Borealmere
Sign Up Sign In

Borealmere Privacy Policy

How Borealmere handles your data

Borealmere CA is committed to protecting the personal information of our Canadian users in line with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial equivalents. This Privacy Policy explains what we collect, how we use it, and the rights you have over your data.

Information we collect

  • Identity data: name, date of birth, residential address and a photo of a government-issued ID submitted during onboarding.
  • Contact data: email address and telephone number for account communications.
  • Transactional data: deposits, withdrawals, trades and any communications related to your account.
  • Technical data: device and browser fingerprints, IP address and session timing, used to detect anomalous access.

How we use your data

We use your information to verify your identity, operate the trading platform, comply with AML/KYC obligations under FINTRAC, send service notifications, and improve the product. We never sell personal data to third parties.

Sharing with regulators

Where required by Canadian law, we share data with FINTRAC, the Canadian Revenue Agency, and provincial securities regulators. We share only what is required and we log every disclosure.

Data retention

KYC records are retained for the period required by FINTRAC. Transactional records are retained for at least seven years to support tax reporting. You may request deletion of marketing data at any time.

Your rights

  • Access — request a copy of the personal data we hold about you.
  • Correction — update inaccurate or outdated information.
  • Deletion — close your account and request removal of non-regulatory data.
  • Portability — receive a copy of your data in a machine-readable format.

How to contact our privacy team

For privacy enquiries please email [email protected] with the subject line "Privacy request". We aim to respond within 10 business days.

Security measures

All connections are TLS-encrypted. Sensitive fields are encrypted at rest using AES-256. Access to identity records is limited to authorised compliance staff and is logged for audit.

Cookies

We use a small set of strictly necessary cookies for session management and security, and optional analytics cookies that you can disable in your browser. We do not use third-party advertising cookies.

Updates to this policy

We may revise this policy from time to time. Material changes are announced via email and inside your dashboard at least 30 days before they take effect.