Privacy Policy

Last Updated: March 30, 2026

🔒 Privacy-First Platform: Secure-Slot is designed with data minimization as a core principle. We collect only what's necessary, purge automatically, and never sell your data.

1. Who We Are

VaultDeposit Technologies Inc. ("we", "us", "our") operates the Secure-Slot booking verification platform at secure-slot.ca.

Data Controller:
VaultDeposit Technologies Inc.
Montreal, Quebec, Canada
privacy@vaultdeposit.ca

2. Information We Collect

For Providers (Account Holders)

Data Purpose Retention
Name (or alias) Account identification Until account deletion
Phone number SMS notifications, login Until account deletion
Email address Account recovery, updates (Secure Mode only) Until account deletion
Interac e-Transfer® email Deposit routing Until account deletion
Dashboard Password (hashed) Authentication Until account deletion

For Clients (Non-Account Holders)

Data Purpose Retention
Client alias (nickname) Booking identification 3 days after service
Phone number PIN delivery via SMS 3 days after service

✓ Clients do NOT need accounts. ✓ Client data is automatically deleted. ✓ No client banking info is stored.

Transaction Data

  • Deposit amounts — Retained in ledger for accounting/audit
  • Timestamps — When deposits were sent/released
  • Interac e-Transfer reference numbers — For verification, no personal details

Dispute Data (Pro Feature)

  • Phone number hash (SHA-256) — Irreversible, for pattern matching
  • Dispute reason — Categorized (no-show, payment issue, other)
  • Timestamp — For 1-year rolling window

Important: We NEVER store raw client phone numbers in dispute records. Only cryptographic hashes are stored.

3. How We Use Your Information

  • Process and verify Interac e-Transfer deposits
  • Send SMS notifications (deposit confirmations, release PINs)
  • Authenticate Provider dashboard access
  • Provide aggregated dispute history (Pro tier)
  • Communicate service updates and security alerts
  • Comply with legal obligations
  • Fraud Prevention & Trust Scoring: We use transaction metadata (sender name and contact information from Interac e-Transfer notifications) to prevent repeated no-shows and protect service providers. This information is cryptographically hashed (SHA-256) and used only for trust and safety purposes. A history of no-shows may result in higher verification fees on future bookings across any provider on our platform. Raw sender data is never stored or shown to providers — only anonymized indicators.

We do NOT:

  • Sell your data to third parties — ever
  • Use your data for advertising or profiling
  • Share identifiable information between Providers and Clients

4. Data Sharing

We share data only with:

Third Party Purpose Data Shared
Twilio Inc. SMS delivery Phone numbers, message content
Supabase Inc. Database hosting All stored data (encrypted)
Railway Corp. Application hosting Server logs (IP, requests)

All third parties are bound by data processing agreements and maintain security certifications (SOC 2, etc.).

5. Automatic Data Purge

3-Day Cleanup Policy

After a deposit is released (PIN verified), the following Client data is automatically deleted within 3 days:
  • Client alias → Removed
  • Client phone number → Removed
  • Service description → Cleared
  • Memo code → Cleared
  • Release PIN → Cleared
What remains: Ledger records (amounts, timestamps) for Provider accounting only.

Tax Law Compliance: Financial transaction records (deposit amounts, transaction timestamps, booking IDs) are retained for 7 years to comply with Canada Revenue Agency requirements under Section 230 of the Income Tax Act. These records contain no personally identifying information after the 3-day purge.

6. Your Rights (PIPEDA & Quebec Law 25)

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Law 25 (An Act to modernize legislative provisions as regards the protection of personal information), you have the right to:

  • Access — Request a copy of your personal data
  • Correction — Update inaccurate information
  • Deletion — Request account and data deletion
  • Withdraw Consent — Opt out of non-essential communications
  • Portability — Receive your data in a structured, machine-readable format (Law 25)
  • De-indexing — Request removal from public-facing systems (if applicable)
Quebec Law 25 Compliance: VaultDeposit Technologies Inc. maintains a formal Incident Response Plan for data breaches. In the event of a privacy incident affecting Quebec residents, we will notify affected individuals and the Commission d'accès à l'information du Québec (CAI) within the legally required timeframe.

To exercise these rights, contact our designated Privacy Officer at: privacy@vaultdeposit.ca

We will respond within 30 days (or as required by Law 25 for Quebec residents).

7. Security Measures

  • All connections encrypted with TLS 1.3 (HTTPS)
  • Dashboard Passwords hashed with PBKDF2 (100,000 iterations)
  • Database encrypted at rest (AES-256)
  • Role-based access controls (service_role keys)
  • SMS PINs are single-use and time-limited
  • Dispute phone numbers stored as SHA-256 hashes only

8. Cookies & Tracking

We use minimal cookies:

Cookie Purpose Duration
lang Language preference (EN/FR) 1 year

We do NOT use:

  • Google Analytics or any third-party tracking
  • Advertising cookies
  • Social media pixels

9. International Data Transfers & Data Sovereignty

Your data may be processed in:

  • Canada — Primary jurisdiction (preferred)
  • United States — Cloud infrastructure (Supabase, Railway)

Data transferred to the US is protected under contractual safeguards and privacy frameworks. Where possible, we configure our infrastructure to use Canada Central region (Montreal/Toronto) to minimize cross-border data transfers and simplify Quebec Law 25 compliance.

Encryption in transit: All data is encrypted using TLS 1.3 during transmission between your device and our servers.

10. Children's Privacy

Secure-Slot is not intended for users under 18 years of age. We do not knowingly collect data from minors. If we discover such data, it will be deleted immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email to registered Providers. The "Last Updated" date at the top reflects the most recent revision.

12. Contact Us

For privacy questions or data requests:

VaultDeposit Technologies Inc.
Designated Privacy Officer
Montreal, Quebec, Canada
Email: privacy@vaultdeposit.ca

For Quebec Residents (Law 25): You have specific rights under Quebec's Law 25. Our Privacy Officer is your primary point of contact for exercising these rights, including data portability and breach notifications.

For complaints, you may also contact:

← Back to Home