CC Compliance Calendar

Privacy policy

Last updated: 2026-06-17. Aligned with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) Schedule 1.

1. Who we are

Compliance Calendar is a corporate filing-assistance service operated by Grid Inc., based in Toronto, Ontario, Canada. Our designated Privacy Officer (per PIPEDA Principle 1) is Krishna Dogra, reachable at caleb@compliancecalendar.ca.
Grid Inc., 5 Defries St, Toronto ON M5A 0W7, Canada.

2. What personal information we collect

We collect only what is needed to provide the service. This includes:

  • Corporation identifiers: corporation number, Business Identification Number (BIN), Ontario corporation number, Company Key or Corporation Key (where provided to enable filing).
  • Contact information: your name, email address, and phone number (optional).
  • Filing details you provide: director information, registered office address, or other details required for the specific return you ordered.
  • Billing metadata: payment processing is handled by Stripe; we receive only non-sensitive metadata (transaction status, last four digits of card, Stripe session ID). We do not store full card numbers.
  • Technical data: IP address, browser user-agent, and referral source, collected automatically when you visit the site. We use server-side analytics only — no third-party tracking scripts.
  • Cold-outreach source: for corporations we contact proactively, the corporation name, number, and publicly-listed contact address come from the Corporations Canada open dataset, a public government registry. We do not purchase or trade personal data lists.

3. Why we collect it (PIPEDA Principle 2 — purposes)

  • To prepare and submit the corporate filing you have authorized us to make.
  • To send you receipts, filing confirmations, and the government confirmation number.
  • To send renewal reminders if you have opted in or have an active service relationship with us.
  • To respond to your inquiries and support requests.
  • To meet our legal record-keeping obligations (e.g., transaction records).
  • To send cold-outreach email to corporations whose upcoming compliance deadlines we have identified from the public Corporations Canada registry (CASL implied consent — see section 9).

4. Consent (PIPEDA Principle 3)

For customers: you provide express consent at intake by submitting the order form. For cold-outreach recipients: we rely on CASL implied consent under section 10(9)(b) of the Canada Anti-Spam Legislation — the recipient's electronic address is conspicuously published and the message is relevant to the corporation's business role (compliance filing). You may withdraw consent at any time by emailing the Privacy Officer or by replying "Unsubscribe" to any email we send. Consent to receive service-critical communications (e.g., your filing confirmation) cannot be withdrawn without cancelling your service.

5. Where your data is stored

Your personal information is stored on infrastructure operated in Canada or by Canadian-resident operators. The one exception is the AI provider described in section 6: when you reply to one of our emails, the text of your reply may be sent to NVIDIA's cloud-hosted AI service (NVIDIA NIM), which operates outside Canada, solely so we can classify and route your message. We do not send your Corporation Key or Company Key to that service — see section 8. Apart from the processors listed below, we do not transfer personal data to servers outside Canada.

6. Processors and third-party sharing (PIPEDA Principle 5)

We share information with the following processors strictly to deliver the service:

  • Stripe — payment processing.
  • Resend — transactional email delivery (filing confirmations, receipts).
  • Zoho Mail — outreach and reply-handling mailbox.
  • NVIDIA (NIM AI service) — when you reply to one of our emails, the reply text is processed by NVIDIA's hosted AI model so we can understand and route your message (for example, to tell an "unsubscribe" from a "yes, please file"). The Corporation Key / Company Key is automatically removed from the text before it is sent to this service.
  • Cloudflare — DNS, CDN, and webhook proxy.
  • Namecheap / hosting provider — website and backend hosting.
  • Government portals — Corporations Canada, Ontario Business Registry, as required to file the returns you authorize.

We do not sell, rent, or share your personal information with any third party for marketing or any purpose other than delivering the service.

7. Retention (PIPEDA Principle 5)

  • Filing records and transaction data: 7 years, to satisfy Canadian tax record-retention requirements.
  • Cold-outreach marketing data (email addresses of corporations we contacted): retained until unsubscribe, plus 60 days for suppression-list hygiene, then deleted.
  • Corporation Keys and Company Keys provided to us to perform a filing: encrypted at rest and retained only as long as necessary to complete the filing. Once your return has been filed and accepted, the key is permanently purged from our systems. We do not keep it for future filings.

8. Safeguards (PIPEDA Principle 7)

Data is encrypted in transit (TLS) and at rest. Operator access to government portals uses multi-factor authentication. Corporation Keys and Company Keys provided by customers are encrypted at rest and held in a restricted store that our public-facing website and API cannot read — they are never stored in plain text alongside the rest of your order. The key is also automatically redacted from any message text before that text is sent to the AI provider described in section 6, and is permanently deleted once your filing is complete (see section 7). Only personnel who need a credential to perform your filing can access it.

9. Cold-outreach and CASL

If you received an email from us without previously contacting us, it is because your corporation's compliance deadline appeared in the public Corporations Canada open dataset and the email address was publicly listed in connection with the corporation. Every such message identifies us as the sender (Compliance Calendar, operated by Grid Inc.), includes our mailing address (Grid Inc., 5 Defries St, Toronto ON M5A 0W7), and provides a functional unsubscribe mechanism. Unsubscribe requests are honored within 10 business days and your address is added to our permanent suppression list.

10. Your rights — access, correction, and deletion (PIPEDA Principles 9–10)

You have the right to request access to, correction of, or deletion of the personal information we hold about you. Email the Privacy Officer at caleb@compliancecalendar.ca. We will respond within 30 days. We may need to verify your identity before processing a request, and some information may be retained to meet our legal obligations.

11. Complaints

Contact our Privacy Officer first. If your concern is not resolved, you may file a complaint with the Office of the Privacy Commissioner of Canada: 1-800-282-1376 / priv.gc.ca.