Privacy Policy

Last Updated: March 2026 (Version 2.0)

At PMCaVa, we prioritize your privacy and the security of your business data. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have. We operate on a "Privacy-First" basis.

This policy applies to PMCaVa.com, operated by Syntrotex Inc., a Canadian corporation. If you have questions, contact us at privacy@pmcava.com.

1. Data We Collect

We collect information you provide directly to us when you create an account, use the Service, or contact us. This includes:

  • Account Information: Name, email address, username, company name, job title, industry, and country of residence.
  • Address Details: Billing address, city, province/state, and postal code — used for billing, tax determination, and account verification.
  • Financial & Business Data: Transaction ledgers, invoices, business plans, financial projections, SWOT analyses, and any other business data you enter into the platform.
  • Bank Account Data (if connected): If you choose to connect your bank account via Plaid, we receive account details, balances, and transaction history from your financial institution. See Section 6 for full details.
  • Payment Information: When you purchase a subscription, your payment details are collected and processed by Stripe. PMCaVa does not store your full credit card number. We retain only a tokenized reference and the last 4 digits of your card for display purposes.
  • Usage Data: Log data including IP address, browser type, pages viewed, and actions taken within the platform — used to improve the Service and detect abuse.
  • Communications: Any messages you send to our support team.

2. How We Use Your Data

We use your data solely to provide, operate, and improve the PMCaVa Service. Specifically:

  • To create and manage your account.
  • To generate vCoach financial insights, forecasts, business plans, and strategic recommendations.
  • To charge your monthly subscription fee and any additional credit purchases via Stripe, and to update your available credit balance accordingly.
  • To import and analyze your bank transaction data (if bank connectivity is enabled).
  • To determine applicable taxes based on your country and province/state.
  • To send transactional emails (account verification, billing receipts, password resets).
  • To send product updates and announcements, if you have opted in.
  • To prevent fraud, detect abuse, and ensure platform security.
  • To comply with legal obligations under applicable Canadian law.

We do not sell your data to third parties. We do not use your data for advertising.

3. AI Processing and Data Privacy

PMCaVa uses Google LLC (Gemini AI) to power vCoach features. When you use AI-assisted features:

  • Only the specific data context required for the AI request is transmitted — not your entire data set.
  • Before any data is sent to Google Gemini, personally identifiable information (names, addresses, account numbers) is automatically masked or pseudonymized by our AI Gateway service.
  • We do not permit our AI providers to use your data to train their foundational models.
  • AI processing is governed by Google's Privacy Policy: policies.google.com/privacy.

4. Payment Processing — Stripe

We use Stripe, Inc. to process all subscription payments. When you provide payment information:

  • Your card details are transmitted directly to Stripe over an encrypted connection. PMCaVa does not see or store your full card number.
  • Stripe may collect transactional data, device information, and fraud signals as part of processing your payment.
  • Stripe may use cookies and similar technologies when you interact with their payment elements on our site.
  • For Canadian users, Stripe may obtain information from credit agencies to verify your identity as required by applicable financial regulations. By registering and providing payment information, you consent to this verification.
  • Stripe is PCI DSS Level 1 certified — the highest level of payment security certification.
  • Stripe's full privacy practices are described in their Privacy Policy: stripe.com/privacy.

5. Cookies and Tracking Technologies

PMCaVa uses minimal cookies necessary for the operation of the Service:

  • Session Cookies: Required to keep you logged in during your session.
  • CSRF Tokens: Required for form security.
  • Stripe Cookies: Stripe may place cookies on your device when you interact with payment elements, for fraud detection and performance purposes. These are governed by Stripe's cookie policy.

We do not use advertising cookies, tracking pixels, or third-party analytics that profile you for marketing purposes.

6. Bank Account Connectivity — Plaid

PMCaVa offers optional bank account connectivity powered by Plaid Technologies, Inc. This feature is entirely optional — PMCaVa is fully functional without connecting a bank account.

  • What Plaid Accesses: When you connect your bank account, Plaid retrieves your account information, transaction history, and current balances from your financial institution using secure, read-only API access. Plaid does not receive your banking password — it uses your bank's own secure authentication flow.
  • What PMCaVa Receives: PMCaVa receives the financial data returned by Plaid (account names, transaction amounts, dates, merchant names, and categories) and uses it to power vCoach financial analysis and forecasting.
  • Data Not Shared: Your bank data is not shared with any third parties outside of the services described in this policy. It is not sold, used for advertising, or shared with other PMCaVa users.
  • Revoking Access: You may disconnect your bank account at any time from your Account Settings page within PMCaVa. You may also manage or revoke access directly via Plaid's portal at my.plaid.com.
  • Plaid's Privacy Policy: Plaid's handling of your financial data is described in their End User Privacy Policy: plaid.com/legal.

7. Data Sharing and Third Parties

We share your data only as necessary to operate the Service. The third parties we work with are:

Third Party Purpose Data Shared Their Privacy Policy
Stripe, Inc. Payment processing & subscription billing Name, email, billing address, payment card details stripe.com/privacy
Plaid Technologies, Inc. Bank account connectivity (optional feature) Bank credentials handled directly by Plaid; PMCaVa receives read-only financial data plaid.com/legal
Google LLC (Gemini AI) AI-powered vCoach analysis and generation Masked/anonymized business context data only policies.google.com/privacy

We may also disclose your information if required by law, court order, or to protect the rights, property, or safety of PMCaVa, our users, or the public.

8. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in Transit: All data transmitted between your browser and our servers uses HTTPS/TLS encryption.
  • Encryption at Rest: All PII and sensitive business data is encrypted at rest in our database.
  • Field-Level Encryption: Particularly sensitive data fields (such as addresses and financial identifiers) use field-level encryption as an additional layer of protection.
  • Access Controls: Your data is accessible only to you and authorized PMCaVa personnel on a need-to-know basis.
  • No Password Storage: We store only a cryptographic hash of your password — we cannot retrieve or read your password.

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Data Retention

We retain your data for as long as your PMCaVa account is active or as needed to provide the Service. Specific retention periods:

  • Account & Profile Data: Retained for the duration of your account. Deleted within 30 days of account deletion request.
  • Financial & Business Data (manually entered): Retained for the duration of your account. Deleted within 30 days of account deletion request.
  • Bank Transaction Data (via Plaid): Retained for the duration of your account. Deleted within 30 days of account deletion request or bank disconnection request.
  • Payment Records: Billing history and transaction records are retained for 7 years as required by Canadian tax and financial record-keeping law.
  • Usage Logs: Server and access logs are retained for up to 90 days for security and debugging purposes.

10. Your Rights (PIPEDA & Canadian Privacy Law)

As a Canadian-operated service, PMCaVa complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. You have the following rights regarding your personal information:

  • Right of Access: You may request a copy of the personal information we hold about you.
  • Right to Correction: You may request that we correct inaccurate or incomplete personal information.
  • Right to Deletion: You may request deletion of your account and all associated personal data. Submit a deletion request from your Account Settings or by emailing privacy@pmcava.com. We will process deletion requests within 30 days, subject to legal retention requirements (see Section 9).
  • Right to Withdraw Consent: You may withdraw consent to optional data processing (such as marketing emails) at any time. Withdrawing consent for essential processing may require account termination.
  • Right to Disconnect Bank Account: You may disconnect your bank account and revoke Plaid's data access at any time from Account Settings.
  • Right to Lodge a Complaint: If you believe your privacy rights have been violated, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.

To exercise any of these rights, contact us at privacy@pmcava.com.

11. International Data Transfers

PMCaVa is operated from Canada. Some of our third-party service providers (including Stripe, Plaid, and Google) are based in the United States and process data under US law. By using the Service, you acknowledge that your data may be transferred to and processed in the United States or other countries. We ensure that any such transfers occur with appropriate safeguards in place and that our providers maintain strong data protection standards.

12. Children's Privacy

PMCaVa is a business-focused platform not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately at privacy@pmcava.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last Updated" date at the top of this page. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

For privacy questions, data requests, or concerns, contact our privacy team: