← Back to Canuckt Shield

CANUCKT SHIELD — PRIVACY POLICY

Effective Date: March 2026

Last Updated: March 2026

Company: Canuckt Synergy Solutions Inc.

Address: 160 Spinnaker Dr, Halifax, Nova Scotia, Canada

Contact: [email protected]

1. Introduction

Canuckt Shield ("Shield", "we", "us", "our") is a data privacy and

anonymization platform operated by Canuckt Synergy Solutions Inc. This

Privacy Policy explains how we collect, use, and protect information

when you use our services at shield.canuckt.ai.

We are a privacy company. Our entire business depends on handling

your data responsibly. This policy reflects that commitment.

2. Information We Do NOT Collect

We never store the text you submit for anonymization. Your input

text is processed entirely in memory and discarded immediately after

processing. It is never written to disk, database, or log files.

We never store detected PII values. When we detect personal

information in your text (names, SINs, phone numbers, etc.), we

record only the entity type (e.g., "CA_SIN"), confidence score,

and character positions. The actual values are never stored.

We never store AI proxy session content. When you use the AI

Privacy Proxy, the token-to-value mapping is stored in encrypted

memory (Redis) with a 30-minute automatic expiry. After 30 minutes,

the mapping is permanently deleted. No human can access it.

3. Information We DO Collect

3.1 Job Metadata (All Users)

For each anonymization job, we record:

• Entity types detected (e.g., "2 CA_SIN, 1 PERSON, 3 CA_PHONE_NUMBER")
• Entity confidence scores
• Character position offsets (start/end positions, not the text itself)
• Processing time
• Input text length (character count, not the text)
• Timestamp

This metadata contains no personal information and cannot be used to

reconstruct your original text.

3.2 Browser Fingerprint (Free Users)

For rate limiting, we generate a hash of your browser characteristics

(canvas, screen size, timezone, language). This hash is stored in Redis

and auto-expires after 45 days. We never store the raw browser data.

3.3 Account Information (Pro/Agency Users)

When you subscribe, we collect:

• Email address
• Name (optional)
• Payment information (processed by Stripe — we never see or store

your credit card number)

3.4 Usage Data

• Number of anonymization jobs per month
• API call counts
• Feature usage (which entity types detected most frequently)

4. How We Use Information

We use collected information to:

• Provide and improve the anonymization service
• Enforce rate limits for free tier users
• Process payments and manage subscriptions
• Generate aggregate analytics (never individual-level)
• Improve detection accuracy through aggregate pattern analysis
• Send transactional emails (receipts, usage alerts)

We will never:

• Sell your information to third parties
• Use your information for advertising
• Share individual-level data with anyone
• Attempt to reconstruct submitted text from metadata

5. Data Storage and Security

5.1 Infrastructure

• Current hosting: Hetzner Cloud, Nuremberg, Germany (GDPR-compliant)
• Future hosting: AWS ca-central-1, Montreal, Canada (planned)
• All data encrypted in transit (TLS 1.2/1.3)
• Server swap disabled (RAM contents cannot leak to disk)
• All containers run as non-root users
• SSH key authentication only
• Firewall restricts access to ports 80, 443, and 22 only

5.2 PII Security Architecture

• Text processed in memory only, never written to disk
• Detected PII values never stored anywhere
• AI proxy mappings auto-expire from Redis after 30 minutes
• API keys stored as salted SHA-256 hashes
• Docker network isolation between containers

6. Data Retention

| Data Type | Retention Period |

|-----------|-----------------|

| Submitted text | ZERO — never stored |

| Detected PII values | ZERO — never stored |

| AI proxy mappings | 30 minutes (auto-deleted) |

| Browser fingerprint hash | 45 days (auto-deleted) |

| Job metadata | Retained for service improvement |

| Account information | Until account deletion |

| Payment records | As required by Canadian tax law |

7. Your Rights

You have the right to:

• Access: Request a copy of any personal information we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your account and associated data
• Portability: Request your data in a machine-readable format
• Withdraw Consent: Unsubscribe or close your account at any time

To exercise any of these rights, contact us at [email protected].

We will respond within 30 days.

8. Third-Party Services

| Service | Purpose | Data Shared |

|---------|---------|-------------|

| Stripe | Payment processing | Email, payment info (on Stripe servers) |

| SendGrid | Transactional email | Email address |

| Cloudflare | DNS and CDN | IP address (standard web traffic) |

| Let's Encrypt | SSL certificates | Domain name (public) |

We do not use any analytics, advertising, or tracking services.

9. PIPEDA Compliance

This privacy policy is designed to comply with the Personal Information

Protection and Electronic Documents Act (PIPEDA) and its 10 Fair

Information Principles. As a Canadian privacy company, we hold ourselves

to the same standard we help our customers achieve.

10. Changes to This Policy

We will update this policy as our services evolve. Material changes

will be communicated via email to registered users and posted on our

website. Continued use of Shield after changes constitutes acceptance.

11. Contact

For privacy inquiries, data requests, or complaints:

Canuckt Synergy Solutions Inc.

160 Spinnaker Dr, Halifax, Nova Scotia, Canada

Email: [email protected]

If you are not satisfied with our response, you may file a complaint

with the Office of the Privacy Commissioner of Canada at priv.gc.ca.