Privacy Policy — Appendix A
Formal Privacy Clauses
Version: 1.0 Last updated: 2026-04-13 Companion to: Privacy Policy
This Appendix sets out the formal legal framework underlying the Privacy Policy. The plain-language Privacy Policy describes the same practices in everyday terms; this Appendix provides the statutory references, formal definitions, and procedural detail required by Canadian privacy law.
In the event of any conflict between this Appendix and the plain-language Privacy Policy, the plain-language Privacy Policy governs your relationship with Bounty.
1. Identity of the data controller
The data controller is 1905106 Alberta Inc., an Alberta corporation, operating the Bounty service ("Bounty").
Mailing address: 1905106 Alberta Inc. Suite 707, 930 16 Avenue Southwest Calgary, Alberta T2R 1C2 Canada
Privacy contact: [email protected]
2. Applicable privacy legislation
Bounty's collection, use, and disclosure of personal information is governed by:
- The Personal Information Protection and Electronic Documents Act (Canada), S.C. 2000, c. 5 ("PIPEDA"), as it applies to commercial activity in Canada;
- The Personal Information Protection Act (Alberta), S.A. 2003, c. P-6.5 ("Alberta PIPA"), as it applies to private-sector organizations operating in Alberta;
- Canada's Anti-Spam Legislation (CASL), S.C. 2010, c. 23, as it applies to commercial electronic messages;
- Other applicable Canadian federal and provincial privacy legislation as it relates to personal information collected from residents of those provinces.
Where Alberta PIPA and PIPEDA both apply to a given activity, Bounty applies the standard that provides the user with greater protection.
3. Definitions
For the purposes of this Appendix:
- "Personal information" means information about an identifiable individual, as defined in PIPEDA s. 2(1) and Alberta PIPA s. 1(1)(k).
- "Processing" means any operation performed on personal information, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, restriction, erasure, or destruction.
- "User" means any individual who creates and maintains a Bounty account.
- "Service Provider" means a third-party processor engaged by Bounty to process personal information on Bounty's behalf, as listed in Section 7.
4. Categories of personal information processed
Bounty processes the following categories of personal information:
| Category | Specific data elements | Source |
|---|---|---|
| Account identifiers | Email address, account ID, scan handle | Provided by user |
| Authentication credentials | Salted password hash and/or passkey public keys | Generated from user input |
| Subscription data | Stripe customer ID, subscription status, subscription start/end dates | Generated through Stripe integration |
| User-generated content | Scan photographs, scan timestamps | Provided by user |
| Location data | Coordinates resolved to store-level granularity | Captured at user-initiated scan event |
| Activity data | Scan history, points balance, redemption activity, leaderboard position | Generated through user activity |
| Technical data | Device type, browser version, application version | Captured during service use |
| Diagnostic data | Failed-scan diagnostic images, parser telemetry | Captured at user-initiated scan event |
| Communication records | Transactional email logs (delivery, bounce status) | Generated through Brevo integration |
Bounty does not process special categories of personal information including, without limitation: government identifiers, biometric identifiers, financial account numbers, health information, racial or ethnic origin, political opinions, religious beliefs, trade union membership, sexual orientation, or criminal records.
5. Legal basis and purposes for processing
Personal information is processed on the following legal bases under PIPEDA and Alberta PIPA:
| Legal basis | Applicable processing | Statutory reference |
|---|---|---|
| Express consent at account creation | Account registration, subscription billing, transactional email | PIPEDA Sch. 1, Principle 4.3; Alberta PIPA s. 7 |
| Implied consent through use | Scan submission, points accrual, leaderboard display, parser improvement | PIPEDA Sch. 1, Principle 4.3.6; Alberta PIPA s. 8 |
| Reasonable purposes test | Diagnostic image processing for service improvement | PIPEDA s. 5(3); Alberta PIPA s. 11 |
| Legal obligation | Tax reporting, response to lawful access requests, breach notification | PIPEDA s. 7(3); Alberta PIPA s. 20 |
| Legitimate interests of the organization | Fraud detection, abuse prevention, security monitoring | Alberta PIPA s. 14 |
The specific purposes for which Bounty processes personal information are set out in the plain-language Privacy Policy.
6. Retention periods
Bounty retains personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law.
| Data category | Retention period | Trigger for deletion |
|---|---|---|
| Account identifiers | Duration of account + 30 days post-deletion | User-initiated account deletion |
| Scan photographs (verified) | As long as required for price verification or community dataset integrity | Aged-image purge process (timing to be formalized; current practice: deletion when no longer useful) |
| Diagnostic images | Duration of audit cycle | Aged-image purge process |
| Authentication credentials | Duration of account + immediate deletion on account closure | User-initiated account deletion |
| Subscription records | 7 years post-cancellation | Canadian tax record-keeping requirement |
| Activity data (post-deletion) | Anonymized and retained indefinitely as part of community dataset | Identifiers severed at account deletion; price data retained without user linkage |
| Transactional email logs | 12 months | Time-based purge |
Where Bounty has not yet formalized a specific retention window for a category, Bounty applies the principle of deletion when the information is no longer required for the purpose for which it was collected, in accordance with PIPEDA Sch. 1, Principle 4.5.
7. Service Providers and cross-border transfers
Bounty engages the following Service Providers in the processing of personal information. Some of these Service Providers are located outside of Canada. Personal information transferred to Service Providers outside of Canada may be subject to the laws of those jurisdictions, including lawful access by foreign governments.
| Service Provider | Function | Location of processing | Data categories transferred |
|---|---|---|---|
| Stripe, Inc. | Payment processing, subscription management | United States | Email, Stripe customer ID, payment card data (collected by Stripe directly) |
| Google LLC (Cloud Vision API) | Optical character recognition | United States | Scan photographs |
| Cloudflare, Inc. (R2 storage) | Object storage | United States / global edge network | Scan photographs, diagnostic images |
| MongoDB, Inc. (Atlas) | Database hosting | United States (AWS us-west-2 / Oregon) | All structured account and activity data |
| DigitalOcean, LLC (App Platform) | Application hosting | Canada (Toronto / TOR1) | All in-transit application data |
| Brevo SA (formerly Sendinblue) | Transactional email | European Union | Email address, transactional message content |
| Anthropic PBC | Product enrichment via large language model API | United States | Anonymized product text strings (no personal identifiers) |
In accordance with PIPEDA Sch. 1, Principle 4.1.3 and Alberta PIPA s. 13, Bounty remains accountable for personal information transferred to Service Providers and uses contractual and other means to provide a comparable level of protection while the information is being processed by a third party.
By using Bounty, you acknowledge and consent to the transfer of your personal information to these Service Providers, including those located outside of Canada.
7.1 Forward-looking commitment to Canadian-region hosting
Bounty is a Calgary-based company serving a Calgary-first community. Application hosting (DigitalOcean App Platform) is already located in Canada (Toronto). Core data storage (MongoDB Atlas) is currently located in the United States because Canadian-region hosting is not available on Bounty's current database tier. As Bounty's revenue and infrastructure tier permits, Bounty intends to migrate database storage to a Canadian region (Calgary or Montreal). Migration timing is subject to commercial viability and is not currently scheduled. Bounty will update this Appendix and notify users in accordance with Section 15 if and when such migration occurs.
8. Disclosure to third parties
Bounty does not sell, rent, or trade personal information.
Bounty may disclose personal information without consent only in the following circumstances, as permitted by PIPEDA s. 7(3) and Alberta PIPA s. 20:
- In response to a subpoena, warrant, court order, or other lawful demand by a Canadian government authority with jurisdiction;
- Where required by Canadian law or to comply with a legal obligation;
- To a law enforcement authority where Bounty has reasonable grounds to believe the information relates to a contravention of Canadian law that has been, is being, or is about to be committed;
- To protect the vital interests of an individual where consent cannot be obtained in a timely manner;
- To prevent, detect, or suppress fraud;
- In connection with the sale, merger, or transfer of all or substantially all of Bounty's business assets, subject to the recipient agreeing to honour this Privacy Policy.
Bounty publishes a transparency report regarding government access requests when and if the volume of such requests warrants. To date, Bounty has received [zero / specify number] such requests.
9. Individual rights
Subject to the limitations set out in PIPEDA and Alberta PIPA, you have the following rights with respect to your personal information:
| Right | Statutory basis | How to exercise |
|---|---|---|
| Right of access | PIPEDA Sch. 1, Principle 4.9; Alberta PIPA s. 24 | Email [email protected] |
| Right to correction | PIPEDA Sch. 1, Principle 4.9.5; Alberta PIPA s. 25 | Account settings or email [email protected] |
| Right to withdraw consent | PIPEDA Sch. 1, Principle 4.3.8; Alberta PIPA s. 9 | Account deletion via account settings |
| Right to data portability (export) | Best practice; not statutorily required under PIPEDA/PIPA | Email [email protected] |
| Right to challenge compliance | PIPEDA Sch. 1, Principle 4.10; Alberta PIPA s. 27 | Email [email protected]; escalation to OPC or OIPC |
Bounty will respond to verified requests within 30 calendar days of receipt, in accordance with PIPEDA s. 8(3) and Alberta PIPA s. 28. Where a request cannot be fulfilled within 30 days, Bounty will provide notice of the extension, the reason for the extension, and the anticipated response date.
10. Account recovery and identity verification
Bounty's collection of personal information is intentionally minimized to the categories set out in Section 4. As a consequence, Bounty does not hold sufficient identifying information to verify a user's identity in the event the user loses access to their account email address.
In such cases, Bounty cannot:
- Restore access to the account;
- Transfer account data, scan history, or accumulated points to a new account;
- Verify any claim of account ownership made through channels other than the registered email address.
This limitation is a deliberate consequence of Bounty's data minimization practices under PIPEDA Sch. 1, Principle 4.4 and Alberta PIPA s. 11. Users are responsible for maintaining access to their registered email address and for the security of their authentication credentials.
11. Security safeguards
In accordance with PIPEDA Sch. 1, Principle 4.7 and Alberta PIPA s. 34, Bounty implements physical, organizational, and technological safeguards appropriate to the sensitivity of the personal information processed:
- Encryption in transit: All client-server communication uses Transport Layer Security (TLS 1.2 or higher).
- Encryption at rest: Photographic data is stored in encrypted-at-rest object storage; database storage uses encryption at rest provided by MongoDB Atlas.
- Authentication: Passwords are stored as salted hashes using industry-standard algorithms; passkey credentials are stored as cryptographic public keys.
- Access controls: Access to production systems is limited to authorized personnel and is logged.
- Minimization: Personal information is collected only as necessary for the identified purposes; non-essential data is deliberately not collected.
12. Breach notification
In the event of a breach of security safeguards involving personal information under Bounty's control where it is reasonable to believe the breach creates a real risk of significant harm to an individual, Bounty will:
- Report the breach to the Office of the Privacy Commissioner of Canada as soon as feasible after determining that a breach has occurred, in accordance with PIPEDA s. 10.1(1);
- Notify affected individuals as soon as feasible, in accordance with PIPEDA s. 10.1(3);
- Maintain a record of every breach of security safeguards involving personal information, in accordance with PIPEDA s. 10.3;
- Where required, notify the Information and Privacy Commissioner of Alberta in accordance with Alberta PIPA s. 34.1.
"Significant harm" includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on credit record, and damage to or loss of property.
13. Children and minors
Bounty is not directed to children under the age of 13 and does not knowingly collect personal information from children under 13. If Bounty becomes aware that personal information of a child under 13 has been collected, Bounty will delete such information without undue delay.
For users between the ages of 13 and the age of majority in their province of residence (18 in Alberta), parental or guardian consent is recommended. Alberta PIPA permits a minor to provide consent on their own behalf where the minor understands the nature and consequences of the consent (Alberta PIPA s. 8(2)).
14. Filing a complaint
If you believe Bounty has not handled your personal information in accordance with this Privacy Policy or applicable law, you may:
-
Contact Bounty directly at [email protected]. Bounty will investigate and respond within 30 calendar days.
-
File a complaint with the Office of the Privacy Commissioner of Canada: 30 Victoria Street Gatineau, Quebec K1A 1H3 Telephone: 1-800-282-1376 Website: priv.gc.ca
-
File a complaint with the Office of the Information and Privacy Commissioner of Alberta: 410, 9925 - 109 Street NW Edmonton, Alberta T5K 2J8 Telephone: 1-888-878-4044 Website: oipc.ab.ca
15. Changes to this Appendix
This Appendix may be updated from time to time. Material changes will be:
- Announced in-app at least 30 days before they take effect;
- Notified to users by email at least 30 days before they take effect;
- Reflected in the version number and changelog of both the Privacy Policy and this Appendix.
Continued use of Bounty after the effective date of a material change constitutes acceptance of the updated Appendix.
Changelog
| Version | Date | Changes |
|---|---|---|
| 1.0 | 2026-04-13 | Initial Appendix A. |