Privacy Policy

Effective Date: January 2026 · Last Updated: March 2026

1. Introduction

This Privacy Policy describes how PrivateACB ("Company," "we," "us," or "our") collects, uses, discloses, and protects information obtained from users ("you" or "your") of the PrivateACB desktop application ("Software") and related services, including the website at www.privateacb.com ("Website").

By downloading, installing, or using the Software, or by accessing the Website, you acknowledge agreement to this Privacy Policy.

Key Privacy Principle: Your financial transaction data, tax calculations, and reports are stored exclusively on your device and never transmitted to our servers.

2. Data Controller

For data protection law purposes (GDPR, PIPEDA, CCPA), the data controller is:

PrivateACB
Email: support@privateacb.com

3. Information We Collect

3.1 Information You Provide Directly

License Purchase Information

  • Email address
  • License tier selected

Payment information is processed directly by Stripe, Inc. We do not receive, process, or store payment card details.

License Activation Information

  • License key
  • Device Identifier (cryptographic hash)
  • Device name
  • Software version

Support Communications

  • Email address
  • Contents of support inquiries

3.2 Information Collected Automatically

Download Analytics

  • Timestamp of download
  • Software version requested
  • Geographic location (country, region, city — derived from network routing)
  • HTTP referrer
  • Browser user agent string

We do not collect or store your IP address.

Website Analytics

The Website uses Cloudflare Analytics, a privacy-focused service without cookies or individual user tracking. Only aggregate, anonymized data is collected.

3.3 Information Stored Locally

The following are stored exclusively on your device and are never transmitted to our servers:

  • Transaction records and financial data
  • Tax calculations and generated reports
  • Cached exchange rates and cryptocurrency prices
  • Third-party API credentials you configure
  • Database encryption credentials

4. Legal Basis for Processing

Processing Activity Legal Basis
License delivery and activationPerformance of contract
License management and device verificationPerformance of contract
Response to support inquiriesPerformance of contract / Legitimate interest
Download analyticsLegitimate interest
Compliance with legal obligationsLegal obligation

5. How We Use Your Information

  • License Fulfillment: To generate, deliver, and activate license keys
  • License Management: To enforce license terms, including the three-device activation limit
  • License Recovery: To re-send license keys upon verified request
  • Customer Support: To respond to inquiries and provide technical assistance
  • Analytics: To analyze download patterns and geographic distribution
  • Legal Compliance: To comply with applicable laws and legal processes

6. Disclosure of Information

6.1 Third-Party Service Providers

Service Provider Purpose Data Disclosed
Stripe, Inc.Payment processingPayment data (collected directly by Stripe)
Resend, Inc.Email deliveryEmail address, license key
Cloudflare, Inc.Infrastructure and hostingLicense activation data, download analytics

6.2 No Sale of Personal Data

We do not sell, rent, or lease your Personal Data to third parties.

7. Third-Party Services

The Software connects to third-party services for market data:

  • Bank of Canada: Currency exchange rates (public API, no credentials required)
  • Federal Reserve Economic Data (FRED): Currency exchange rates (public API)
  • CoinGecko: Cryptocurrency prices (optional API key for higher rate limits)

When using these features:

  • Communications occur directly between your device and the third-party service
  • API keys (if provided) are stored locally on your device in encrypted form
  • We do not receive, transmit, or access your API keys or retrieved data

8. Data Retention

Data Category Retention Period
License recordsLifetime of your license
Activation recordsLifetime of your license
Download analytics1 year from date of collection
Contact form submissions90 days
Local Data (on your device)Until deleted by you

9. Data Security

We implement appropriate technical and organizational measures:

  • Encryption of data in transit using Transport Layer Security (TLS)
  • Secure, authenticated endpoints for license management
  • Engagement of PCI-DSS Level 1 certified payment processor
  • Local database encryption within the Software (AES-256 via SQLCipher)

10. Your Rights

Rights Under GDPR (European Economic Area)

  • Right of Access: Request a copy of your Personal Data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your Personal Data
  • Right to Restriction: Request limitation of processing
  • Right to Data Portability: Receive your data in structured format
  • Right to Object: Object to processing based on legitimate interests

Rights Under CCPA (California Residents)

  • Right to Know: Request disclosure of Personal Data collected
  • Right to Delete: Request deletion of your Personal Data
  • Right to Opt-Out: Opt out of sale of Personal Data (note: we do not sell)
  • Right to Non-Discrimination: Exercise rights without discriminatory treatment

Rights Under PIPEDA (Canadian Residents)

  • Right of Access: Request access to your Personal Data
  • Right to Challenge Compliance: Challenge compliance with PIPEDA
  • Right to Correction: Request amendment of inaccurate information

Rights Under UK GDPR and Data Protection Act 2018 (UK Residents)

  • Right of Access: Request a copy of your Personal Data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your Personal Data
  • Right to Restriction: Request limitation of processing
  • Right to Data Portability: Receive your data in structured format
  • Right to Object: Object to processing based on legitimate interests

To exercise these rights, contact support@privateacb.com. Responses occur within timeframes required by law (generally within 30 days).

11. Device Identifier

The Device Identifier used for license activation is a cryptographic hash that cannot be reversed. This identifier:

  • Is generated locally on your device
  • Contains no personally identifiable information
  • Is used solely to bind your license to authorized devices
  • Persists across software reinstallation on the same hardware

12. Children's Privacy

The Software and services are not directed to individuals under 18 years old. We do not knowingly collect Personal Data from children.

13. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. Changes become effective upon posting the revised policy on the Website. The "Last Updated" date indicates when revisions were last made.

14. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the Province of Alberta, Canada, without regard to its conflict of law provisions.

Contact

Questions about this policy? Contact support@privateacb.com