🍁TrueNorthPointsHome

Privacy Policy

Last updated: April 18, 2026

1. Who We Are

TrueNorthPoints (β€œwe”, β€œus”, β€œthe Service”) is a Canadian credit card rewards optimizer operated from Ontario, Canada. This policy describes how we collect, use, and protect your personal information. We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Information We Collect

Account information (via Clerk): your name, email address, profile image, and sign-in identifier from Google, Apple, or email sign-up.

Rewards data you provide: credit cards you add to your wallet, points balances, loyalty program accounts, spending profile by category, and Aeroplan status tier. We do NOT collect credit card numbers, CVVs, or banking credentials β€” only which cards you own and their rewards balances.

Chat messages: conversations with Maple AI are stored so you can reference past advice.

Billing information: if you subscribe, Stripe handles payment processing and stores your card details on their PCI-compliant infrastructure. We store only your Stripe customer ID and subscription tier.

Technical data: device type, browser, approximate location (from IP address), and usage logs for security and debugging.

3. How We Use Your Information

  • Generate personalized card recommendations based on your spending profile
  • Power Maple AI chat with context about your wallet and loyalty programs
  • Send expiry warnings and weekly digests (Plus+ tier, opt-in)
  • Process subscription payments via Stripe
  • Improve the Service through anonymized usage analytics
  • Detect and prevent fraud and abuse

We do NOT sell your personal information to third parties. We do NOT use your data to train generic AI models.

4. Third-Party Service Providers

We share necessary data with the following processors, each bound by data protection agreements:

  • Clerk (authentication) β€” stores account credentials
  • Supabase (database, hosted on AWS us-east-1) β€” stores your wallet, spending profile, and chat history
  • Stripe (payments) β€” processes subscription charges
  • OpenAI and Google (Gemini) β€” process chat messages to generate AI responses. Messages are sent to these providers per request; neither uses your data to train their models when accessed via their commercial APIs
  • Duffel (flight search) β€” receives anonymous flight search queries
  • Vercel (hosting) β€” processes all HTTP requests

5. Data Storage and Transfer

Your data is stored in AWS us-east-1 (Virginia, USA) via Supabase. By using the Service, you consent to the transfer of your data to the United States. We use encryption in transit (TLS 1.2+) and at rest.

6. Your Rights (PIPEDA)

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Withdraw consent and delete your account
  • Request an export of your data in a portable format
  • File a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, email privacy@truenorthpoints.ca.

7. Account Deletion

You can delete your account at any time via Settings, or by emailing us. When you delete your account, we remove your wallet, spending profile, chat history, and loyalty accounts within 30 days. Some records (billing, for CRA tax compliance) may be retained for 6 years as required by Canadian law.

8. Cookies and Tracking

We use essential cookies for authentication (via Clerk) and session state. We use anonymized analytics to understand product usage. We do not use advertising cookies or cross-site trackers.

9. Children

The Service is intended for users 18 years or older. We do not knowingly collect information from children under 13.

10. Changes to This Policy

We may update this policy to reflect changes in the Service or legal requirements. Material changes will be communicated via email at least 14 days in advance.

11. Contact

Questions, concerns, or requests? Email privacy@truenorthpoints.ca. Our Privacy Officer will respond within 30 days.