Privacy Policy

This Privacy Policy explains how The Permanent Residents Guide Ltd ("we", "us", "our") collects, uses, discloses, and protects your personal data when you use our website, chatbot, and related services (the "Service").

Our commitment is to process your data transparently, securely, and in compliance with:

• The UK General Data Protection Regulation (UK GDPR)
• The Data Protection Act 2018 (UK)
• Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
• Relevant provincial privacy laws, including Quebec's Law 25

This Policy applies to:

• Visitors to our website
• Users who interact with our AI assistant "Gustave"
• Registered account holders and subscribers
• Individuals who contact our support team or submit documents to us

It does not apply to third-party websites linked from our Service.

We collect the following types of personal data:

3.1 Data You Provide

• Name and email address (when registering an account or contacting support)
• Uploaded documents, images, and text
• Messages you send to Gustave or our support team

3.2 Data We Collect Automatically

• IP address and approximate location
• Device type and browser information
• Usage logs and timestamps
• Cookie preferences and analytics events

3.3 Payment Information

Payments are handled by third-party processors. We do not store full payment card details. We may retain transaction metadata (e.g., timestamp, last 4 digits) for fraud prevention and compliance.

We use your data for the following purposes:

Under UK GDPR and PIPEDA, we rely on one or more of the following legal bases:

• Consent – when you actively provide or agree to us processing your data
• Contractual necessity – to deliver the services you've subscribed to
• Legitimate interests – for purposes like security, service improvement, and usage tracking (balanced against your rights)
• Legal obligation – to comply with financial or regulatory laws

Where we rely on consent (e.g., for cookies or document uploads), you may withdraw your consent at any time.

We share your data only with:

• Anthropic, to generate AI responses (data is processed transiently and not used for training)
• Supabase, to manage accounts, data storage, and authentication
• Stripe or equivalent, to process payments securely
• Cloud service providers, for hosting and backup (e.g., Vercel)
• Legal or regulatory bodies, if required by law

We do not sell or rent your data. We never use your data to train AI models.

Your data may be transferred to or stored in the United Kingdom, the United States, or Canada. Where applicable, we use:

• Standard Contractual Clauses (SCCs) approved by the UK or EU
• Adequacy decisions, where recognised
• Technical and organisational safeguards (e.g., encryption, access control)

By using the Service, you consent to these transfers.

We retain data only as long as needed to:

• Deliver the Service
• Comply with legal and tax requirements
• Prevent fraud and abuse

If you delete your account or content, we aim to erase your data from active systems within 14 days. Anonymised metadata may be retained longer for analytics and audit.

You have the right to:

• Access a copy of your data
• Request correction of inaccurate data
• Request deletion ("right to be forgotten")
• Withdraw consent at any time
• Port your data to another provider
• Object to or restrict certain types of processing
• File a complaint with the UK Information Commissioner's Office (ICO) or the Office of the Privacy Commissioner of Canada (OPC)

To exercise your rights, email us at support@permanentresidentsguide.com.

We use cookies and similar technologies to:

• Keep you logged in
• Analyse usage and improve performance
• Remember your preferences

We seek your consent before setting non-essential cookies. You can manage cookie preferences via your browser or our banner.

For details, see our Cookie Policy.

We implement technical and organisational measures to protect your data, including:

• HTTPS encryption
• Access control and authentication
• Regular backups and security audits

However, no system is entirely immune to risks. You use the Service at your own risk.

The Service is not intended for users under 13. We do not knowingly collect personal data from children. If we become aware of such data, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or via the Service. Continued use of the Service after the changes become effective constitutes acceptance.