Privacy Policy

한국어

Last updated: May 14, 2026

This Privacy Policy explains how Candyll collects, uses, discloses, and safeguards your personal information when you use our website at candyll.com, our mobile application, and related services (collectively, the "Service" or "Platform"). It is designed to comply with Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA") and British Columbia's Personal Information Protection Act ("BC PIPA") where applicable. By using the Service you consent to the practices described below.

1. Who Is Responsible (Accountability)

Candyll ("we", "us", "our") is the organization responsible for the personal information in our custody and control. We have designated a Privacy Officer to oversee compliance with this Policy and with applicable privacy law. You may contact the Privacy Officer at privacy@candyll.com.

2. What Information We Collect

We collect only information that is reasonably necessary to provide and improve the Service.

  • Account information: email address, password (stored only as a salted hash by our authentication provider), display name, optional avatar URL, language preference, account-creation timestamp.
  • Verification data: one-time email codes (OTP) and authentication tokens used to confirm your identity. OTPs are short-lived and discarded once used.
  • Merchant information (Merchants only): business name, business number, business address, phone number, business hours, logo and cover images, website and social handles, GST/PST registration data where you provide it.
  • Activity data: reservations, cart contents, favourites, reviews and ratings you submit, slot bookings, cancellation history, trust score and tier, notifications you receive.
  • Location data: approximate or precise device location used to display nearby deals and merchants — only when you explicitly enable it. We do not track your location in the background and we do not store a history of your locations.
  • Device and usage data: IP address, device type, operating system, app version, browser type, language, anonymous identifiers, crash logs, and basic usage metrics needed for security, fraud prevention, and service reliability.
  • Push-notification token: if you opt in, we store a push token to deliver deal updates and reminders.
  • Communications: messages you send to our support, security, or privacy mailboxes.

We do not collect: government-issued ID, credit-card numbers, social insurance numbers, biometric data, health data, sexual orientation, religious belief, or other sensitive categories of personal information.

3. How We Collect Information

  • Directly from you when you create an account, list a Deal, place a reservation, write a review, or contact us.
  • Automatically through your device when you use the Service (e.g., crash logs, IP address, location only with your permission).
  • From service providers who help us authenticate users, send emails, host the Platform, or deliver push notifications.

4. Purposes of Collection (Identifying Purposes)

We use your personal information for the following purposes only:

  • To authenticate you and operate your account.
  • To display Deals near you and matching your preferences.
  • To process and coordinate your reservations and slot bookings with the Merchant.
  • To calculate and display your trust score, tier, and savings history.
  • To enable Merchants to manage reservations and to verify pickups.
  • To send transactional communications (reservation confirmations, pickup reminders, OTP codes, policy updates, security notices).
  • To send marketing communications about new features or merchant announcements, where you have opted in and as permitted by Canada's Anti-Spam Legislation (CASL).
  • To detect, prevent, investigate, and respond to fraud, security incidents, abuse, and violations of our Terms of Service.
  • To improve and develop the Service, including aggregated analytics that do not identify any individual.
  • To comply with legal obligations, respond to lawful requests, and protect our rights and the rights of others.

We will not use your personal information for any new purpose without your consent or other lawful basis.

5. Legal Basis (Consent)

We rely primarily on your consent to collect, use, and disclose personal information, given when you create an account and accept our Terms of Service. Where required, we obtain additional express consent (for example, for location access or push notifications). We may also rely on lawful bases other than consent where permitted by PIPEDA and BC PIPA — for example, performance of a contract with you, compliance with a legal obligation, or a legitimate business interest that is not outweighed by your privacy interests (such as fraud prevention and network security).

You may withdraw consent at any time by contacting our Privacy Officer, subject to legal or contractual restrictions and reasonable notice. Withdrawing consent may limit our ability to provide some or all of the Service.

6. Disclosure to Merchants

When you join a Deal or book a slot, we share with the Merchant only what is necessary to fulfil the reservation: your display name, reservation timestamp, quantity, slot time (if applicable), and pickup status. We do not share your password, email address (unless you choose to contact a Merchant), payment information, push token, or precise location with Merchants.

Reviews you write are public and shown alongside your display name. Do not include sensitive personal information in reviews.

7. Service Providers

We use the following service providers (data processors) to operate the Service. Each is bound by contractual privacy and security obligations.

  • Supabase — authentication and primary database hosting (servers located in Canada and the United States).
  • Cloudflare — web hosting (Workers, Pages), DNS, CDN, email routing, and DDoS protection (servers located globally).
  • Resend — outbound transactional email (servers located in the United States).
  • Expo / Apple / Google — push-notification delivery to mobile devices (United States and globally).
  • OpenFreeMap — public map tile rendering (Europe; no account or login).

These providers process information solely on our instructions and for the limited purpose of operating the Service.

8. International Transfers

Some of our service providers are located outside Canada (primarily in the United States and Europe). When personal information is transferred to or stored in another jurisdiction it may become subject to the laws of that jurisdiction, including laws permitting government access. We use providers that offer equivalent or stronger contractual protections and industry- standard encryption in transit and at rest. By using the Service you acknowledge and consent to these cross-border transfers.

9. Other Disclosures

We may disclose personal information without your further consent where permitted or required by law, including:

  • In response to a valid court order, subpoena, warrant, or other legal process from a Canadian court or competent authority;
  • To investigate, prevent, or take action against suspected fraud, security incidents, threats to safety, or violations of our Terms of Service;
  • To establish, exercise, or defend legal claims;
  • In connection with a merger, acquisition, financing, asset sale, or insolvency, in which case we will provide notice and continued protection to the extent required by law;
  • In aggregated or de-identified form that does not identify any individual.

We do not sell your personal information to third parties, and we do not engage in cross-context behavioural advertising.

10. Cookies and Similar Technologies

Our website uses essential cookies for authentication, session management, language preference, and CSRF protection. We do not use advertising cookies or third-party tracking pixels. You may block cookies through your browser settings, but doing so may prevent you from signing in or using parts of the Service.

11. Push Notifications and Marketing (CASL)

Transactional notifications (account verification, reservation confirmations, pickup reminders, security alerts) are sent because they are necessary to deliver the Service you requested and are exempt from CASL consent requirements. Marketing communications, where applicable, are sent only with your express opt-in consent and include an unsubscribe mechanism in every message. You may withdraw marketing consent at any time without affecting transactional messages or your account.

12. Retention

We retain personal information only as long as reasonably necessary for the purposes set out above and to comply with our legal, accounting, and reporting obligations.

  • Active account data is kept for the life of your account.
  • If you delete your account, identifying personal information is deleted or anonymized within thirty (30) days, except where we are required to retain it for legal, tax, fraud-prevention, or dispute-resolution purposes.
  • Aggregated or de-identified data that cannot reasonably be associated with you may be retained indefinitely.
  • Reviews you wrote may remain visible after account deletion in anonymized form (display name removed) to preserve the integrity of public ratings, unless removal is required by law.
  • Server logs (IP, request metadata) are typically retained for 30–90 days for security and reliability, then deleted.

13. Safeguards (Security)

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including:

  • TLS encryption in transit and at-rest encryption for stored data;
  • Row-level security and least-privilege access controls in our database;
  • Hashed passwords (never stored or transmitted in plaintext);
  • Limited employee access on a need-to-know basis;
  • Content Security Policy, strict transport security, and middleware-enforced authentication for sensitive routes;
  • Logging and monitoring of suspicious activity and a defined incident-response process.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security. If we become aware of a breach of security safeguards involving a real risk of significant harm, we will notify affected individuals and, where required, the Office of the Privacy Commissioner of Canada and/or the Office of the Information and Privacy Commissioner for British Columbia, in accordance with applicable law.

14. Children and Minors

The Service is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a minor has provided us with personal information, please contact our Privacy Officer and we will take reasonable steps to delete it.

15. Your Rights Under PIPEDA and BC PIPA

You have the right to:

  • Access your personal information in our custody and obtain a copy in a portable form where reasonably possible;
  • Correct personal information that is inaccurate or incomplete;
  • Withdraw consent for collection, use, or disclosure (subject to legal or contractual restrictions);
  • Delete your account through account settings or by request to the Privacy Officer;
  • Be informed of how your information is being used and to whom it has been disclosed;
  • Challenge our compliance with this Policy and with applicable law.

We respond to verified requests within thirty (30) days, or provide reasons for a longer period if necessary, in accordance with PIPEDA timelines. We may require you to verify your identity before responding to a request to prevent unauthorized access. We may charge a minimal cost-recovery fee for access requests, with advance written notice.

16. Automated Decision-Making

We use limited automated processing to calculate your trust score from past activity (no-shows, completions, cancellations) and to sort or rank Deals for display. We do not use automated systems to make decisions that produce legal or similarly significant effects on you without human oversight. You may contact us to request human review of any trust-score determination affecting your account.

17. How to Exercise Your Rights

Send your request to privacy@candyll.com with enough detail for us to identify you and the information at issue. We may follow up to verify your identity.

18. Complaints

If you are not satisfied with our response to a privacy concern, you may file a complaint with:

  • Office of the Privacy Commissioner of Canada (OPC): priv.gc.ca, 1-800-282-1376.
  • Office of the Information and Privacy Commissioner for British Columbia (OIPC BC): oipc.bc.ca.

19. Third-Party Links

The Service may link to third-party websites or services. Those sites have their own privacy practices, which we do not control and for which we are not responsible. Review their policies separately.

20. Changes to This Policy

We may update this Policy from time to time to reflect changes in law, technology, or our practices. We will post the updated version with a new "Last updated" date and, for material changes, provide reasonable notice (for example, by email or in-app message). Your continued use of the Service after the effective date constitutes your acceptance of the updated Policy.

21. Contact

Privacy Officer
privacy@candyll.com
For security issues: security@candyll.com

This Privacy Policy is intended as a good-faith implementation of PIPEDA and BC PIPA. It does not constitute legal advice. Before relying on it in a live production setting, have it reviewed by a Canadian privacy lawyer.