Home Privacy Policy

Privacy
Policy

Last updated: March 28, 2026

Overview

CanInvest ("we", "us", "our") operates the website caninvest.com. This privacy policy explains what personal information we collect, how we use it, and your rights under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

By using our website, you agree to the collection and use of information as described in this policy and our Terms of Service.

Information We Collect

Newsletter Subscriptions: When you subscribe to our newsletters, we collect your name and email address. You choose which newsletter topics to receive (e.g., weekly investing insights, rate alerts, tax strategies, market updates). We record your explicit consent at the time of signup.

Lead Inquiry Forms: When you submit an inquiry form (e.g., requesting advisor contact, mortgage information, or investment platform recommendations), we collect your name, email address, phone number (optional), province, and your responses to the form questions. This information is used to connect you with relevant financial service providers, with your consent.

IP Addresses: We record your IP address when you submit a form for bot protection and fraud prevention. IP addresses are automatically deleted after 90 days.

Usage Data: We use Google Analytics 4 (GA4) to collect anonymous usage data such as pages visited, time on site, device type, and referral source. This data is aggregated and cannot identify you personally.

Cookies and Local Storage: We use minimal cookies and browser local storage for:

  • Session management (admin panel only — HttpOnly, Secure, SameSite=Strict cookies)
  • Sidebar navigation preference (localStorage — no personal data)
  • Cloudflare Turnstile bot verification (temporary cookie)

We do not use tracking cookies for advertising or retargeting.

How We Use Your Information

We use collected information to:

  • Send newsletters you have subscribed to
  • Connect you with qualified financial service providers (lead inquiries only, with your consent)
  • Send transactional emails (signup confirmations, data request verifications)
  • Prevent bot abuse and protect the integrity of our forms
  • Understand how visitors use our site to improve content and experience

We do not sell, trade, or rent your personal information to third parties for their marketing purposes. Lead information is only shared with financial service providers when you explicitly consent to being contacted.

How We Protect Your Data

We take data security seriously and employ the following measures:

  • Encryption at rest: All personally identifiable information (names, emails, phone numbers) is encrypted using AES-256-GCM before being stored in our database. Even with direct database access, this data cannot be read without the encryption key.
  • Encryption in transit: All connections use HTTPS/TLS 1.2+. No data is transmitted in plaintext.
  • Email hashing: Email addresses are stored as SHA-256 hashes for lookup purposes, separate from the encrypted original.
  • Access controls: Admin access requires authenticated sessions with optional two-factor authentication (TOTP).
  • Bot protection: All forms are protected by Cloudflare Turnstile to prevent automated abuse.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention

We retain your personal information only as long as necessary:

  • Lead inquiries: Automatically purged after 365 days unless you have an active relationship with a service provider
  • Newsletter subscriptions: Retained until you unsubscribe
  • IP addresses: Automatically deleted after 90 days
  • Consent records: Retained for as long as required to demonstrate compliance with PIPEDA

Third-Party Services

We use the following third-party services to operate our website:

  • Brevo: Newsletter delivery and contact management. When you subscribe, your email and name are synced to Brevo's platform for email delivery. Brevo Privacy Policy
  • Resend: Transactional email delivery (signup confirmations, data request verifications). Resend Privacy Policy
  • Cloudflare: DNS, CDN, SSL certificates, and Turnstile bot protection. Cloudflare Privacy Policy
  • Google Analytics 4: Anonymous website usage analytics. Google Privacy Policy
  • Google Fonts: Typography delivery, which may collect anonymous usage data. Google Privacy Policy

We do not share your personal information with any third party beyond what is described above.

Affiliate Disclosure

Some links on CanInvest are affiliate links. When you click through and open an account or apply for a financial product, we may earn a commission at no additional cost to you. Affiliate relationships never influence our editorial content, recommendations, or rate comparisons. For more detail, see our About page.

Your Rights Under PIPEDA

Under Canada's Personal Information Protection and Electronic Documents Act, you have the right to:

  • Access your data: Request a copy of all personal information we hold about you
  • Delete your data: Request permanent deletion of all personal information we hold about you
  • Unsubscribe: Manage or cancel your newsletter subscriptions at any time via our subscription management page
  • Withdraw consent: Withdraw your consent for data collection or sharing at any time

To submit a data access or deletion request, visit our Data Request page. Requests are verified via email and processed within 30 days as required by PIPEDA.

You may also contact us directly at [email protected].

External Links

Our site contains links to external websites, including financial institutions, investment platforms, and other third-party services. We are not responsible for the privacy practices or content of these sites. We encourage you to read the privacy policy of any external site you visit.

Children's Privacy

Our website is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has submitted personal information to us, please contact us and we will delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Changes will be posted on this page with an updated "last updated" date. Continued use of the site after changes constitutes acceptance of the revised policy.

Contact

If you have questions about this privacy policy or how we handle your data, contact us at [email protected].