100% Client-Side Sandbox Guarantee
Unlike traditional planning platforms that save your portfolios, stock listings, assets, and tax schedules on remote cloud databases, MapleRetire processes all computations strictly within your local web browser's secure cache. No financial logs, statements, or input vectors are ever transmitted across the internet to our servers.
PIPEDA: 10 Fair Information Principles Audit
We adhere strictly to the Personal Information Protection and Electronic Documents Act (PIPEDA), which establishes ten principles of fair information practices:
1 Accountability
We have appointed a designated Data Protection Officer (DPO) responsible for oversight of privacy structures and compliance audits.
2 Identifying Purposes
Before collecting information, we state the precise purpose: Clerk handles authentication; Stripe processes secure licensing; optional GTag measures aggregate page flow.
3 Consent
We operate a strict opt-in framework. Third-party analytics are blocked by default until you click "Accept All" in our privacy banner.
4 Limiting Collection
We collect only the bare minimum personal data required to authenticate active subscriptions (email) and securely process purchases (billing).
5 Limiting Use, Disclosure, & Retention
We never rent, sell, or trade personal data to third parties. Customer subscription profiles are kept strictly as long as account access remains active.
6 Accuracy
Financial balances and statement ledger files are kept accurate because they live directly in your browser. You can clear or update them instantly.
7 Safeguards
All cloud transactions utilize HTTPS secure connections, and billing data is tokenized directly via Stripe's bank-grade payment processing vaults.
8 Openness
This comprehensive document represents our absolute transparency regarding the specific third-party tools, local memory loops, and security protocols in place.
9 Individual Access
You possess absolute access to your user account dashboard, email records, and custom local planning ledgers at any time.
10 Challenging Compliance
If you believe our architecture violates your privacy rights, contact our DPO immediately. We respond to all compliance inquiries within 30 days.
Quebec Law 25: Your Digital Rights
Under Quebec's modernized data privacy law (Law 25), consumers receive a robust set of rights concerning their personal profiles. We fully honor and implement these mechanisms:
Right to Portability
We allow you to instantly export your entire transaction ledger, assets database, and withdrawal sequences as a standardized JSON/CSV file from the Command Center settings.
Right to Erasure (To Be Forgotten)
You possess absolute control to destroy your entire portfolio footprint. Simply click the "Wipe Local Sandbox" button in the Data Ingestion tab to purge all local browser cookies and data.
Explicit Consent / Opt-In
Non-essential analytical scripts (GTag) are strictly deactivated by default when you load MapleRetire. They are only initialized once you provide explicit, active consent.
Secured Fiduciary Infrastructure
We leverage premium, SOC-2 compliant technology partners to maintain robust security:
Authenticates profiles using secure token exchanges, providing multi-factor authentication (MFA) and isolated session layers.
Processes payment details within audited, PCI-DSS Level 1 compliant environments. MapleRetire never touches your billing card credentials.
Shields endpoints behind commercial-grade DDoS protections, SSL certificates, and isolated backend serverless runtimes.
Contact the Privacy Officer
For compliance challenges, formal individual access queries, or data portability requests under PIPEDA/Law 25, please contact:
privacy@mapleretire.ca
Data Protection Officer · MapleRetire