Privacy Policy
Effective date: 2026-05-21 Version: 1
VibeProSoft ("we", "us") operates Pay-Sidekick (the "Service"). This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the Service. We comply with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, with Quebec's Act respecting the protection of personal information in the private sector ("Law 25").
1. Anonymous use vs. signed-in use
You can use the Pay-Sidekick planner without an account. In anonymous mode:
- No personally identifying information is collected.
- Your planner inputs are stored only in your browser's localStorage.
- No data leaves your device except for what is strictly necessary to load the application (HTML, CSS, JavaScript, fonts).
If you create an account, we collect the additional information described below.
2. Information we collect (signed-in users)
| Category | Purpose | Source |
|---|---|---|
| Email address | Account identification, security notifications | Provided by you via Clerk |
| Display name (optional) | Personalization of greeting | Provided by you via Clerk or OAuth provider |
| OAuth profile (if you sign in via Google) | Account identification | Provided by your OAuth provider |
| Planner inputs (salary, province, bills, debts, taxable perks, etc.) | Delivering the planning Service | Provided by you in the app |
| Authentication session metadata (Clerk session ID, timestamps) | Security, fraud prevention | Generated by Clerk |
| IP address and user-agent string of admin actions and acceptance events | Security, audit trail (PIPEDA s.4.7) | Captured at request time |
We do not collect:
- Social Insurance Number (SIN)
- Bank account numbers, credit card numbers, or routing information
- Tax-return source documents (T4, T4A, NOA, etc.)
- Geolocation beyond approximate IP-derived location
3. How we use your information
Your information is used only to:
- Provide, maintain, and improve the Service;
- Authenticate you and secure your account;
- Communicate with you about material changes to the Service;
- Comply with legal obligations.
We do not:
- Sell your personal information to anyone, ever;
- Use your planner inputs to train machine-learning models;
- Share your data with advertising networks;
- Profile you across third-party sites.
4. Where your data lives
- Account & authentication data: Clerk (clerk.com), with infrastructure in the United States.
- Planner state, audit log, and admin data: Cloudflare D1 + Workers KV, replicated across Cloudflare's global edge network.
- Static assets (JavaScript, CSS): Cloudflare Pages / Workers Assets, served from the edge.
Cloudflare and Clerk both maintain SOC 2 Type II certifications and contractually commit to GDPR / PIPEDA-aligned data handling.
5. Retention
- Planner state: retained while your account is active; deleted within 30 days of account deletion.
- Audit logs: retained for 24 months from the date of the event, then purged.
- Account profile: retained while your account is active; deleted within 30 days of account deletion (except where retention is required by law).
- Acceptance records of legal documents: retained for as long as your account is active and for 7 years after account deletion (limitation period for contractual disputes in Ontario).
6. Your rights
You have the right to:
- Access the personal information we hold about you;
- Correct inaccuracies in your information;
- Delete your account and the data associated with it;
- Export your planner state in a portable format (JSON);
- Withdraw consent to data processing at any time (note: withdrawal of consent may make the Service unusable);
- Lodge a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or, for Quebec residents, with the Commission d'accès à l'information du Québec (cai.gouv.qc.ca).
To exercise any of these rights, write to privacy@pay-sidekick.vibeprosoft.com. We respond within 30 days.
7. Cookies and similar technologies
See our Cookie Policy for the full list of cookies the Service uses and how to control them.
8. Children
The Service is not directed at children under the age of majority in their province or territory. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us at privacy@pay-sidekick.vibeprosoft.com and we will delete the account.
9. Security
We protect your information with:
- TLS 1.3 in transit;
- Encrypted-at-rest storage for all D1 and KV data (managed by Cloudflare);
- Audit logging of every administrative action;
- Role-based access control with a documented super-admin allow-list;
- Quarterly review of access controls.
No system is perfectly secure; if a breach occurs that creates a real risk of significant harm, we will notify affected users and the Office of the Privacy Commissioner within the timelines required by PIPEDA s.10.1 and, for Quebec residents, by Law 25.
10. Changes to this policy
When this policy changes, signed-in users will be required to review and accept the new version on next sign-in. The version history is visible at /privacy and in the admin legal CMS.
11. Contact
Privacy questions: privacy@pay-sidekick.vibeprosoft.com General support: support@pay-sidekick.vibeprosoft.com
Our designated Privacy Officer / Person responsible for the protection of personal information (as required by PIPEDA Principle 1 and Quebec Law 25 art. 3.1) is:
Rob Lauzon roblauzon+privacy@gmail.com