Privacy policy

1. Who we are

Dalmay Fintech Inc. is based in Toronto, Ontario, Canada, and is responsible for personal information under our control (“accountability” under PIPEDA). For privacy inquiries or requests, contact us through our Contact page (see also “Contact us” below).

2. PIPEDA and Canadian fair information practices

Where PIPEDA (or substantially similar provincial private-sector law) applies, we aim to follow the fair information principles, including: accountability; identifying purposes; consent (express or implied where appropriate); limiting collection; limiting use, disclosure, and retention; accuracy; safeguards; openness; individual access; and the ability to challenge compliance—including by filing a complaint with the Office of the Privacy Commissioner of Canada (OPC) where you believe we have not met our obligations.

Electronic marketing (CASL): If we send commercial electronic messages (e.g., promotional email or SMS) to Canadian recipients, we do so in line with Canada’s Anti-Spam Legislation (CASL), including consent, sender identification, and an unsubscribe mechanism where required. Transactional or service messages (e.g., responding to your inquiry) are treated separately under CASL.

3. Information we collect

We may collect the following categories of information, depending on how you use the Services:

• Information you provide, such as name, email address, company, and message content when you submit waitlist, contact, investor, or similar forms; account credentials and profile details if you use an administrative area of the Services; and content you submit in comments or other interactive features where available.
• Technical and usage data, such as browser type, device type, operating system, language, approximate location derived from IP address, referrer, pages viewed, and interaction data. This may be collected through server logs and, where you have provided consent through our cookie banner, through self-hosted analytics stored on our systems (not sold to third-party ad networks for profiling).
• Identifiers and preferences, such as a visitor or session identifier stored in local storage or cookies to remember your cookie choices and operate secure sessions.
• Communications metadata, such as when you email us or when we send operational messages related to your requests.

4. How we use information

We use personal information for purposes we identify to you, including:

• Providing, operating, maintaining, and improving the Services;
• Responding to inquiries, managing relationships, and sending administrative or service-related notices;
• Operating our blog, comments, and content features where enabled;
• Measuring and understanding usage using consent-gated analytics where our banner is presented;
• Detecting, preventing, and addressing fraud, abuse, security issues, and technical problems;
• Complying with applicable laws, regulations, and lawful requests; and
• Exercising or defending legal claims where permitted.

5. Consent and legal grounds

Canada: We collect, use, and disclose personal information with appropriate consent (express or implied, depending on sensitivity and context), or as otherwise permitted by PIPEDA or applicable provincial law—for example, where collection is clearly in your interests and consent is not available in a timely way, or as required by law.

Other regions: If laws such as the GDPR or UK GDPR apply to you, we may rely on consent, contract, legitimate interests, or legal obligation as described in those frameworks.

6. Cookies and similar technologies

We use cookies and similar technologies for necessary functions (e.g., security, load balancing, remembering your cookie preferences) and, only with your consent where required, for analytics. You can change your preferences through our cookie controls (e.g., our cookie banner).

7. How we share information

We do not sell your personal information. We may share information with:

• Service providers in Canada or elsewhere who assist us with hosting, email delivery, security, or other infrastructure, subject to contractual safeguards appropriate to the sensitivity of the information;
• Professional advisers where necessary (e.g., lawyers, auditors); and
• Authorities when required by law or to protect the rights, safety, and security of Dalmay, our users, or others.

If we use payment processors or other third parties in the future, we will describe their roles in this policy or in supplementary notices as required.

8. Cross-border processing

We store and process information in Canada where practicable. If personal information is processed in another country, it may be subject to the laws of that jurisdiction (for example, lawful access requests). We use contractual or other appropriate safeguards where required by applicable Canadian law.

9. Retention

We retain personal information only as long as necessary for the purposes described in this policy, unless a longer period is required or permitted by law (for example, for tax, accounting, or dispute resolution). Retention periods vary depending on the nature of the data and our legal obligations.

10. Security

We implement safeguards appropriate to the sensitivity of the information, including administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, or alteration. No method of transmission over the Internet is completely secure; we encourage you to use strong passwords and protect your devices.

11. Your rights and choices

Canada: Subject to applicable exceptions, you may have the right to request access to your personal information, to update or correct it, and to withdraw consent where processing is based on consent (subject to legal or contractual restrictions). You may also challenge our compliance with the above principles by contacting us first; if the matter is not resolved, you may file a complaint with the OPC (priv.gc.ca).

Quebec: If Quebec’s private-sector privacy regime applies to you, you may have additional rights (including transparency and certain portability or de-indexing rights in prescribed circumstances).

United States (California): We do not “sell” or “share” personal information as those terms are commonly defined under California law. You may have rights to know, delete, and correct personal information and to limit use of sensitive personal information, subject to exceptions.

EEA / UK: Where the GDPR or UK GDPR applies, you may have additional rights (including objection, restriction, and complaint to a supervisory authority).

To exercise rights, contact us using the details below. We may need to verify your request before responding.

12. Children

The Services are not directed to individuals under the age of majority in their province or territory of residence (or under 13 where children’s privacy rules apply). We do not knowingly collect personal information from children without appropriate authority or consent as required by law. If you believe we have collected information from a child inappropriately, please contact us.

13. Third-party sites

Our Services may contain links to third-party websites or services. We are not responsible for their privacy practices. Please review their policies before providing information.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the effective date above. Material changes may be communicated through additional notice where appropriate.

15. Contact us

For privacy-related questions or requests, contact Dalmay Fintech Inc. through our Contact page. For concerns about our compliance with PIPEDA, you may also contact the OPC (priv.gc.ca).