Legal

Privacy Policy

Last Updated: June 2, 2026

1. Introduction

Hanna Financial Active Intelligence ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website or use our platform, and tell you about your privacy rights and how the law protects you.

This policy is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation in Canada.

2. Sovereign Data & Data Residency

We understand the critical importance of data sovereignty for Canadian financial institutions. All client data, including personal information, financial records, and operational intelligence processed by Hanna Financial Active Intelligence, is hosted and stored exclusively on servers located within the physical borders of Canada.

Your data remains subject solely to Canadian laws and jurisdictions. We do not transfer, backup, or mirror your core operational data to servers outside of Canada without your explicit, prior written consent.

3. The Data We Collect About You

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier, title, and company name.
  • Contact Data includes billing address, email address and telephone numbers.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data includes information about how you use our website, products and services.

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

5. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

6. Your Legal Rights

Under PIPEDA and other applicable Canadian privacy laws, you have rights in relation to your personal data, including the right to:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Withdraw consent at any time where we are relying on consent to process your personal data.
  • File a complaint with the Office of the Privacy Commissioner of Canada or your provincial privacy commissioner.

7. Contact Us

If you have any questions about this privacy policy or our privacy practices, please contact our Privacy Officer at privacy@hannafinancial.ca.

8. Google Account Integration and Limited Use

If you connect a Google account, Hanna accesses the following Google data only to provide features you actively use in the app: your Gmail messages (read-only) to display, search, organize, and — at your request — summarize your inbox; sending email on your behalf when you compose and send from Hanna; your Google Calendar to display your schedule and create, update, or cancel events you manage in Hanna; and your Google Contacts (read-only) to auto-complete recipients and attendees. We request the minimum scopes required and you can disconnect at any time, which deletes the stored tokens and cached content.

Hanna's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy ( https://developers.google.com/terms/api-services-user-data-policy ), including the Limited Use requirements. Specifically: we use this data only to provide and improve these user-facing features; we do NOT use it for advertising; WE DO NOT USE IT TO TRAIN OR IMPROVE GENERALIZED OR STANDALONE AI/ML MODELS, and any AI service providers acting on our behalf are contractually prohibited from doing so; we do not transfer it except to provide or secure these features, to comply with law, or in connection with a merger or acquisition with prior notice and consent; and we do not allow humans to read it except with your specific consent, for security purposes, or where required by law.

When you use an AI feature (e.g. summarizing an email or drafting a reply), the relevant content is processed by an AI service provider acting on our behalf, under confidentiality and data-protection obligations, solely to produce that result for you.