Back to Handipay

Privacy Policy

Last updated: February 1, 2026

1. Introduction

Handipay ("we", "us", or "our") operates a payment and invoicing platform for Canadian tradespeople. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

By using our services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, and password when you create an account
  • Business Information: Business name, address, tax registration numbers, and industry category for merchant accounts
  • Identity Verification: Date of birth, government ID information, and address for payment processing compliance (KYC)
  • Payment Information: Bank account details for receiving payouts (processed securely by Stripe)
  • Invoice Data: Customer names, descriptions of services, and amounts for invoices you create

2.2 Information Collected Automatically

  • Device Information: Browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, and actions taken within the application
  • Log Data: IP addresses, access times, and referring URLs

2.3 Information from Third Parties

  • Payment Processors: Transaction status and payment confirmation from Stripe
  • Authentication Providers: Basic profile information if you sign in with Google or Apple

3. How We Use Your Information

We use your personal information to:

  • Provide, maintain, and improve our payment and invoicing services
  • Process payments and facilitate transactions between merchants and customers
  • Verify your identity and comply with legal requirements (anti-money laundering, KYC)
  • Calculate and remit applicable taxes (GST/HST, PST)
  • Send transactional communications (invoices, receipts, payment confirmations)
  • Provide customer support and respond to inquiries
  • Detect and prevent fraud, unauthorized access, and other illegal activities
  • Analyze usage patterns to improve our services
  • Comply with legal obligations and enforce our terms of service

4. How We Share Your Information

We may share your personal information with:

4.1 Service Providers

  • Stripe: Payment processing, merchant onboarding, and payouts
  • Supabase: Database hosting and authentication services
  • Cloud Infrastructure: Hosting and data storage providers

4.2 Business Partners

  • Invoice recipients receive your business name, contact information, and invoice details
  • Merchants receive customer names and payment confirmations for their invoices

4.3 Legal Requirements

We may disclose information when required by law, including:

  • Court orders or subpoenas
  • Tax authorities (CRA) for tax compliance
  • Law enforcement for fraud investigation
  • Regulatory bodies for financial services compliance

5. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS) and at rest
  • Payment Security: Credit card data is handled directly by Stripe and never touches our servers (PCI DSS compliant)
  • Access Controls: Role-based access limits who can view sensitive data
  • Monitoring: We monitor for unauthorized access and security incidents

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations (tax records must be kept for 7 years in Canada)
  • Resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

7. Your Rights Under PIPEDA

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Withdrawal of Consent: Withdraw consent for certain uses of your information (this may limit our ability to provide services)
  • Complaint: File a complaint with the Office of the Privacy Commissioner of Canada

To exercise these rights, contact us at privacy@handipay.ca.

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Authentication and session management (required for the service to function)
  • Preference Cookies: Remembering your settings and preferences

We do not use third-party advertising cookies or sell your data to advertisers. You can configure your browser to reject cookies, but this may affect your ability to use our services.

9. International Data Transfers

Your data may be processed in countries outside Canada, including the United States, where our service providers operate. We ensure appropriate safeguards are in place through contractual obligations with our service providers.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact our Privacy Officer:

Handipay
Email: privacy@handipay.ca

You may also contact the Office of the Privacy Commissioner of Canada:
www.priv.gc.ca