email protected]
Link to Privacy Policy: https://fundament.ca/privacy
Link to Terms of Service: https://fundament.ca/terms

2. Definitions

Personal Data: Any information that relates to an identified or identifiable individual.
Service: Refers to the website and services provided by FUNDament.
User: An individual who uses the Service.
Cookies: Small files stored on a User’s device.
Data Controller: FUNDament determines the purposes and means of processing Personal Data.
Data Processor: Entities that process Personal Data on behalf of the Data Controller.
Processing: Any operation performed on Personal Data, such as collection, storage, use, or disclosure.

3. Legal Basis for Processing Personal Data

We process your Personal Data based on the following legal grounds:

Consent (GDPR Article 6(1)(a)): When you provide consent for specific purposes.
Contractual Necessity (GDPR Article 6(1)(b)): To perform our contractual obligations to you.
Legitimate Interests (GDPR Article 6(1)(f)): For purposes that are in our legitimate interests, such as improving our services, provided these are not overridden by your data protection rights.
Legal Obligation (GDPR Article 6(1)(c)): To comply with legal obligations.

4. How We Collect Data About You

FUNDament collects data about you:

When you browse our website.
When you create or update your account.
When you use our services to manage your finances.
When you communicate with us for support or inquiries.
When you import CSV files with transaction data (these files are deleted after import).
Through cookies and similar tracking technologies, with your consent.

5. What Data We Collect and Why

5.1. Personal Information

When you register an account on FUNDament, we collect the following Personal Data:

Name: User-defined, optional; used to personalize your experience.
Email Address: Used for account verification, communication, and password resets.
Avatar: Optional; used to personalize your profile.
Google Sign-In: If you use Google Sign-In, we collect and store your Google account information with your consent.

5.2. Financial Data

Accounts, Ledgers, and Budgets: We store the names and balances of accounts, ledgers, and budgets you create to provide our services.
Transactions: Includes description, amount, and date; used to help you manage your finances.
CSV Data: CSV files imported are deleted immediately after processing.

5.3. Payment Information

Payment Provider: We use Stripe to process payments. Stripe collects your payment information securely. We do not store your credit card details. Refer to Stripe's Privacy Policy.

5.4. Usage Data

App Usage Data: Device information, IP address, browser type, operating system.
Analytics Information: Collected via PostHog to analyze usage patterns.
Error Tracking: Collected via Sentry to identify and fix technical issues.

5.5. Cookies and Local Storage

Authentication Tokens (JWT): Stored in cookies for session management.
Analytics Data: Stored in cookies and/or local storage with your consent.

5.6. User-Generated Content

Any content you voluntarily input, such as budget details and financial goals, to help you manage your finances.

5.7. Non-Personal Information

Aggregated Data: Non-identifiable data used for analytical purposes to improve our services.

6. Your Responsibilities

Account Security: Choose a strong password and keep your credentials confidential.
Accurate Information: Provide accurate and up-to-date information.
Prohibited Activities: Do not share account credentials or input unlawful content.
Sensitive Information: Avoid including sensitive data (e.g., real account numbers) in account names or other fields.

7. How We Use Your Information

We use your information to:

Provide and Improve Services: Deliver our services and enhance your user experience.
Personalization: Customize your experience with visual cues and charts.
Process Payments: Manage subscriptions and process payments via Stripe.
Communication: Send administrative information, respond to inquiries, and provide customer support.
Analytics and Improvement: Analyze usage patterns to improve our services using PostHog.
Error Tracking: Identify and fix technical issues using Sentry.

We do not use your Personal Data for automated decision-making or profiling that produces legal effects concerning you.

8. Consent Mechanisms

Explicit Consent: By using our services, you consent to the collection and use of your information as described.
Withdrawal of Consent: You may withdraw your consent at any time by deleting your account or contacting us at [email protected].

9. Cookies and Tracking Technologies

We use cookies and similar technologies for:

Essential Functions: Necessary for the operation of our Service.
Analytics: To understand and improve our Service with your consent.

9.1. Types of Cookies Used

Session Cookies: Temporary cookies that remain in your browser until you close it.
Persistent Cookies: Remain on your device for a set period or until you delete them.

9.2. Managing Cookies

Cookie Consent Banner: Upon your first visit, you will see a banner requesting your consent for non-essential cookies.
Browser Settings: You can manage or disable cookies through your browser settings.

10. How We Share Your Information

We do not sell, trade, or otherwise transfer your Personal Data to outside parties except:

Service Providers: We share data with trusted third-party processors to operate our services. Each processor complies with relevant data protection laws.

10.1. List of Third-Party Processors

Stripe: Payment processing. Stripe Privacy Policy
Supabase: Backend services and data storage. Supabase Privacy Policy
Vercel: Hosting and deployment. Vercel Privacy Policy
PostHog: Analytics. PostHog Privacy Policy
Sentry: Error tracking. Sentry Privacy Policy

10.2. Legal Requirements

We may disclose your information if required to:

Comply with legal obligations.
Protect and defend our rights or property.
Prevent or investigate possible wrongdoing.
Protect the personal safety of users or the public.

11. International Data Transfers

Your information may be transferred to and processed in countries outside of your jurisdiction, including Canada. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), to protect your data in accordance with applicable laws.

12. Data Retention and Deletion

Retention Periods:
- Active Accounts: Retained as long as your account is active.
- Inactive Free Accounts: Deleted after 6 months of inactivity.
- Subscription Accounts: Retained indefinitely unless you request deletion.
Data Required by Law: Certain data may be retained to comply with legal obligations.
Permanent Deletion: Upon deletion, all Personal Data is permanently removed, except for anonymous analytics data.

13. Your Rights

13.1. Under PIPEDA (Canada)

Access and Correction: Request access to and correction of your Personal Data.
Withdrawal of Consent: Withdraw consent at any time.

13.2. Under GDPR (European Union)

Access, Correction, Erasure, Restriction, Portability, Objection.

13.3. Under CCPA (California, USA)

Access, Deletion, Opt-Out, Non-Discrimination.

13.4. Under CalOPPA (California, USA)

Do Not Track Signals: We honor DNT signals.

13.5. Exercising Your Rights

Contact Us: Email [email protected].
Response Time: We will respond within 30 days.

14. Security Measures

We implement robust security measures to protect your data:

Encryption: Data encrypted in transit (SSL/TLS) and at rest.
Access Controls: Role-Based Access Control (RBAC) and Role-Level Security (RLS) policies.
2FA: Two-Factor Authentication on admin accounts.
Firewalls and Secure Servers: To prevent unauthorized access.

However, no method is 100% secure. We cannot guarantee absolute security.

15. Data Breach Notification

In the event of a data breach:

Notification to Authorities: We will notify relevant supervisory authorities within 72 hours, if required.
Notification to Users: If there is a high risk to your rights and freedoms, we will inform you without undue delay via email or in-app notification.

16. Children’s Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect data from children under 13 years old. If we become aware of such data, we will delete it immediately.

17. Limitations of Liability

While we strive to protect your data, we are not liable for:

Downtime or Unavailability: Due to maintenance or technical issues.
Security Breaches: Resulting from your failure to secure your account.
Third-Party Services: Downtime or errors caused by third-party processors.
Data Loss: From upgrades or data import/export.
Legal Compliance Outside Canada: Users are responsible for ensuring compliance with local laws.

Consumer Rights: Some jurisdictions do not allow the exclusion of certain warranties or liabilities. These exclusions may not apply to you.

18. Rights to Content

Your Content: You retain ownership of any intellectual property you provide.
User Content: Users are responsible for the content they upload. We may remove or modify content for legal compliance.

19. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to review their privacy policies.

20. Marketing Communications

Opt-In: We will only send marketing emails with your explicit consent.
Opt-Out: You can unsubscribe at any time by clicking the "unsubscribe" link in emails or contacting us.

21. Governing Law and Dispute Resolution

This Privacy Policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein.

21.1. Dispute Resolution

Arbitration: Any disputes arising from this Privacy Policy will be resolved through binding arbitration in Toronto, Ontario.
Jurisdiction: Courts in Ontario have exclusive jurisdiction over any disputes not subject to arbitration.

22. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.

Notification of Changes: For significant changes, we will notify you via email or a prominent notice on our website.
Your Continued Use: Indicates acceptance of the updated Privacy Policy.

23. Accessibility

We are committed to making our Privacy Policy accessible to all users, including those with disabilities.

Accessible Formats: This policy is available in accessible formats upon request. Please contact us at [email protected].

24. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Back to Home