PIPEDA Compliance

What is PIPEDA?

The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada's federal privacy law for private-sector organizations. It sets out the ground rules for how businesses must handle personal information in the course of commercial activity.

PIPEDA's 10 Fair Information Principles

Nora adheres to all 10 principles outlined in Schedule 1 of PIPEDA:

1. Accountability

Nora has designated a Privacy Officer responsible for compliance. All employees and contractors with access to personal information are bound by confidentiality obligations.

2. Identifying Purposes

We collect personal information solely to provide the Nora service: invoicing, expense tracking, tax calculation, receipt scanning, mileage logging, and financial reporting. Purposes are identified at or before the time of collection.

3. Consent

We obtain meaningful consent when you create an account and agree to our Terms of Service and Privacy Policy. You may withdraw consent at any time by deleting your account.

4. Limiting Collection

We collect only the personal information necessary to provide the Service. We do not collect information indiscriminately.

5. Limiting Use, Disclosure, and Retention

Personal information is used only for the purposes for which it was collected. We do not sell or share your data with third parties for marketing. Data is retained only as long as your account is active, plus 30 days for deletion processing.

6. Accuracy

You can update your personal information at any time through Settings. We rely on you to keep your business information accurate and current.

7. Safeguards

We protect personal information with security safeguards appropriate to the sensitivity of the information, including encryption (TLS 1.2+, AES-256), access controls, multi-tenant data isolation, and Canadian data residency. See our Security page for details.

8. Openness

Our privacy practices are documented in our Privacy Policy, which is publicly available and written in plain language.

9. Individual Access

You can access all your personal information through the Nora app at any time. You can also request a complete data export by contacting our Privacy Officer.

10. Challenging Compliance

If you believe we are not complying with PIPEDA, you may contact our Privacy Officer at privacy@getnora.ca. You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada.

Provincial Privacy Laws

In addition to PIPEDA, Nora complies with substantially similar provincial privacy legislation in Alberta (PIPA), British Columbia (PIPA), and Quebec (Law 25 / Act respecting the protection of personal information in the private sector).