Service Privacy Policy

Who we are

Privi Core Inc. (operating as Filemark) is the data controller for the personal information described in this policy. Privacy questions, requests under PIPEDA or Quebec Law 25, and breach notifications should be sent to privacy@filemark.ca.

Privacy officer

In accordance with PIPEDA Principle 4.1 and Quebec Law 25 § 3.1, Filemark has designated a person responsible for the protection of personal information. They oversee policy compliance, train personnel, respond to access and correction requests, and coordinate breach response. The current privacy officer may be contacted at privacy@filemark.ca. The name of the current officeholder is available on request.

Scope

This policy applies to data Filemark processes when an accounting firm (the customer) uses the Filemark Service to prepare a Canadian corporate tax (T2) return. It is written to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Law 25. It is the policy a vendor partner program (e.g. Intuit, Xero, Microsoft) should review when assessing how Filemark handles customer data inside the application.

The Service is intended for use by accounting professionals and their authorized staff. It is not directed to children, and we do not knowingly collect personal information from children under the age of 14. Where Quebec Law 25 imposes additional requirements for minors, those requirements take precedence over any contrary provision in this policy.

What we collect

• Firm and user identifiers: name, work email, and role within the firm. Used to authenticate sign-in, attribute audit-log entries, and contact the firm about billing, security, or service updates.
• Corporate tax data: trial-balance accounts, general-ledger entries, GIFI mappings, corporate metadata (legal name, business number, jurisdiction, fiscal year-end, directors), computed T2 schedules, and supporting workpapers.
• Source documents: PDFs, Excel files, and CRA XML slips uploaded by the firm or pulled from a connected service. Contents are processed to extract structured data; originals are retained for the firm's audit trail.
• Connector credentials: OAuth refresh tokens for integrations the firm enrolls (QuickBooks Online, Xero, Microsoft 365, OneSpan Sign, CCH iFirm), encrypted in AWS Secrets Manager with a per-tenant KMS key.
• Operational telemetry: server logs (request paths, response codes, latency) and the connector audit log (which integration was called when, by which user, with what data categories). We do not log file contents or credential values.

Why we collect it

All categories above are collected for the purpose of delivering the Service the firm has subscribed to: producing a complete and accurate T2 filing package and partner review binder. Under PIPEDA this is consent and necessity for contractual performance. We do not sell customer data, do not use it for advertising, do not use it to train or fine-tune any AI model, and do not disclose it to third parties except the subprocessors listed below or as required by law.

Automated processing and decision support

Filemark's tax engine performs automated computations on uploaded data: trial-balance classification, GIFI mapping, schedule calculations under the Income Tax Act, cross-schedule tie-out checks, and readiness gating. These computations are decision-support outputs intended for review and sign-off by a qualified Canadian tax practitioner. Filemark does not render a final decision based exclusively on automated processing within the meaning of Quebec Law 25 § 12.1: practitioner review and sign-off is required before any computed result is treated as authoritative. For transparency, we nonetheless describe the automated processing in plain terms below.

• Categories of personal information used: corporate financial data and corporate metadata as listed in “What we collect”. Personal information about individual taxpayers is processed only insofar as it appears in corporate records (e.g. director names on a Schedule 50).
• Principal factors and parameters: the rules of the federal Income Tax Act, provincial corporate tax acts, and Canada Revenue Agency forms applicable to the return; the firm's account classifications and GIFI mappings; and the corporation's reported figures.
• Right to information, rectification, and observations: every computed value is shown to the practitioner with a traceable lineage back to source inputs. Practitioners may override classifications, correct inputs, add notes, or decline to finalize a return. Contact privacy@filemark.ca to submit observations about the automated processing or to request human review of a specific computation.

Where the data lives

Filemark's primary infrastructure runs in Amazon Web Services (AWS) Canada Central (ca-central-1). The application backend, database, object storage, secrets vault, and per-tenant KMS keys all reside in Canada. Outbound traffic to integration vendors leaves from a single stable Canadian-allocated IP address (15.223.139.13) so the firm's network and compliance teams can audit and allowlist Filemark's egress.

Subprocessors

The third parties that process customer data on Filemark's behalf — together with their purpose, region, status (always-on or opt-in), and cross-border posture — are listed at filemark.ca/legal/subprocessors. That page also lists planned subprocessors that are not yet integrated. Filemark notifies firm administrators of material changes — including a new active subprocessor or a change in data residency — by email at least 30 days before they take effect. Each cross-border subprocessor has been assessed for adequate protection under Quebec Law 25 § 17 prior to enrollment.

Cross-border transfers

For each cross-border subprocessor (see the cross-border column at filemark.ca/legal/subprocessors), Filemark surfaces a data-transfer disclosure modal before the firm enables the integration. The firm's authorized administrator must explicitly acknowledge the transfer before any data flows. Firms can disable a cross-border integration at any time from the integrations page; the kill-switch is reversible. Filemark has conducted a Law 25 § 17 assessment for each cross-border transfer; a summary is available on request to privacy@filemark.ca.

How long we keep your data

Filemark retains tax-engagement data for the duration of the firm's subscription plus a six-year tail to align with the Canada Revenue Agency's record-keeping requirements (Income Tax Act § 230(4)). Connector credentials are deleted within 24 hours of revocation. Server logs are retained for 90 days for forensic and reliability purposes. The connector audit log is retained for the same six-year period as engagement data. On written request, Filemark will delete or return Customer Data within 30 days of the request, subject to legal obligations to retain certain records.

Your rights

Under PIPEDA and Quebec Law 25, individuals whose information is processed by Filemark have the right to:

• Access: request copies of personal information.
• Rectification: request correction of inaccurate or incomplete information.
• Withdraw consent: subject to legal and contractual obligations.
• Restrict use or disclosure: request that Filemark stop using or sharing personal information.
• Portability and deletion (Quebec residents): request transfer of personal information to another organization or directly to you, and request deletion where applicable under Law 25.
• Human review of automated processing: request that a person, rather than the engine alone, review a specific computation (see “Automated processing” above).

Send these requests to privacy@filemark.ca. We respond within 30 days.

Security

All customer data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256). Connector credentials are encrypted with per-tenant AWS KMS data keys so a single key compromise cannot decrypt another firm's secrets. The Filemark backend's outbound IP is fixed and published above so firms can allowlist it. Access by Filemark personnel to production customer data is limited to a small number of named administrators, requires multi-factor authentication, and is logged. A more detailed description of our security controls is available at filemark.ca/legal/security.

Breach notification

If Filemark becomes aware of a breach of security safeguards involving Customer Data that creates a real risk of significant harm to an individual, we will:

• notify the affected customer's account administrators without undue delay, and in any event within 72 hours of confirmation of the breach;
• notify the Office of the Privacy Commissioner of Canada and, where applicable, the Commission d'accès à l'information du Québec, as soon as feasible, in accordance with PIPEDA § 10.1 and Law 25 § 3.5;
• maintain a register of breaches as required by PIPEDA, available to regulators on request;
• provide affected individuals, through the customer, with the information needed to mitigate harm.

Suspected breaches may be reported confidentially to security@filemark.ca.

Data Processing Addendum

A Filemark Data Processing Addendum (DPA), incorporating the commitments in this policy and addressing customer-controller / Filemark-processor obligations under PIPEDA, Quebec Law 25, and (where applicable) the EU General Data Protection Regulation standard contractual clauses, is available on request to legal@filemark.ca.

Notification of changes

Material changes to this policy — including the addition of a new active subprocessor or a change in data residency — are published here and announced by email to the firm's administrators at least 30 days before they take effect. Continued use of the Service after a change constitutes acceptance. The current version of this policy is shown above (version and last-revised date).

Contact

Questions, complaints, or requests under PIPEDA / Law 25: privacy@filemark.ca. If a complaint is not resolved to your satisfaction, you may also contact the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the Commission d'accès à l'information du Québec (cai.gouv.qc.ca).