Privacy Policy
Last updated: June 13, 2026
mybizhub ("mybizhub," "we," "us," or "our") provides a compliance-calendar and filing-reminder application and website for Canadian businesses. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have. We are committed to handling your information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.
This policy applies to mybizhub.mobi, the mybizhub mobile applications for iOS and Android, and our backend services (collectively, the "Service").
1. Information we collect
(a) Information you provide directly
- Account information. When you create an account, we (through our authentication provider) collect your email address and authentication identifiers. We do not store your password; authentication is handled by our provider (see §3).
- Corporate / entity data you enter. Information about the businesses you track, including legal and trade names, jurisdiction of incorporation, incorporation and anniversary dates, fiscal year-end, business numbers and tax account numbers, directors, officers, registered-office and service addresses, and related compliance details.
- Documents you upload. Files you choose to store in the document vault, such as certificates of incorporation, annual-return confirmations, and NUANS reports.
- Communications. Information you provide when you contact us, join our waitlist, or respond to surveys (e.g., your email address and whether you operate in more than one province).
(b) Information collected automatically
- Push notification tokens. If you enable notifications, we collect a device push token (via the Expo push service) so we can deliver deadline reminders.
- Usage and device data. Limited technical data such as app version, device type, and basic event logs needed to operate and secure the Service. We aim to minimize this.
We do not intentionally collect special categories of sensitive personal information beyond the corporate compliance data you choose to enter.
2. How we use your information
We use your information to:
- Calculate filing deadlines from the corporate details you enter;
- Send you reminders (push notifications and email) at 90, 60, 30, and 7 days before each deadline;
- Store and display your documents in your vault;
- Provide, maintain, and secure the Service, including authentication, troubleshooting, and fraud prevention;
- Communicate with you about the Service, early access, and your account;
- Improve the Service, using aggregated or de-identified data where practical.
We rely on your consent and on the necessity of processing to perform our agreement with you (the Terms of Service) as our bases for processing under PIPEDA.
We do not sell your personal information, and we do not use your corporate data or uploaded documents for advertising.
3. Third-party service providers (processors)
We use a small number of reputable service providers to operate the Service. Each processes personal information only on our instructions and is bound to protect it:
| Provider | Purpose | Data involved |
|---|---|---|
| Clerk | Account authentication and user management | Email, authentication identifiers |
PostgreSQL database hosting (our managed database, Canada — the application database is self-hosted in Canada; uploaded documents are stored in Cloudflare R2; authentication is handled by Clerk; transactional email by Resend) |
Stores your account and corporate/entity data | Account email, entity data |
| Cloudflare R2 | Stores documents you upload to your vault | Uploaded files |
| Resend | Sends transactional and reminder emails | Email address, reminder content |
| Expo (push notification service) | Delivers push notifications to your device | Push token, notification content |
| Cloudflare (Pages, network) | Hosts our website and the waitlist signup | Email and waitlist responses; standard request metadata |
We will keep this list current. Where a provider processes or stores data outside Canada, see §6 (Data residency).
4. Data retention
We retain your personal information for as long as your account is active and as needed to provide the Service. If you delete your account, we will delete or de-identify your personal information and uploaded documents within 30 days, except where we are required to retain certain records to comply with legal obligations, resolve disputes, or enforce our agreements. Backups are purged on our normal backup-rotation schedule.
Waitlist email addresses are retained until you unsubscribe or until the waitlist program ends.
5. Your rights and choices
Subject to applicable law, you may:
- Access the personal information we hold about you;
- Correct inaccurate information (most corporate data is editable directly in the app);
- Delete your account and associated data;
- Withdraw consent to notifications or marketing emails at any time (disable notifications in the app; unsubscribe via any email);
- Request a copy of your data in a portable format.
To exercise these rights, contact us at [email protected]. We will respond within the timeframe required by PIPEDA. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.
6. Data residency and cross-border transfers
We aim to store personal information in Canada or with providers that offer Canadian or equivalent-protection regions. Some of our service providers (§3) may process or store data in the United States or other countries. When information is transferred outside Canada, it may be subject to the laws of those jurisdictions, including lawful access by their authorities. We take reasonable steps to ensure comparable protection. [Confirm each provider's region and update this section after counsel review.]
7. Security
We use technical and organizational safeguards appropriate to the sensitivity of the information, including encryption in transit (HTTPS/TLS), access controls, authentication through a dedicated provider, and storage with reputable infrastructure providers. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Children
The Service is a business tool intended for use by businesses and adults acting on their behalf. It is not directed at children, and we do not knowingly collect personal information from children.
9. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version here with a new "Last updated" date and, where appropriate, notify you in the app or by email.
10. Contact
Questions or requests about this policy or your personal information:
mybizhub — Greg Roy, operating as mybizhub
Available on request — email [email protected]
[email protected]