Privacy Policy

Last updated: 2026-05-28

This page is provided for general information only and is not legal advice. Foundero is not a law firm. If you need advice about your situation, consult a licensed lawyer.

We handle personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Ontario law.

1. Introduction

This Privacy Policy explains how Foundero Inc. (“Foundero”, “we”, “us”) collects, uses, discloses, and protects your personal information when you use foundero.ai and our incorporation services (the “Service”).

Foundero helps you incorporate a business in Ontario. We are a document-preparation and filing-assistance service. We are not a law firm and do not provide legal advice.

By using the Service, you consent to the practices described here.

2. What personal information we collect

Account information: name, email address, password (hashed), and authentication identifiers.

Incorporation information (you provide this to generate and file your corporate documents):

  • Director / officer / shareholder full legal names
  • Residential or service addresses
  • Date(s) where required by the filing
  • Share ownership and corporate structure details
  • [ pending — if collected: Social Insurance Number (SIN) — only if required for CRA/tax registration ]

Payment information: processed by Stripe. We do not store your full card number; we receive only a token and limited transaction metadata.

Government-issued identifiers received on your behalf: after incorporation, the Ontario Business Registry issues a Company Key (a confidential 9-digit credential granting authority over your corporation). We handle this with heightened safeguards (see §7).

Usage / technical data: IP address, device/browser type, and pages visited, for security and service operation.

3. Why we collect it (purposes)

We use your personal information to: (a) create and secure your account; (b) generate your corporate documents; (c) submit filings to the Ontario Business Registry on your behalf under your authorization; (d) process payment; (e) send transactional notices about your incorporation; (f) provide support; (g) meet legal/record-keeping obligations. We do not sell your personal information.

4. Consent

We collect, use, and disclose personal information with your consent, which you give by providing the information and using the Service for the purposes above. You may withdraw consent (see §8), subject to legal/contractual limits — note that withdrawing consent mid-incorporation may make us unable to complete your filing.

5. Service providers (processors) we share data with

We use the following third-party processors to operate the Service. Each receives only the data needed for its function.

ProcessorFunctionData sharedRegion / cross-border
SupabaseDatabase + authenticationAccount + incorporation data[ pending — region — Adam to confirm ]
StripePayment processingName, email, payment tokenUnited States (cross-border)
VercelApplication hostingTechnical/usage data in transitUnited States (cross-border)
Google (Gmail / Workspace)Transactional + support emailName, emailUnited States (cross-border)
Anthropic (Claude)Automated checks on document/name dataLimited incorporation field dataUnited States (cross-border)
Ontario Business Registry (Ministry of Public and Business Service Delivery)Government filing of your incorporationYour filing data + Company KeyCanada (government)
[ pending — if used: CGI / Nuans API ]Name search / reservationProposed company nameCanada

Note: ServiceOntario / OBR is a government registry we file with, not a commercial processor — but it is listed for transparency because your data is transmitted there.

6. Cross-border disclosure

Some processors above store or process data in the United States. PIPEDA permits this but requires we tell you: while data is in another country, it may be accessible to that country's courts/law enforcement under their laws. We use processors that contractually commit to protecting your data. [ pending — transfer-mechanism wording — counsel to confirm ]

7. How we protect your information

We use encryption in transit (TLS) and at rest, access controls, and least-privilege practices.

Company Key — heightened handling: your Company Key is encrypted at rest, never sent in plain text by email, access-logged on every read, and [ pending — UX safeguards (view-once / masked / 2FA) — product decision ]. This is a confidential credential; treat it like a password.

8. Your rights (PIPEDA)

You may: (a) access the personal information we hold about you; (b) request correction of inaccurate data; (c) withdraw consent (subject to §4 limits); (d) request deletion of your data, subject to legal record-keeping requirements (e.g., we may need to retain certain incorporation/financial records for [ pending — X years — counsel to confirm ]). To exercise these, contact our Privacy Officer (§11). We respond within 30 days as required by PIPEDA.

9. Retention

We keep personal information only as long as needed for the purposes above or as required by law. [ pending — statutory retention periods for incorporation / financial records — counsel to confirm ] After that, we securely delete or anonymize it.

10. Cookies / analytics

[ pending — analytics & cookies disclosure — confirm whether any analytics are in use ]

11. Contact / complaints

Privacy Officer: adam@foundero.ai

Mailing address: [ pending — registered address — Adam to confirm ]

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.

12. Changes

We may update this policy. Material changes will be notified by email or in-app. The “last updated” date reflects the current version.