Privacy Policy
Effective Date: February 22, 2026 · Version 1.0
1. Introduction
Ithaca ("we," "us," or "our") operates the Ithaca platform (the "Service"), an AI-powered immigration information tool for Canadian permanent residency applications. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service, in compliance with the General Data Protection Regulation (GDPR), the Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable data protection laws.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
2. Data Controller
Ithaca is the data controller for the personal data processed through this Service. For questions about this policy or your data rights, contact us at: [email protected]
3. Data We Collect
We collect the following categories of personal data:
| Category | Examples | Lawful Basis |
|---|---|---|
| Account Data | Name, email address, preferred language | Contract performance |
| Immigration Profile | Date of birth, citizenship, education, work history, language test scores, family information | Consent (explicit) |
| Special Category Data | Criminal background declarations, health-related questions (IMM 5669) | Explicit consent (GDPR Art. 9(2)(a)) |
| Identity Documents | Passport numbers, document scans (uploaded voluntarily) | Consent |
| AI Interaction Data | Chat messages, AI-extracted facts, conversation history | Consent (AI profiling) |
| Payment Data | Stripe customer ID, subscription status (card details stored by Stripe, not us) | Contract performance |
| Usage Data | Anonymized analytics (via Umami), session duration, feature usage | Consent (analytics cookie) |
4. How We Use Your Data
We process your personal data for the following purposes:
- Service delivery: To provide immigration assessment tools, CRS calculation, AI-assisted information, and document management.
- AI personalization: To extract and remember facts from your conversations so the AI can provide contextual, relevant information (with your explicit consent).
- Consultant collaboration: To share your profile data with immigration consultants you explicitly invite and authorize.
- Payment processing: To manage subscriptions, credits, and transactions through Stripe.
- Analytics: To understand how the Service is used and improve it (only with your consent, via Umami privacy-focused analytics).
- Communication: To send transactional emails (account verification, password resets) and, with your consent, marketing communications.
- Legal compliance: To comply with applicable laws and respond to lawful requests.
5. AI Profiling & Automated Decision-Making
Ithaca uses AI to analyze information you provide in conversations and extract key facts (e.g., your education level, work experience, language scores) to build a personalized immigration profile. This constitutes automated profiling under GDPR Article 22.
Your rights regarding AI profiling:
- You can review all AI-extracted facts on the "What I Know About You" page.
- You can lock, edit, or delete any fact the AI has stored.
- You can withdraw AI profiling consent at any time in your account settings.
- AI-generated CRS scores and immigration assessments are informational only and do not constitute binding decisions.
6. Data Sharing
We share your personal data only in the following circumstances:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Immigration Consultants | Only when you explicitly invite and authorize a consultant | Granular sharing controls (full/limited/blocked) |
| Stripe | Payment processing | PCI DSS Level 1 compliant; we never store card details |
| AI Service Provider | Processing chat messages for AI responses | Data processing agreement in place; no training on user data |
| Mailgun | Transactional and notification emails | Data processing agreement; email content not retained |
| Cloud Infrastructure | Data storage and hosting | Encrypted at rest and in transit |
We do not sell your personal data to third parties. We do not share your data with advertisers.
7. Your Rights
Under GDPR and applicable privacy laws, you have the following rights:
- Right of Access (Art. 15): Request a copy of all personal data we hold about you.
- Right to Rectification (Art. 16): Correct inaccurate data via your profile or by contacting us.
- Right to Erasure (Art. 17): Delete your account and all associated data at any time from Account Settings.
- Right to Data Portability (Art. 20): Export your data in machine-readable JSON format, free of charge, from Account Settings.
- Right to Restrict Processing (Art. 18): Request that we limit processing of your data.
- Right to Object (Art. 21): Object to processing based on legitimate interests.
- Right to Withdraw Consent: Withdraw any consent at any time without affecting the lawfulness of prior processing.
- Right to Lodge a Complaint: File a complaint with your local data protection authority.
To exercise any of these rights, use the in-app controls (Account Settings > Privacy) or email [email protected]. We will respond within 30 days.
8. Data Retention
- Account data: Retained while your account is active. Deleted within 30 days of account deletion.
- Activity logs: Automatically purged after 30 days.
- Referral analytics: IP addresses are hashed before storage and anonymized after 90 days.
- AI conversations: Retained while your account is active. Fully deleted on account deletion.
- Payment records: Retained as required by tax and financial regulations (typically 7 years for transaction records held by Stripe).
9. Cookies & Analytics
Ithaca uses minimal cookies:
- Session cookie (essential): Required for authentication. Exempt from consent under GDPR Art. 5(3).
- Umami analytics (non-essential): Privacy-focused, cookieless analytics. Only loaded with your explicit consent.
You can manage your cookie preferences at any time via the cookie banner or the Cookie Preferences page.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS) for all communications
- Encrypted storage for sensitive fields (document numbers, background declarations)
- Role-based access controls for consultant data sharing
- Regular security audits and monitoring
- Cascade deletion across 25+ database tables on account deletion
11. International Data Transfers
Your data may be processed in jurisdictions outside your country of residence, including the United States and Canada. Where transfers occur to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure your data receives equivalent protection.
12. Children's Privacy
The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or in-app notification and request re-consent where required. The "Effective Date" at the top of this page indicates when the policy was last revised.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:
- Email: [email protected]
- General inquiries: [email protected]
© 2026 Ithaca. All rights reserved.