Privacy Policy

Equigrant Inc. ("Equigrant", "we", "us", or "our") operates the Equigrant platform, a web-based service that helps Canadian small business owners set up and manage phantom equity and profit-sharing plans for their employees. Our principal place of business is in Canada.

This Privacy Policy explains how we collect, use, and protect personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

We collect the following categories of personal information:

• Account information — your name, email address, and password when you register.
• Organization information — your business name, industry, and province when you complete onboarding.
• Employee data you enter — names and email addresses of employees you add to equity plans. You are responsible for having a lawful basis to provide this information to us.
• Billing information — payment card details and billing address, processed and stored by Stripe, Inc. on our behalf. We do not store full card numbers.
• Usage data — pages visited, features used, and general interaction logs, collected to improve the service.
• Communications — messages you send us via the contact form or email.

We use personal information to:

• Create and maintain your account and provide the Equigrant service.
• Send transactional emails (e.g., email verification, grant notifications).
• Process payments and manage your subscription.
• Respond to support requests and contact form submissions.
• Improve and develop the platform based on usage patterns.
• Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

We share personal information only with the third-party service providers necessary to operate Equigrant:

• Amazon Web Services (AWS) — cloud infrastructure, data storage (DynamoDB), authentication (Cognito), and email delivery (SES). Data is stored in the us-east-1 region.
• Stripe, Inc. — payment processing. Subject to Stripe's own privacy policy.

We may also disclose information if required by law, court order, or to protect the rights and safety of Equigrant, our users, or the public.

We use a single, HTTP-only session cookie to keep you logged in. This cookie contains no personal information — only a signed session token. We do not use advertising cookies or third-party tracking pixels.

We retain your personal information for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where we are required to retain records for legal or financial compliance purposes (typically up to 7 years for billing records).

Under PIPEDA, you have the right to:

• Know what personal information we hold about you.
• Request correction of inaccurate information.
• Withdraw consent and request deletion of your account and data.
• File a complaint with the Office of the Privacy Commissioner of Canada if you believe your rights have been violated.

To exercise any of these rights, use our contact form. We will respond within 30 days.

We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), HTTP-only authentication cookies, and access controls. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you by email. Continued use of the service after changes take effect constitutes acceptance of the revised policy.

Questions or concerns about this Privacy Policy? Use our contact form.