Privacy Policy
Last updated: June 2026
In Plain Language
- Synfi collects only data required to operate the platform.
- No data selling.
- No AI model training on client data.
- Access only with authorization.
Full Legal Policy
1. Information We Collect
Synfi collects information necessary to provide the platform: account registration data (name, email, firm name), financial documents and data uploaded by users, usage and access logs for security and auditing, and communications with our support team. We do not collect data beyond what is operationally required. Synfi AI Inc., incorporated under the laws of Quebec, Canada, is the data controller responsible for your personal information under this policy.
2. How We Use Information
Information is used solely to operate and improve the platform, authenticate users, provide customer support, ensure security and prevent fraud, and comply with legal obligations. We do not use client financial data to train AI models.
3. Data Storage and Security
All data is encrypted in transit using TLS and at rest using AES-256. Client data is stored in isolated environments with strict access controls. We maintain audit logs of all system access. Infrastructure is hosted in certified data centers compliant with industry security standards.
4. Data Location and Cross-Border Processing
Client financial data is stored and processed in Canada (Google Cloud Platform, Montreal region). Certain AI processing services used by Synfi may involve the transmission of data to servers located in the United States. Where data is processed outside Canada, we ensure that appropriate safeguards are in place, including contractual obligations requiring the service provider to protect your data to a standard substantially equivalent to Canadian privacy law.
5. Data Sharing
We do not sell, rent, or share client data with third parties for marketing or advertising purposes. We may share data with sub-processors necessary to operate the platform (e.g., cloud infrastructure providers), subject to equivalent data protection obligations. We may disclose data if required by law.
6. Data Retention
We retain client data for as long as the account is active or as needed to provide services. Upon account termination, data is deleted or anonymized within 90 days, unless retention is required by law. Audit logs are retained for a minimum of 7 years.
7. Incident Response and Breach Notification
In the event of a security incident involving unauthorized access to, or loss of, personal information that presents a real risk of significant harm, Synfi will notify affected users and the Commission d'accès à l'information du Québec (CAI) without unreasonable delay and in accordance with applicable law, including Quebec's Act respecting the protection of personal information in the private sector (Law 25).
8. Your Rights
You have the right to access, correct, or delete your personal data. You may request a copy of data we hold about you. To exercise these rights, contact us at contact@synfi.im. We will respond within 30 days.
9. Cookies
Synfi uses only essential cookies required for platform operation and authentication. We do not use tracking or advertising cookies.
10. Changes to This Policy
We may update this policy periodically to reflect changes in our practices or applicable law, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Act respecting the protection of personal information in the private sector (Law 25). Material changes will be communicated via email or in-platform notice. Continued use of the platform following notice constitutes acceptance of the updated policy.
11. Contact
For privacy-related inquiries, contact us at contact@synfi.im.