Privacy Policy
How we collect, use, and protect your information
1. Introduction
This Privacy Policy describes how PrivateACB ("Company," "we," "us," or "our") collects, uses, discloses, and protects information obtained from users ("you" or "your") of the PrivateACB desktop application ("Software") and related services, including our website at www.privateacb.com ("Website").
By downloading, installing, or using the Software, or by accessing our Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
Key Privacy Principle
PrivateACB is designed with privacy at its core. Your financial transaction data, tax calculations, and reports are stored exclusively on your device and are never transmitted to our servers.
2. Data Controller
For the purposes of applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Personal Information Protection and Electronic Documents Act ("PIPEDA"), and the California Consumer Privacy Act ("CCPA"), the data controller is:
PrivateACB
Email: support@privateacb.com
3. Information We Collect
3.1 Information You Provide Directly
License Purchase Information
When you purchase a license, we collect:
- Email address
- License tier selected
Payment information (including credit card details) is collected and processed directly by our third-party payment processor, Stripe, Inc. We do not receive, process, or store your payment card information.
License Activation Information
When you activate a license on a device, we collect:
- License key
- Device Identifier (cryptographic hash)
- Device name
- Software version
Support Communications
When you contact us for support, we collect your email address and the contents of your communications.
3.2 Information Collected Automatically
Download Analytics
When you download the Software from our Website, we automatically collect:
- Timestamp of download
- Software version requested
- Geographic location (country, region, city - derived from network routing)
- HTTP referrer
- Browser user agent string
We do not collect or store your IP address.
Website Analytics
Our Website uses Cloudflare Analytics, a privacy-focused analytics service that does not use cookies or track individual users. Only aggregate, anonymized data is collected.
3.3 Information Stored Locally
Your Data Stays on Your Device
The following are stored exclusively on your device and are never transmitted to our servers:
- Transaction records and financial data
- Tax calculations and generated reports
- Cached exchange rates and cryptocurrency prices
- Third-party API credentials you configure
- Database encryption credentials
4. Legal Basis for Processing
| Processing Activity | Legal Basis |
|---|---|
| License delivery and activation | Performance of contract |
| License management and device verification | Performance of contract |
| Response to support inquiries | Performance of contract / Legitimate interest |
| Download analytics | Legitimate interest |
| Compliance with legal obligations | Legal obligation |
5. How We Use Your Information
We use collected information for the following purposes:
- License Fulfillment: To generate, deliver, and activate your license key
- License Management: To enforce license terms, including the limitation of three (3) device activations per license
- License Recovery: To re-send license keys upon verified request
- Customer Support: To respond to inquiries and provide technical assistance
- Analytics: To analyze download patterns and geographic distribution for business planning
- Legal Compliance: To comply with applicable laws, regulations, and legal processes
6. Disclosure of Information
6.1 Third-Party Service Providers
| Service Provider | Purpose | Data Disclosed |
|---|---|---|
| Stripe, Inc. | Payment processing | Payment data (collected directly by Stripe) |
| Resend, Inc. | Email delivery | Email address, license key |
| Cloudflare, Inc. | Infrastructure and hosting | License activation data, download analytics |
6.2 No Sale of Personal Data
We do not sell, rent, or lease your Personal Data to third parties.
7. Third-Party Services
The Software connects to third-party services to retrieve market data:
- Bank of Canada: Currency exchange rates (public API, no credentials required)
- Federal Reserve Economic Data (FRED): Currency exchange rates (public API, no credentials required)
- CoinGecko: Cryptocurrency prices (optional API key for higher rate limits)
When you use these features:
- Communications occur directly between your device and the third-party service
- If you provide an API key (CoinGecko), it is stored locally on your device in encrypted form
- We do not receive, transmit, or have access to your API keys or the data retrieved
8. Data Retention
| Data Category | Retention Period |
|---|---|
| License records | Lifetime of your license |
| Activation records | Lifetime of your license |
| Download analytics | 1 year from date of collection |
| Contact form submissions | 90 days |
| Local Data (on your device) | Until deleted by you |
9. Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Encryption of data in transit using Transport Layer Security (TLS)
- Use of secure, authenticated endpoints for license management
- Engagement of PCI-DSS Level 1 certified payment processor
- Local database encryption capabilities within the Software (AES-256)
10. Your Rights
Rights Under GDPR (European Economic Area)
- Right of Access: Request a copy of your Personal Data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your Personal Data
- Right to Restriction: Request limitation of processing
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
Rights Under CCPA (California Residents)
- Right to Know: Request disclosure of Personal Data collected
- Right to Delete: Request deletion of your Personal Data
- Right to Opt-Out: Opt out of sale of Personal Data (note: we do not sell)
- Right to Non-Discrimination: Exercise rights without discriminatory treatment
Rights Under PIPEDA (Canadian Residents)
- Right of Access: Request access to your Personal Data
- Right to Challenge Compliance: Challenge our compliance with PIPEDA
- Right to Correction: Request amendment of inaccurate information
To exercise any of these rights, please contact us at support@privateacb.com. We will respond within the timeframe required by applicable law (generally within 30 days).
11. Device Identifier
The Device Identifier used for license activation is a cryptographic hash that cannot be reversed to obtain information about your hardware. This identifier:
- Is generated locally on your device
- Contains no personally identifiable information
- Is used solely to bind your license to authorized devices
- Persists across software reinstallation on the same hardware
12. Children's Privacy
The Software and services are not directed to individuals under the age of eighteen (18). We do not knowingly collect Personal Data from children.
13. Changes to This Policy
We reserve the right to modify this Privacy Policy at any time. Changes will be effective upon posting of the revised Policy on our Website. The "Last Updated" date at the top indicates when revisions were last made.
14. Governing Law
This Privacy Policy shall be governed by and construed in accordance with the laws of the Province of Alberta, Canada, without regard to its conflict of law provisions.