Data Handling, Confidentiality & Use of Technology Policy.
1Purpose and Scope
This Policy describes how Frankly Financial Ltd. (“Frankly,” “we,” “us”) collects, uses, protects, and retains information provided by clients and prospective clients (“you”) in connection with our bookkeeping, tax, and advisory services (the “Services”). This Policy forms part of, and is incorporated by reference into, our engagement agreements. In the event of a conflict between this Policy and a signed engagement agreement, the engagement agreement governs.
2Confidentiality
All information you provide to us — including financial statements, banking records, tax records, payroll information, and business documents (“Client Information”) — is treated as confidential. We use Client Information solely for the purpose of delivering the Services, meeting our professional obligations, and complying with applicable law. We do not sell Client Information, and we do not disclose it to any third party except as described in this Policy or as required by law.
3Use of Technology, Including Artificial Intelligence
Frankly uses proprietary processes and third-party technology, including artificial intelligence (“AI”) tools, to assist in the delivery of the Services — for example, in transaction categorization, financial reporting, and drafting of documents and communications.
Where AI tools are used:
- (a) they are engaged under commercial agreements that contractually prohibit the provider from using Client Information to train its models;
- (b) Client Information processed through such tools remains subject to the confidentiality obligations in Section 2; and
- (c) all client deliverables — including financial reports, filings, and recommendations — are reviewed and approved by a qualified member of our professional team before release. Responsibility and accountability for all work product rests with Frankly at all times.
4Third-Party Service Providers
We engage a limited number of third-party service providers (such as cloud hosting, accounting software, payment processing, and AI infrastructure providers) to support the delivery of the Services. These providers are permitted to process Client Information only to the extent necessary to perform their functions and are bound by contractual confidentiality and data protection obligations consistent with this Policy. A current list of the categories of service providers we use is available on request.
5Cross-Border Processing
Some of our service providers store or process information on servers located outside of Canada, including in the United States. Where Client Information is processed outside of Canada, it may be subject to the laws of those jurisdictions, including lawful access by courts and government authorities. We take reasonable contractual and technical measures to ensure that Client Information receives a comparable level of protection wherever it is processed.
6Security
We protect Client Information using administrative, technical, and physical safeguards appropriate to its sensitivity, including access controls limiting Client Information to team members working on your engagement, encryption in transit, and secure cloud-based storage. No method of transmission or storage is completely secure; in the event of a breach of security safeguards creating a real risk of significant harm, we will notify affected clients and the appropriate authorities as required by applicable law.
7Retention
We retain Client Information only as long as necessary to deliver the Services, satisfy our professional and legal record-keeping obligations (including obligations under the Income Tax Act (Canada) and the Excise Tax Act), and resolve disputes. When Client Information is no longer required, it is securely deleted or anonymized.
8Your Rights
Subject to applicable law, you may request access to, or correction of, personal information we hold about you, and you may withdraw consent to certain uses of your information (which may limit our ability to deliver the Services). Requests should be directed to our Privacy Officer using the contact details below.
9Compliance
This Policy is intended to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy legislation, as well as the professional standards applicable to our team.
10Changes to This Policy
We may update this Policy from time to time. The “Last updated” date above reflects the most recent revision. Material changes will be communicated to active clients.