Privacy Policy

Last updated: September 24, 2025

1) Who we are

Inveniire (“we”, “us”, “our”) operates a marketplace connecting clients and service providers. We are headquartered in Toronto, Ontario, Canada.

2) What we collect

• Account data — name, email, profile info (bio, skills, languages), avatar, city/region.
• Transactional data — orders, milestones, payout details, limited payment metadata (handled by processors; we don’t store full card numbers).
• Content — listings, messages, attachments, reviews, and deliverables exchanged on-platform.
• Device & usage — IP, user agent, timestamps, event logs, error logs, basic analytics.
• Location features — user-entered addresses/queries and geocoding results via mapping providers you use.
• Support — tickets, safety reports, and communications with our team.

3) How we use your data (purposes)

• Provide & secure the Platform — account, auth, messaging, listings, payments, fraud/abuse detection, dispute assistance.
• Operate the marketplace — profiles/listings visibility, discovery, order management, payouts.
• Improve & troubleshoot — diagnostics, UX research, feature development, reliability.
• Legal/compliance — tax/audit, safety reports, regulatory requests, Terms enforcement.
• Communications — transactional emails (receipts, security alerts, order updates). No marketing without consent.

4) Legal bases (where applicable)

We rely on contract, legitimate interests (security, fraud prevention, improvement), and consent (e.g., optional analytics, regional requirements). You can withdraw consent at any time.

5) Sharing

• Service Providers — hosting/storage/auth (e.g., Supabase), email delivery (SendGrid), maps/geolocation (LocationIQ), CDNs, and payment processors.
• Other Users — information you share in profiles, listings, and messages as part of normal operations.
• Authorities/Compliance — when required by law or necessary to protect users or the Platform.
• Corporate events — as part of a merger, acquisition, or sale of assets, under confidentiality.

6) Cookies & similar technologies

We use necessary cookies for security and login/session. Optional categories (e.g., analytics) are used only with consent. See our Cookie Policy for details and controls.

7) Storage, security & retention

• Security — TLS in transit, access controls, least-privilege; private files may use signed URLs.
• Retention — personal data is kept only as long as needed. Transactional, message, fraud, and audit records may be retained up to seven (7) years (or longer if required by law).
• Backups & logs — kept for continuity, security investigations, and compliance.

8) Account deletion & what remains

Delete your account in-app. After confirmation, we remove personal identifiers from your account. We retain information required for audit, tax, fraud prevention, safety, dispute, and financial compliance (e.g., order records, payment metadata, messages tied to orders) for the retention period above.

9) Cross-border transfers

Your data may be processed outside your province or country (e.g., U.S. or EU). We apply appropriate safeguards consistent with this policy and applicable law.

10) Your rights

• Access & portability — request a copy/export of your data.
• Correction — fix inaccurate information.
• Deletion — request deletion; we’ll honor it subject to legal/operational limits.
• Objection/Restriction — object to or restrict processing in certain cases.
• Consent withdrawal — withdraw consent where processing is based on consent.

To exercise rights, email support@inveniire.com. We may need to verify your identity and will respond within applicable timelines. If we decline a request, we’ll explain why and how to appeal.

11) Regional information

• Canada (PIPEDA/CPPA) — rights to access and correct personal information; you may complain to the Office of the Privacy Commissioner of Canada if unresolved.
• EEA/UK (GDPR) — rights to access, rectification, erasure, restriction, portability, objection; lodge complaints with your supervisory authority.
• US State laws — where applicable (CPRA/CPA/CTDPA, etc.), rights to know/access, correct, delete, and opt-out of targeted advertising or sale/share. We honor Global Privacy Control (GPC) where required.

12) Children

The Platform is not directed to individuals under 18. If you believe a child provided personal data, contact us to request deletion.

13) Security incidents

We maintain incident response procedures and, where required by law, will notify affected users and/or regulators about a data breach.

14) Changes to this policy

We may update this Privacy Policy due to legal, technical, or operational changes. We will post the updated date above and seek consent for material changes where required.

15) Contact

Privacy questions or requests: support@inveniire.com

This policy is provided for MVP purposes and does not constitute legal advice. Consult counsel for compliance with PIPEDA and other laws applicable to you.