ExpatReady, Automate · Integrate · Immigrate
PIPEDA · Privacy compliance

How we align with Canadian privacy law.

The 10 PIPEDA principles applied to ExpatReady. Plain language for buyers who want to verify before subscribing.

Effective: May 19, 2026 · ExpatReady Technologies Inc., Toronto, Canada
Notice:This document is a template prepared for ExpatReady's commercial launch preparation. It will be reviewed and finalized by a Canadian admitted lawyer before becoming legally binding. Until then, treat this as a working draft. For questions, contact legal@expatready.com.
01

Accountability

ExpatReady appoints a Privacy Officer responsible for compliance with PIPEDA. Contact privacy@expatready.com. We are accountable for all Personal Data in our custody - including data processed by subprocessors.

02

Identifying purposes

We identify the purpose of collecting Personal Data at or before collection. Purposes are listed in the Privacy Policy and at the relevant collection point (sign-up forms, intake fields, demo requests).

03

Consent

Personal Data is collected with knowledge and consent of the individual. For firm-side accounts: express consent at sign-up. For end-client data: your firm obtains consent under its retainer agreement with the client.

04

Limiting collection

We collect only Personal Data necessary to operate the Service. We do not collect biometric data, location tracking, or behavioral profiles beyond what's needed for the platform.

05

Limiting use, disclosure, retention

Personal Data is used only for stated purposes. We do not sell, rent, or trade Personal Data. Retention follows the schedule in the Privacy Policy, aligned with CICC record-keeping requirements (typically 6 years from case closure for RCICs and Immigration Lawyers).

06

Accuracy

Personal Data is kept accurate, complete, and current. Customers and end-clients can correct their data through the in-app interface or by contacting privacy@expatready.com.

07

Safeguards

Technical safeguards: AES-256 encryption at rest, TLS 1.3 in transit, bcrypt password hashing, role-based access, append-only audit log. Administrative safeguards: vendor security review, principle of least privilege, mandatory security training. Full detail at /security.

08

Openness

Our Privacy Policy, DPA, Subprocessors list, and security practices are publicly available. We respond to inquiries about our privacy practices within 10 business days.

09

Individual access

On request, we provide individuals with access to their Personal Data and information about its use and disclosure. Requests via privacy@expatready.com; responded to within 30 days.

10

Challenging compliance

Individuals can challenge our compliance via privacy@expatready.com. Unresolved concerns can be escalated to the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca/).

Related legal documents
Privacy PolicyData Processing Addendum (DPA)SubprocessorsSecurity
One platform · replaces 9 tools

The operating system Canadian immigration practice deserves.

From $199 CAD/seat (annual). Unlimited cases. Unlimited client-portal users. No per-form or per-case fees. White-glove migration included with Practice tier and above.

Book a demoSee pricing