Privacy Policy

When you fill out a contact form, apply for an account, or sit down with one of our advisors, we collect the personal information necessary to serve you. Nothing more.

What we collect:

• Your name, email address, phone number, and mailing address
• Date of birth (required for account verification and regulatory compliance)
• Financial details you share during consultations — income, employment status, existing banking relationships, debt obligations
• Identity documents: government-issued photo ID and proof of address, collected under Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements per FINTRAC regulations

We collect this information because the law says we must (FINTRAC regulations are non-negotiable) and because we need it to actually help you. We don't ask for information we don't plan to use.

When you visit our website, our analytics tools record some non-personal information to help us improve the experience:

• Page views and time spent on each page
• Navigation patterns (which pages you visit in sequence)
• Device type (phone, tablet, desktop) and browser type
• General geographic location at the city level (e.g., "Edmonton, AB" — not your street address)

What we never include in analytics: banking transaction data, account balances, personal financial details, names, or email addresses. Period.

We use this information to make the website better. If everyone abandons a page halfway through, we know that page needs rewriting. That's the extent of it.

We take security seriously — and not in the vague, corporate-brochure way. Here's exactly what we do:

• 256-bit AES encryption for all stored personal data. This is the same standard used by military and intelligence agencies.
• TLS 1.3 for all data in transit. Every connection between your browser and our servers is encrypted.
• Multi-factor authentication available (and strongly recommended) for all online banking accounts.
• Annual third-party security audits conducted by independent firms. We don't grade our own homework.
• Incident response protocol with public disclosure commitment. If something goes wrong, we tell you. We publish full incident reports — root cause, timeline, and corrective action. (Ask us about our 2019 interest calculation error. The report is still on our website.)

Our Director of Client Experience, Olivia Fong, runs the public Transparency Dashboard showing real-time system uptime and complaint resolution metrics. We believe security includes accountability.

Let's be direct: we do not sell your personal information. Not to data brokers, not to advertisers, not to anyone. That's non-negotiable.

We share data only with the following parties, and only when legally required or operationally necessary:

• Canada Deposit Insurance Corporation (CDIC): Your deposits are insured, which means CDIC needs to know they exist.
• Credit bureaus (Equifax and TransUnion): If you have credit products with us — credit cards, mortgages, lines of credit — we report your account activity to both major bureaus. This is how your credit score gets built and maintained.
• FINTRAC: Canada's financial intelligence unit. We're legally required to report certain transaction types and maintain identity records for regulatory compliance.
• Payment processors (Interac, Visa network): When you use your debit or credit card, the payment network needs enough information to process the transaction securely.

Every entity on that list has a specific, narrow reason for receiving your data. We don't share more than necessary with any of them.