What Currentline knows about you, and what it does with that.

Currentline is a regulatory news aggregator. We need an email address to sign you in and tell you when something on your watchlist files a new document. That's about it.

• We don't sell your data. There is no advertising.
• We don't track you across the web.
• We use one cookie — your sign-in session.
• You can delete your account and all associated data at any time by emailing privacy@currentlinewire.com.

Currentline is the publisher of this site at currentlinewire.com. For the purposes of PIPEDA, Currentline is the “organization” that determines the purposes for which your personal information is collected, used, and disclosed.

Privacy questions, access requests, and complaints go to privacy@currentlinewire.com.

We collect only the information needed to operate the service. There are three categories:

Account information

• Email address (required to sign in)
• Display name + profile image, if you sign in with Google or Microsoft (we receive these from the provider)
• Subscription tier and billing status (returned by Stripe; we do not store payment details ourselves)

Usage information

• Sign-in timestamps and session expiry
• Watchlist selections (which utilities and EB case numbers you follow)
• Server logs — request URLs, timestamps, IP address, user agent — retained for security and debugging

What we don't collect

• No payment card numbers — Stripe handles those, we never see them
• No social-graph data, contact lists, calendars, or files
• No location data beyond approximate region from your IP
• No tracking across other websites — we don't embed third-party trackers, analytics pixels, or advertising tags

Under PIPEDA we are only permitted to collect personal information for purposes a reasonable person would consider appropriate. Our purposes are:

• Authentication. Your email is how we recognize you between visits.
• Service delivery. Your watchlist determines what your digest emails contain.
• Billing. Tier + period information is used to determine which features you can access.
• Security. Server logs let us detect abuse, debug failures, and audit account activity if you ask.
• Communication. Transactional emails (sign-in links, billing receipts, security notices). We do not send marketing emails unless you separately opt in.

• Account record: until you ask us to delete it
• Session tokens: 30 days from last sign-in, then auto-purged
• Magic-link verification tokens: 60 seconds after first use, then auto-purged
• Watchlist: until you remove individual items, or until account deletion
• Server logs: 30 days
• Stripe billing records: 7 years (per Canada Revenue Agency record-keeping requirements)

We use the following third-party services to operate Currentline. Each is listed with the data they receive and the contractual basis (Data Processing Addendum, “DPA”) under which they process it.

Each subprocessor processes your information only on our instructions, under a written data processing agreement, and retains it only as long as necessary to deliver the service. Your information may transit and be stored on servers outside Canada. By using Currentline you consent to this cross-border transfer as contemplated by PIPEDA Principle 4.1.3.

Currentline uses one functional cookie:__Secure-authjs.session-token— the session identifier issued by our authentication library after you sign in. It is HTTP-only, Secure, and SameSite=Lax. Its purpose is to keep you signed in for up to 30 days so you don't have to authenticate on every visit.

We do not use any other cookies. There are no analytics cookies, advertising cookies, third-party tracking pixels, or fingerprinting scripts. Local storage is used only for client preferences (e.g., the tier-switcher demo state) and contains no personal information.

You may, at any time, ask us to:

• Access the personal information we hold about you
• Correct any inaccuracies
• Delete your account and all associated information
• Export a copy of your data in machine-readable form (JSON)
• Withdraw consent for any optional processing

To exercise any of these rights, email privacy@currentlinewire.com from the address on your account. We respond within 30 days.

If you believe we have mishandled your personal information, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

We protect your information with the safeguards a reasonable organization in our position would apply:

• All traffic over HTTPS with current TLS
• Database encrypted at rest by our hosting provider
• Secrets stored in encrypted environment variables, never in code or git history
• Passwordless authentication — there is no password to be stolen
• Session cookies marked Secure + HTTP-only to prevent client-side or insecure-channel exfiltration
• Per-user data scoped via Postgres row-level access patterns

No system is perfectly secure. If we ever discover a breach affecting your personal information, we will notify you without unreasonable delay and report to the Privacy Commissioner of Canada as required by PIPEDA's breach-notification rule.

Currentline is a professional regulatory news service intended for users 18 years of age or older. We do not knowingly collect information from children under 18. If you believe a minor has provided us with personal information, please contact privacy@currentlinewire.com and we will delete it.

We may update this policy as the service evolves. Material changes are announced on the wire and, if they affect existing accounts, by email at least 30 days before they take effect. The version date at the top of this page always reflects the current revision.

privacy@currentlinewire.com

Currentline · Ontario, Canada