1. Introduction
Luchian Software Consulting, Inc., operating as ZipCheck (“we,” “us,” “our,” or “ZipCheck”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our job posting compliance analysis service (the “Service”).
We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and its 10 fair information principles. This policy applies to all users of ZipCheck, including anonymous users and registered account holders.
By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Information You Provide Directly
Account Information:
- Name and email address
- Organization name (optional)
- Password (encrypted, never stored in plain text)
User Content:
- Job posting text you submit for analysis
- Notes or comments you add to reports
Communications:
- Support requests and correspondence
- Feedback you provide about the Service
2.2 Information Collected Automatically
Usage Data:
- Features used and actions taken
- Scan history and timestamps
- Compliance reports generated
Technical Data:
- IP address
- Browser type and version
- Device type and operating system
- Referring website
- Pages visited and time spent
2.3 Payment Information
We use Stripe to process payments. We do not store your credit card number, CVV, or full payment card details. Stripe collects and processes payment information in accordance with their Privacy Policy.
3. How We Collect Information
3.1 Direct Collection
We collect information directly when you:
- Create an account
- Submit job postings for analysis
- Contact us for support
- Subscribe to a paid tier
3.2 Automatic Collection
We automatically collect technical and usage data through:
- Server logs
- Cookies and similar technologies (see Section 9)
- Analytics tools (when implemented)
3.3 Third-Party Sources
We may receive information from:
- Authentication providers (when you sign in with third-party accounts)
- Payment processors (transaction confirmations only)
4. How We Use Your Information
We use your information for the following purposes:
| Purpose | Examples | Legal Basis (PIPEDA) |
|---|---|---|
| Provide the Service | Analyze job postings, generate reports, store scan history | Consent / Contract |
| Process Payments | Bill paid subscriptions, handle refund requests | Contract |
| Improve the Service | Analyze usage patterns, fix bugs, develop features | Legitimate interest |
| Communicate with You | Respond to support requests, send service updates | Consent / Contract |
| Ensure Security | Detect abuse, prevent fraud, protect systems | Legitimate interest |
| Comply with Law | Respond to legal requests, enforce terms | Legal obligation |
We do NOT:
- Sell your personal information to third parties
- Use your data for advertising or marketing purposes
- Share your job posting content with other users
- Use your job posting text to train our own AI models
5. AI and Machine Learning
5.1 How AI Processes Your Data
ZipCheck uses artificial intelligence (AI) and large language models (LLMs) to analyze job postings. When you submit a job posting:
- Rule-Based Analysis: Your text is first analyzed using automated pattern matching (no AI involved)
- Low-Confidence Flagging: If the rule-based system has low confidence, your text proceeds to AI analysis
- AI Analysis: Your job posting text is sent to third-party AI providers (via OpenRouter) for deeper analysis
- Results Generation: AI-generated compliance suggestions are returned to you
- Report Display: The compliance report is presented in your dashboard
5.2 What AI Providers Receive
When processing your job posting, our AI providers receive:
- The job posting text you submitted
- A unique session identifier (not linked to your identity)
AI providers do not receive:
- Your name or email address
- Your organization name
- Your payment information
- Your account details
5.3 Contractual Protections
We have contractual agreements with AI providers that:
- Prohibit them from using your data to train their models
- Require them to delete your data after processing
- Limit data retention to the minimum necessary for processing
- Require industry-standard security measures
However, you should review the privacy policies of third-party AI providers for their specific data handling practices.
5.4 AI Providers
We currently use:
- OpenRouter: Routes requests to various LLM providers (including Anthropic, OpenAI, and others) for text analysis
For details on how these providers handle data, see their respective privacy policies.
5.5 Aggregated Data
We may use anonymized, aggregated patterns (e.g., “60% of postings lack salary disclosure”) to improve the Service. This aggregated data:
- Cannot be linked back to you or your specific job postings
- Does not contain personally identifiable information
- Helps us understand common compliance issues
7. Data Retention
7.1 Retention Periods
| Data Type | Free Tier | Paid Tier |
|---|---|---|
| Scan History | 7 days | Permanent |
| Job Posting Text | 7 days | Permanent |
| Shareable Reports | 30 days | 30 days |
| Account Information | While active | While active |
| Payment Records | 7 years (legal requirement) | 7 years (legal requirement) |
| Support Communications | 2 years | 2 years |
| Backups | Up to 90 days after deletion | Up to 90 days after deletion |
7.2 Automatic Deletion
- Free Tier: Scan history and job posting text are automatically deleted after 7 days
- All Tiers: Shareable report links expire and are permanently deleted after 30 days
7.3 After Account Closure
When you close your account:
- Personal information is deleted within 30 days
- Anonymized usage data may be retained for analytics
- Backup copies may persist for up to 90 days before permanent deletion
- Legal/tax records (e.g., payment history) are retained for 7 years as required by law
7.4 Deletion Requests
You can request deletion of your data at any time by contacting privacy@zipcheck.ca. We will process deletion requests within 30 days, except where retention is required by law.
8. Your Privacy Rights
Under PIPEDA, you have the following rights:
8.1 Right to Access
You can request a copy of the personal information we hold about you. We will respond within 30 days. There is no fee for reasonable requests.
8.2 Right to Correction
If your information is inaccurate or incomplete, you can request corrections. We will update our records promptly and notify any third parties who received the incorrect information (where appropriate).
8.3 Right to Withdraw Consent
You can withdraw consent for data collection at any time. Note that withdrawing consent may limit your ability to use the Service (e.g., we cannot provide compliance analysis without processing your job posting text).
8.4 Right to Deletion
You can request deletion of your personal information. We will delete your data within 30 days, except where retention is required by law (e.g., payment records for tax purposes).
8.5 How to Exercise Your Rights
To exercise any of these rights:
- Email: privacy@zipcheck.ca
- Subject line: Include “Privacy Request” and the specific right you're exercising
We may need to verify your identity before processing your request. We will respond to privacy inquiries within 5 business days and complete requests within 30 days.
8.6 Complaints
If you believe we have not handled your information properly, you may file a complaint with:
Office of the Privacy Commissioner of Canada
- www.priv.gc.ca
- 1-800-282-1376
- info@priv.gc.ca
10. Data Security
10.1 Security Measures
We protect your information using:
Technical Safeguards:
- Encryption in transit (TLS 1.2+ / HTTPS)
- Encryption at rest for sensitive data (database encryption)
- Secure password hashing (bcrypt)
- Regular security updates and patches
- Firewall protection and intrusion detection
Organizational Safeguards:
- Access controls (need-to-know basis)
- Employee training on data protection
- Incident response procedures
- Regular security audits
10.2 No Guarantee
While we implement reasonable security measures, no system is 100% secure. We cannot guarantee absolute security of your information. Internet transmission and electronic storage always carry some risk.
10.3 Breach Notification
If a data breach occurs that poses a real risk of significant harm to individuals, we will:
- Notify affected individuals as soon as feasible (without undue delay)
- Report to the Privacy Commissioner of Canada as required by PIPEDA
- Take steps to mitigate harm and prevent future breaches
- Provide information about what happened and what you can do to protect yourself
11. International Data Transfers
11.1 Where Data Is Processed
Your information may be processed in:
- Canada: Primary data storage (PostgreSQL)
- United States: Some service providers (Stripe, Vercel, OpenRouter)
11.2 Safeguards
When transferring data outside Canada, we ensure protection through:
- Contractual agreements with service providers requiring PIPEDA-equivalent protection
- Selection of providers with strong privacy practices and certifications
- Compliance with PIPEDA requirements for cross-border transfers
- Data processing agreements that meet Canadian standards
11.3 Foreign Legal Access
Important:
Data stored or processed in other countries (particularly the United States) may be subject to the laws of those countries. This means:
- Foreign courts, law enforcement, or government authorities may be able to access your data
- Access may occur under foreign legal frameworks (e.g., U.S. CLOUD Act, national security orders)
- These access rights may be broader than what is permitted under Canadian law
We select service providers that limit government access to the extent legally possible and notify us of requests where permitted.
12. Children's Privacy
12.1 Age Restrictions
ZipCheck is intended for users who are at least 18 years of age (the legal age of majority in most Canadian provinces). We do not knowingly collect personal information from children under 18.
12.2 Parental Consent
In exceptional circumstances where a user between ages 13-17 wishes to use the Service (e.g., a high school student learning about HR compliance), we require verifiable parental or guardian consent before creating an account.
12.3 Reporting Child Accounts
If you believe a child under 18 has provided us with personal information without parental consent, please contact us at privacy@zipcheck.ca, and we will:
- Investigate the matter promptly
- Delete the information if consent was not obtained
- Close the account
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
Minor changes:
- We will update the “Last Updated” date at the top of this policy
- Changes take effect immediately upon posting
Material changes:
- We will notify registered users by email at least 30 days before the changes take effect
- We will post a prominent notice on the Service
- For Paid subscribers, material changes that adversely affect your rights will allow you to cancel your subscription without penalty within 30 days
Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
14. Contact Us
Privacy Officer
Luchian Software Consulting, Inc. (operating as ZipCheck)
Email Contacts:
- Privacy inquiries: privacy@zipcheck.ca
- General support: support@zipcheck.ca
- Website: https://zipcheck.ca
We aim to respond to all privacy inquiries within 5 business days and complete requests within 30 days.
Appendix: PIPEDA Compliance
ZipCheck complies with PIPEDA's 10 fair information principles:
| Principle | How We Comply |
|---|---|
| 1. Accountability | Privacy Officer designated; staff trained on data protection |
| 2. Identifying Purposes | We clearly state why we collect data (Section 4) |
| 3. Consent | We obtain consent before collecting personal information |
| 4. Limiting Collection | We collect only what's necessary to provide the Service |
| 5. Limiting Use, Disclosure, and Retention | Data used only for stated purposes; retention periods defined (Section 7) |
| 6. Accuracy | You can request corrections to your information (Section 8.2) |
| 7. Safeguards | Technical and organizational security measures (Section 10) |
| 8. Openness | This Privacy Policy is publicly available |
| 9. Individual Access | You can access your personal information (Section 8.1) |
| 10. Challenging Compliance | You can file complaints with Privacy Commissioner (Section 8.6) |