Fruxal

Legal

Privacy Policy

Effective date: March 22, 2026 · Last updated: March 22, 2026

Fruxal Inc. (“Fruxal,” “we,” “us,” or “our”) operates a financial diagnostic platform for Canadian small and mid-size businesses. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

By using Fruxal, you consent to the collection and use of your information as described in this policy. If you do not agree, do not use our service.

1. Information we collect

We collect information in two ways: information you provide directly, and information we collect automatically.

Information you provide:

  • Account information — name, email address, business name when you register
  • Business profile data — industry, province, revenue band, employee count, business structure
  • Financial diagnostic data — the revenue, payroll, margin, and other financial figures you enter into the intake form; the diagnostic findings, health scores, and task history generated from that data
  • Uploaded documents (Enterprise tier only) — T2 corporate returns, financial statements, GST/HST returns, T4 summaries, and bank statements you choose to upload for verified analysis
  • Communications — when you contact us by email or through the platform
  • Account deletion reason — if you voluntarily provide one when deleting your account

Information collected automatically:

  • Usage data — pages visited, features used, diagnostic run frequency, login timestamps
  • Device and browser information — browser type, operating system, IP address (used for security and abuse prevention)
  • Cookies — session cookies required for login; analytics cookies from Vercel Analytics (anonymized)
  • Email engagement data — whether emails we send were opened or links were clicked (through Resend)

We do not collect payment card numbers. All payment processing is handled by Stripe, which is PCI-DSS certified.

2. Why we collect this information

  • To provide the diagnostic service — analyzing your financial inputs, generating findings, scores, and recovery recommendations
  • To personalize your recovery — matching programs, grants, and findings to your specific industry, province, and business size
  • To send relevant communications — monthly briefs, deadline reminders, milestone emails, and account notifications. You can opt out of non-essential emails at any time
  • To process payments — creating and managing your subscription through Stripe
  • To improve the platform — understanding how features are used to make Fruxal better
  • To comply with legal obligations — maintaining records required by applicable law

3. Who we share your information with

We share your information only with the following service providers, each operating under appropriate data agreements:

  • Anthropic — Your financial inputs are processed by Anthropic's Claude API to generate diagnostic findings. Anthropic does not use your inputs to train their models. See Anthropic's privacy policy at anthropic.com.
  • Stripe — Payment processing and recovery fee billing. Stripe handles all card data. See stripe.com/privacy.
  • Resend — Transactional email delivery (diagnostic results, monthly briefs, account notifications). See resend.com/privacy.
  • Supabase — Database hosting for your account and diagnostic data. Supabase is SOC 2 certified. See supabase.com/privacy.
  • Vercel — Application hosting and anonymized web analytics. See vercel.com/legal/privacy-policy.

We do not sell your data to third parties. Ever. Affiliate solution providers receive only an anonymous click referral when you click on a recommended solution — they never receive your name, email, financial data, or any personally identifiable information.

We may disclose your information if required by law, court order, or to protect the rights and safety of Fruxal, our users, or the public.

4. Your rights under PIPEDA

As a Canadian resident, you have the following rights with respect to your personal information:

  • Right to access — You may request a copy of the personal information we hold about you
  • Right to correct — You may request that we correct inaccurate or incomplete information
  • Right to delete — You may delete your account and all associated data at any time from Settings → Danger Zone. All data is purged within 30 days
  • Right to withdraw consent — You may withdraw consent to specific uses (such as marketing emails) at any time without affecting the lawfulness of prior processing
  • Right to complain — If you believe we have not handled your information appropriately, you may lodge a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca

To exercise these rights, contact us at privacy@fruxal.ca. We will respond within 30 days.

5. Data retention

  • Active accounts — Data is retained for as long as your account is active
  • Deleted accounts — All personal data is purged within 30 days of account deletion. We retain only an anonymized deletion log (a cryptographic hash, not your actual data) for compliance purposes
  • Diagnostic reports — Retained for the lifetime of your account and deleted with your account
  • Email logs — Retained for 12 months
  • Uploaded documents (Enterprise) — Retained for the lifetime of your account or until you request deletion

6. Security

  • All data transmitted between your browser and Fruxal is encrypted using TLS (Transport Layer Security)
  • Database access is controlled via Row Level Security — your data is only accessible by authenticated requests associated with your account
  • Payment card data is handled entirely by PCI-DSS certified Stripe infrastructure. We never see or store card numbers
  • We regularly review our security practices and promptly address identified vulnerabilities

No system is 100% secure. If you become aware of a security concern, please contact us at privacy@fruxal.ca.

7. Cookies

  • Session cookies — Required for you to stay logged in. Without these, the service cannot function
  • Analytics cookies — Vercel Analytics uses anonymized, aggregated data to help us understand page performance. No personal identifiers are collected

We do not use advertising cookies, retargeting pixels, or third-party tracking. See our Cookie Policy for full details.

8. Contact us

For privacy questions, data access requests, or to exercise your rights under PIPEDA:

  • Email: privacy@fruxal.ca
  • Response time: 30 days
  • Jurisdiction: This policy is governed by the laws of Quebec, Canada

This Privacy Policy was last updated on March 22, 2026. We will notify active users of material changes by email before they take effect.