Information We Receive
Our platform functions through member participation. When you register, contribute to discussions, adjust account preferences, or reach out for support, we record specific details. These fall into distinct categories depending on how you engage with our community.
Identity Elements
Full name, chosen username, contact email, geographic location, and any biographical details you elect to share in your member profile.
Access Credentials
Authentication tokens, encrypted password representations, and security verification answers you establish during account setup.
Community Contributions
Discussion posts, replies, private messages exchanged with other members, investment insights shared, ratings provided, and files you upload within community spaces.
Financial Activity Records
Subscription tier selections, payment instrument details processed through third-party handlers, billing addresses, and transaction timestamps.
Interaction Patterns
Pages visited within the platform, time spent in specific sections, features accessed, search terms entered, and navigation sequences during your sessions.
Device Signatures
IP addresses assigned during connection, browser specifications, operating system versions, screen dimensions, and general geographic markers derived from connection origin.
We don't actively seek sensitive financial holdings or detailed portfolio compositions. However, members sometimes voluntarily disclose such specifics within discussion threads or direct messages. Once posted, this becomes part of our recorded content.
Methods of Intake
Information arrives through three primary channels. First, you directly provide it—filling registration fields, writing forum posts, updating settings. Second, automated systems capture it—your browser transmits technical specifications, our servers log visit timestamps. Third, occasionally we obtain details from external sources: payment processors confirm transaction success, verification services validate email authenticity, or professional network platforms provide profile enrichment when you authorize such connections.
Purpose Behind Collection
Every piece of information we maintain serves operational functions. There's no collection for abstract future possibilities. Each category has current, active utility within the platform's functioning.
Account Administration: Identity elements and access credentials let us distinguish you from other members, authenticate your login attempts, and maintain account continuity. Without these, individual membership becomes impossible.
Community Functionality: Discussion contributions form the core value proposition. We store posts, messages, and shared insights so members can reference past conversations, build ongoing dialogues, and access collective knowledge accumulated over time.
Subscription Management: Financial activity records enable us to determine which features you can access based on your membership tier, process recurring billing, handle payment failures, and address disputed charges.
Platform Improvement: Interaction patterns reveal which sections confuse members, where navigation breaks down, which features remain unused, and what content generates most engagement. This shapes development priorities.
Support Delivery: When you contact our assistance team, access to your account history, recent activity, and past support exchanges allows faster, more contextually relevant help.
Security Maintenance: Device signatures and access logs help identify unauthorized entry attempts, detect unusual activity patterns suggesting account compromise, and enforce access restrictions if members violate community standards.
Regulatory Alignment: Financial discussion platforms face specific legal obligations in Canada. We maintain certain records to demonstrate compliance with financial services regulations, respond to lawful information requests, and protect against fraudulent activity.
Internal Handling and External Transfers
Most information remains within our operational systems, accessible only to personnel whose roles require such access. However, certain situations necessitate information movement beyond our direct control.
Within Our Organization
Engineering teams access technical logs when investigating platform errors. Community moderators review reported content to enforce participation guidelines. Customer support staff examine account details when resolving member inquiries. Financial operations personnel handle billing records for subscription processing. Each access category is limited to what the specific function demands.
To Service Providers
We rely on specialized external entities for functions outside our core competency. Cloud infrastructure providers host our servers and databases. Payment processors handle credit card transactions and recurring billing. Email delivery services transmit account notifications and password resets. Analytics platforms help interpret usage patterns. Communication tools facilitate member messaging features.
These providers receive only information necessary for their specific function. Infrastructure hosts see everything stored on their servers but operate under strict confidentiality agreements. Payment processors obtain billing details but not discussion content. Email services receive message content but not financial records. Each relationship is governed by contracts limiting use, requiring security safeguards, and prohibiting independent exploitation of the information.
For Legal Compliance
Certain circumstances create unavoidable disclosure obligations. Court-issued subpoenas, regulatory examination demands, law enforcement warrants—these compel information release regardless of our preferences. We assess each request for legal validity and provide only what the specific demand requires, but ultimate authority rests with the requesting entity.
During Business Changes
Should Oyralex merge with another organization, be acquired, or undergo asset sale, member information would likely transfer as part of the transaction. New ownership would inherit existing privacy commitments unless members receive notice and opportunity to respond before different terms apply.
With Member Direction
Sometimes you explicitly request information sharing—connecting your account to third-party portfolio tracking tools, authorizing social platform integrations, or participating in features requiring external service interaction. Such transfers occur only with your affirmative action and can typically be revoked through account settings.
We do not engage in large-scale information brokerage, sell member lists to marketers, or participate in advertising networks that build cross-platform behavioral profiles. Revenue derives from membership subscriptions, not information monetization.
Duration of Retention
Different information categories remain in our systems for varying periods, determined by operational necessity, legal requirements, and practical considerations.
| Information Category | Retention Period | Determining Factors |
|---|---|---|
| Active Account Data | Duration of membership plus 90 days | Allows account recovery during cancellation reconsideration period |
| Financial Transaction Records | 7 years from transaction date | Canadian tax and financial regulation requirements |
| Community Discussion Content | Indefinite, unless deletion requested | Maintains conversation continuity and community knowledge base |
| Support Correspondence | 3 years from last interaction | Reference for recurring issues and service quality assessment |
| Technical Access Logs | 180 days | Security investigation window and abuse pattern detection |
| Marketing Communication Records | Until opt-out request plus 30 days | Processing time and suppression list maintenance |
After applicable retention periods conclude, we initiate deletion processes. However, some residual traces may persist in backup systems for additional months before complete removal occurs. Complete erasure from all redundant storage and backup archives typically finalizes within one year of primary system deletion.
Certain legal holds can extend retention indefinitely—ongoing litigation, regulatory investigations, or suspected criminal activity may require preservation beyond normal schedules until matters resolve.
Protection Measures and Remaining Vulnerabilities
We implement technical, administrative, and physical safeguards designed to prevent unauthorized access, accidental loss, and malicious compromise. These include encrypted data transmission, access control systems, regular security assessments, employee confidentiality training, and incident response protocols.
However, absolute security remains impossible. Network breaches occur despite preventive measures. Employees occasionally make errors. Third-party providers experience their own security incidents. Sophisticated attackers develop novel intrusion techniques. Natural disasters can damage infrastructure. We maintain insurance coverage and incident response capabilities, but cannot eliminate all risk.
Members bear responsibility for certain security elements under their direct control: password strength, credential confidentiality, secure device usage, and recognition of phishing attempts. Compromises originating from member-side security failures fall outside our protective scope.
Your Control Options
Despite our operational needs, you retain significant influence over your information and its treatment. These capabilities exist to balance our service delivery requirements against your autonomy preferences.
- Access Review: Request comprehensive copies of information we maintain about you, delivered in commonly readable formats within 30 days of verified requests.
- Correction Submission: Identify inaccurate details in your records and request corrections, which we'll implement unless legal or operational constraints prevent modification.
- Deletion Requests: Ask for removal of your account and associated information, subject to retention obligations for financial records, legal holds, and content integrated into community discussions that removing would disrupt.
- Processing Objection: Challenge specific information uses you find objectionable, triggering review of whether we can accommodate your concerns while maintaining platform functionality.
- Marketing Opt-Out: Decline promotional communications at any time through account settings or unsubscribe links, though transactional messages about your account remain necessary.
- Portability Requests: Obtain your contributed content in structured, machine-readable formats suitable for transfer to competing platforms where technically feasible.
- Consent Withdrawal: Revoke previously granted permissions for optional information uses, though this may limit access to features dependent on that processing.
Exercise these options through your account settings dashboard or by contacting our privacy team directly. We verify identity before fulfilling requests to prevent unauthorized access to member information. Response typically occurs within 30 days, though complex requests may require up to 60 days with explanation for the extension.
You also hold the right to lodge complaints with Canadian privacy regulators if you believe we've mishandled your information or violated applicable privacy legislation. The Office of the Privacy Commissioner of Canada accepts complaints and conducts investigations independent of our organization.
Changes to These Terms
Privacy practices evolve as technology advances, regulations change, and business operations adapt. We revise this document periodically to reflect current practices. Significant alterations trigger email notification to active members at least 30 days before new terms take effect, providing opportunity to review changes and make informed decisions about continued membership.
Minor clarifications, formatting improvements, or updates reflecting unchanged practices may occur without advance notice. The effective date at the top of this document indicates when current terms became operative. Reviewing this page occasionally helps you stay informed about any modifications.
Continued platform use after notification of material changes constitutes acceptance of revised terms. If new practices prove unacceptable, account closure before the effective date allows you to avoid being bound by altered conditions.