🔒Privacy Policy

Your data. Your money. Your call.

We built Beaverise to make your financial life easier, not to spy on it. This page explains, in plain language, what we collect and what we do with it.

Effective: May 8, 2026Last updated: May 8, 2026PIPEDA · Law 25

1. Overview

Beaverise Inc. ("Beaverise", "we", "us", "our") is a fintech company that provides an AI-powered personal finance application to users in Canada and the United States. We take your privacy seriously and we are committed to handling your information transparently and responsibly. We comply with Canadian privacy law, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec’s Law 25, and with applicable United States privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).

This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over it. By using Beaverise, you agree to the practices described here.

2. Information we collect

Account information: name, email address, phone number, date of birth, postal code, language preference, and authentication credentials provided through our identity provider.

Financial information: account balances, transactions, account holders, and institution metadata that we receive from your linked bank or credit accounts through Plaid. We do not store your bank login credentials. Plaid handles the connection on a read-only basis.

Usage information: pages or screens you visit, features you use, time spent in the app, device type, operating system, app version, language, and approximate location derived from your IP address.

Device and technical information: device identifiers, crash logs, performance traces, and security signals required to keep your account safe.

Communications: messages and feedback you send to our support team, plus the contents of conversations you have with the Beaver AI assistant inside the app.

Optional uploads: documents, receipts, leases, warranty cards, and policies that you choose to upload to your Vault.

3. How we use your information

To deliver the Beaverise service, including aggregating your financial data, building budgets, generating debt payoff plans, running tax calculations, and producing personalized insights.

To operate the Beaver AI assistant, including processing your questions and generating responses that reference your real financial context.

To provide customer support, respond to inquiries, and send transactional notifications such as bill reminders, security alerts, and account confirmations.

To improve the product, including diagnosing bugs, measuring feature performance, and developing new capabilities.

To detect and prevent fraud, protect against unauthorized access, and meet our regulatory obligations.

To send marketing communications when you have explicitly opted in. You can withdraw your consent at any time.

4. How AI processes your information

When you interact with Beaver AI, your question and a relevant slice of your financial context are sent to a third-party AI provider so it can generate a response. Requests are routed through OpenRouter, an AI gateway, to the large language model providers it connects to. The data sent includes your first name, country and currency, and financial information such as account balances, account types and institution names (never full account numbers), debt balances and rates, income, individual transactions, and spending by category. We do not send your email address, last name, phone number, full account or card numbers, or government identifiers.

This processing is performed under no-training terms, and our primary routing uses zero-data-retention providers, so your data is not used to train AI models and is not retained beyond what is required to return a response. We never sell your data to AI providers or anyone else. AI outputs are filtered through our own safety guardrails before they reach you, and any action taken on your behalf requires explicit confirmation.

5. Who we share information with

Service providers (sub-processors) that help us operate Beaverise, each bound by contractual confidentiality and data protection terms. These include: Google Cloud (infrastructure and data storage), Clerk (authentication and identity), OpenRouter (the AI gateway that powers the AI processing described in Section 4, routing requests to large language model providers), Sentry (crash and performance monitoring), and PostHog (product analytics).

Plaid, our open banking partner, which connects your bank accounts on your behalf on a read-only basis. Plaid acts as an independent data controller for the financial data it retrieves from your bank; its use of your information is governed by its own End User Privacy Policy at plaid.com/legal. To request deletion of the data Plaid holds, visit my.plaid.com.

Authorities or regulators, when we are legally required to disclose information by a valid law enforcement order, court order, or regulatory request under applicable law.

An acquirer or successor entity, in the event of a merger, acquisition, or asset sale. If that ever happens, we will let you know in advance and your data will continue to be protected by this Privacy Policy or one materially similar to it.

We do not sell your personal information to advertisers or data brokers. Ever.

6. Where we store your information

Your core account and financial data is stored in Canadian data centres (Google Cloud, Montreal region), with backups kept in Canadian regions where reasonably possible.

Some service providers we work with process data outside Canada: our AI gateway (OpenRouter) and the model providers it routes to, plus crash monitoring (Sentry), process in the United States, and our product analytics (PostHog) processes in the European Union. When data crosses borders, we use contractual safeguards (including Standard Contractual Clauses where applicable) approved under PIPEDA and applicable U.S. law to ensure your data receives an equivalent level of protection.

7. How we protect your information

We use AES-256 encryption at rest and TLS 1.2 or higher in transit. Sensitive credentials are stored in hardware-backed key management systems.

We follow the principle of least privilege internally, log and monitor administrative access, and run regular security testing. No system is perfectly secure, but we hold ourselves to a high standard and continuously raise it.

If we ever experience a security incident that affects your information, we will notify you and the appropriate regulators promptly, in line with our legal obligations.

8. How long we keep your information

We retain your personal information for as long as your account is active and for a reasonable period after closure to comply with legal, accounting, and audit requirements. Typical retention periods range from 30 days for transient logs to seven years for financial records that we are legally required to keep.

When the retention period ends, your information is permanently deleted or anonymized.

9. Your rights

You have the right to access the personal information we hold about you, request a copy of it in a portable format, ask us to correct anything that is inaccurate, and ask us to delete your account and the associated data.

You can exercise these rights at any time from inside the app under Settings, or by emailing privacy@beaverise.com. We will respond within 30 days.

Quebec residents have additional rights under Law 25, including the right to object to automated decision-making and request a review by a human. You can ask us to do that at the same email address.

United States residents, including California residents under the CCPA/CPRA, have the right to know and access the personal information we collect, the right to delete and to correct it, the right to opt out of the sale or sharing of personal information, and the right to limit the use of sensitive personal information (your financial information is treated as sensitive). We do not sell or share your personal information for cross-context behavioural advertising, and we do not use your sensitive information for any purpose other than providing and securing the service. You will never be discriminated against for exercising these rights, and you may use an authorized agent. To make a request, email privacy@beaverise.com.

10. Children

Beaverise is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has signed up for Beaverise, please contact us and we will delete the account.

11. Cookies and similar technologies

Our website uses a small number of essential cookies to operate the site, plus optional analytics cookies that help us understand which pages people read. You can decline non-essential cookies through the cookie banner without losing access to any functionality.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “last updated” date at the top, and for material changes we will notify you in the app or by email at least 30 days before the change takes effect.

13. Contact us

If you have a question, complaint, or concern about how we handle your personal information, you can reach our Privacy Officer at privacy@beaverise.com. We aim to acknowledge every request within two business days.

You can also contact the Office of the Privacy Commissioner of Canada at priv.gc.ca, or, if you reside in Quebec, the Commission d’accès à l’information at cai.gouv.qc.ca.

Plain-English summary

  • We collect what we need to run the app, nothing more.
  • We never sell your data.
  • We use Plaid for bank connections. We never see your bank password.
  • AI providers we work with cannot train on or retain your data.
  • You can export or delete everything at any time.