Compliance & Security

Verixa Privacy & Data Protection Policy

Part 1 — Legal Foundation & Core Principles

1. Introduction

Verixa (“we”, “our”, or “the Platform”) is committed to protecting the privacy, confidentiality, and security of personal information in compliance with applicable Canadian laws, including but not limited to:

  • Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Digital Charter Implementation Act (Bill C-27 – where applicable updates may apply)
  • Applicable provincial privacy laws where relevant (e.g., Quebec Law 25)

This policy explains how we collect, use, disclose, and safeguard personal information when users interact with the Verixa platform.

2. Scope of This Policy

This policy applies to:

  • Users (clients seeking immigration consulting services)
  • Consultants (RCICs or related professionals)
  • Visitors browsing the platform
  • Any individual interacting with Verixa services, content, or communications

3. Legal Basis (PIPEDA Compliance)

Verixa operates under the principles established in PIPEDA, specifically:

10 Fair Information Principles (Schedule 1 of PIPEDA)

We explicitly align with:

  1. Accountability
  2. Identifying Purposes
  3. Consent
  4. Limiting Collection
  5. Limiting Use, Disclosure, and Retention
  6. Accuracy
  7. Safeguards
  8. Openness
  9. Individual Access
  10. Challenging Compliance
📌 Reference: PIPEDA, Schedule 1 - View on laws-lois.justice.gc.ca

4. Definitions

Personal Information

Under PIPEDA: "Information about an identifiable individual"

  • Name
  • Email address
  • Phone number
  • IP address (in some contexts)
  • Booking details
  • Communication history
📌 Ref: PIPEDA Section 2(1)

Sensitive Information

Certain information is considered more sensitive depending on context:

  • Immigration status
  • Legal matters
  • Financial transactions
  • Personal circumstances shared in consultations

Verixa treats such data with enhanced safeguards.

Consultant Data

Information related to consultants may include:

  • Public registry data (CICC)
  • Professional details
  • Profile information
  • Reviews and ratings
⚠️

Important: Public registry data is considered publicly available information, but once processed and displayed, it must still respect fair use and context.

📌 Ref: PIPEDA Regulations Specifying Publicly Available Information

5. Accountability

Verixa is responsible for personal information under its control and has designated a Privacy Officer responsible for compliance with PIPEDA.

Responsibilities include:

  • Ensuring compliance with applicable laws
  • Responding to data access requests
  • Managing complaints
  • Monitoring internal data practices

6. Consent

Principle

Verixa collects, uses, and discloses personal information only with user knowledge and consent, except where permitted or required by law.

📌 Ref: PIPEDA Principle 3 – Consent

1. Express Consent

Required for:

  • Account creation
  • Booking consultations
  • Providing personal details

2. Implied Consent

Applies when:

  • Users browse the platform
  • Users interact with public consultant profiles

Withdrawal of Consent

Users may withdraw consent at any time, subject to:

  • Legal obligations
  • Contractual obligations
  • Operational requirements (e.g., active bookings)

7. Limiting Collection

Verixa only collects information that is:

  • Necessary
  • Relevant
  • Proportionate to the purpose

We explicitly do NOT collect excessive or unrelated data.

📌 Ref: PIPEDA Principle 4

8. Identifying Purposes

Before or at the time of collection, we clearly identify why data is collected. Core purposes include:

  • Facilitating consultant discovery
  • Enabling booking and communication
  • Processing payments
  • Improving platform functionality
  • Ensuring trust and verification
  • Preventing fraud and abuse

9. Public Registry Data (Critical Section)

Verixa may display data sourced from official public registries (e.g., CICC).

Legal Position:

Under Canadian law, public registry data may be used if:

  • It is publicly available
  • It is used for appropriate purposes

📌 Ref: PIPEDA Regulations – Publicly Available Information

🛡️ Verixa Safeguards:

  • Data is displayed for informational purposes only.
  • We do not alter official regulatory status.
  • We provide disclaimers directing users to official sources.
  • Consultants may request corrections or claims.

10. Data Minimization & Purpose Limitation

Verixa ensures that:

  • Data is only used for the purposes stated
  • Data is not repurposed without consent
  • Data is not sold to third parties

📌 PIPEDA Principle 5 – Limiting Use, Disclosure, Retention

11. High-Level Data Flow

User Flow

User Search Profile Booking Communication

Data Flow

User Input Platform Processing Consultant Interaction Logs / Storage

⚠️ Legal Positioning (VERY IMPORTANT)

Verixa acts as a facilitator, not a legal representative or immigration advisor.

  • Is not an immigration consultant
  • Does not provide legal advice
  • Does not represent users before IRCC or any authority

All professional services are provided solely by licensed consultants.

12. Anti-Misrepresentation Clause

Verixa explicitly prohibits:

  • False claims of consultant identity
  • Misuse of profiles
  • Unauthorized data manipulation

Violations may result in:

  • Account suspension
  • Legal reporting where applicable

Part 2 — Data Collection, Use, Storage & Disclosure

13. Types of Personal Information We Collect

Verixa collects only information necessary to operate the platform effectively.

13.1 Users

Registration

  • Full name
  • Email address
  • Password (hashed, never plain text)

Booking

  • Selected consultant & Time
  • Notes / Case description (optional)
  • Contact preferences

Profile

  • Nationality (optional) & Languages
  • Immigration goals

13.2 Consultants

  • License number & Name
  • Status (from public registry)
  • Company / affiliation
  • Contact details
  • Profile content (bio, services, pricing)
⚠️ Important: Data from public registries is processed as public data but displayed with exact precision.

13.3 Automated

  • IP address & Device/Browser type
  • Pages visited
  • Interaction logs (clicks, bookings)

📌 Ref: PIPEDA Security allowances

13.4 Payment Info

Verixa does not store full payment card details.

  • Processed securely via Stripe
  • Only limited metadata stored: ID, amount, status

📌 PIPEDA Principle 7

14. Purpose of Data Use

We use collected data strictly for:

Core Functions

  • Matching users with consultants
  • Processing bookings and communications
  • Managing user accounts

Operational Functions

  • Improving platform performance
  • Preventing fraud and monitoring system activity
  • Customer support

Legal & Compliance

  • Enforcing terms and responding to legal requests
  • Maintaining audit logs

📌 Ref: PIPEDA Principle 2

15. Limiting Use

Verixa does NOT:

  • Sell personal data
  • Share personal data for advertising resale
  • Use personal data for unrelated purposes
Data is used only within the scope of “reasonable and necessary purposes” under PIPEDA.

16. Data Retention

We retain personal information only as long as necessary. Retention periods depend on active account status, booking history, and legal obligations.

Examples:

  • Booking data
    Retained for audit & dispute resolution.
  • Logs
    Retained for security monitoring.
  • Inactive accounts
    May be anonymized or deleted eventually.

📌 Ref: PIPEDA Principle 5

17. Data Storage & Security

Verixa implements strong safeguards to protect data.

Technical Safeguards

  • Encryption (HTTPS / TLS)
  • Password hashing (bcrypt/equiv)
  • Secure server infrastructure
  • Access control systems
  • Rate limiting and monitoring

Organizational Safeguards

  • Restricted access to sensitive data
  • Role-based permissions
  • Internal logging and monitoring
  • Security review practices

Physical Safeguards

  • Secure hosting environments
  • Cloud provider security standards

📌 Ref: PIPEDA Principle 7

18. Third-Party Service Providers

Verixa uses trusted third-party providers to operate the platform.

Payment Processing

Handled by: Stripe (or equivalent)

We do not store full card numbers or CVV.

Email Delivery

Handled by: Transactional email services (e.g., Resend)

Infrastructure

May include: Cloud hosting providers & managed database services.

Legal Position

  • Third parties provide adequate protection.
  • Data is used only for intended purposes.
  • Contracts include privacy obligations.

📌 Ref: PIPEDA Accountability Principle

19. Cross-Border Transfers

Your data may be processed outside Canada (e.g., cloud infrastructure).

  • Data may be subject to foreign laws.
  • Verixa ensures reasonable safeguards are in place.

📌 Ref: OPC guidance on cross-border data flows.

20. Disclosure of Info

  • With Consultants: When booking, only necessary info is shared.
  • With Providers: Payment processors, email endpoints.
  • Legal Req: Disclosed if required by law (court orders, law env).
  • Business Transfer: Merger/Acquisition transfers strictly confidential.

📌 Ref: PIPEDA Section 7(3)

21. Data Accuracy

We strive to keep personal information accurate, complete, and up-to-date. Users and consultants can update their information securely through their account dashboard limits.

📌 Ref: PIPEDA Principle 6

22. Logging & Monitoring

Maintains logs for:
  • System activity
  • Booking events
  • Auth actions
Purpose:
  • Security
  • Fraud detection
  • Disputes

⚠️ Critical Trust Statement

Verixa specifically does NOT:

  • Access private consultation conversations beyond what is necessary to deliver the direct core booking service.
  • Intercept direct communications that occur external to the physical Verixa platform.
  • Record audio/video calls unless explicitly stated via UI elements and consciously consented to by both parties.

Part 3 — User Rights, Cookies, Compliance & Legal

23. Individual Rights (Under PIPEDA)

Under PIPEDA, users have specific rights regarding their personal information.

23.1 Right of Access

  • Request access to personal data
  • Understand how data is used
  • Know who data has been shared with

📌 Ref: PIPEDA Principle 9

23.2 Right to Correction

  • Inaccurate data
  • Incomplete data
  • Outdated data

Verixa will update records where appropriate.

📌 Ref: PIPEDA Principle 6

23.3 Withdraw Consent

Users may withdraw consent anytime, subject to:

  • Legal obligations
  • Active transactions (e.g., bookings)

After withdrawal, some services may no longer be available.

23.4 Challenge Compliance

Users may file a complaint regarding misuse, privacy concerns, or improper handling.

Verixa will investigate and respond in a reasonable timeframe.

23.5 Escalation to Regulator

If not satisfied, users may contact the Office of the Privacy Commissioner of Canada (OPC):

https://www.priv.gc.ca/

24. Cookies & Tracking Technologies

Verixa uses cookies and similar technologies to:

  • Maintain sessions
  • Improve performance
  • Analyze usage
  • Enhance user experience

Legal Position

  • Compliant with PIPEDA consent principles
  • Compliant with reasonable user expectations
  • Users can disable cookies in browser settings or limit tracking.
Essential Cookies

Login sessions & Security

Analytics Cookies

Usage tracking & Performance metrics

Functional Cookies

Preferences & Saved settings

25. Marketing Comms

We may send booking confirmations, reminders, and service updates.

  • Opt-in: Newsletters, edu content, platform updates.
  • Opt-out: Unsubscribe anytime via email or settings.

📌 Ref: CASL Compliance

26. Data Breach Response

In the event of a breach, Verixa will:

  • Assess the risk of harm
  • Notify affected users if required
  • Report to Privacy Commissioner if necessary

📌 Ref: PIPEDA Breach Regulations

27. Account Closure

Users may request account deletion and data removal.

Verixa may retain data for:

  • Legal compliance
  • Dispute resolution
  • Financial records

28. Automated Decision-Making

Verixa may use automated systems for ranking consultants, displaying search results, and visibility weighting.

Important: No legal or immigration decisions are made by Verixa. Automated systems do not replace professional judgment.

29. Prof. Services Disclaimer

  • Connects users with licensed consultants.
  • Does not provide immigration advice.
  • Does not act as a legal representative.

All services are provided by independent consultants.

30. Limitation of Liability

Verixa takes reasonable steps to protect data, but no system is 100% secure. Users share information at their own risk.

Verixa is not responsible for:

  • Actions of third-party consultants
  • External systems beyond our control

31. Children’s Privacy

Verixa is not intended for individuals under 18. We do not knowingly collect personal information from minors.

32. Policy Updates

Verixa may update this policy periodically. Updated versions will be published, and users may be notified if changes are material.

33. Contact Information

For privacy-related inquiries:

  • Privacy Officer
  • Email: legal@getverixa.com
  • Platform contact form

Final Legal Position

Verixa operates under Canadian privacy law and formally commits to transparency, limited data use, user control, and responsible handling.

“Privacy is not a legal page.
It is a trust engine.”

Verixa is engineered to protect your future. By establishing a zero-compromise approach to data governance, we convert absolute security into absolute confidence.