Privacy Policy
Last updated: March 8, 2026
1. Data Collection
We only collect data necessary for the operation of our services: account information (name, email, phone), transactional data related to your business, and anonymized usage data to improve our platform.
2. Data Usage
Your data is used exclusively to provide and improve our services. We never sell your data to third parties. Generated analytics and reports are accessible only by you and authorized members of your team.
3. Data Protection
We use AES-256 encryption for storage and TLS 1.3 for data transfer. Our servers are hosted in Canada, in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA).
4. Your Rights
You have the right to access, correct, delete, or request the portability of your data. To exercise these rights, contact us at privacy@yandipay.ca.
5. Cookies and Tracking
Our site uses essential cookies for functionality and analytical cookies to understand site usage. You can manage your cookie preferences at any time through your browser settings.
6. Payment Processing and Clover Integration
YandiPro integrates with the Clover (Fiserv), Global Payments and Moneris payment gateways for merchant transaction processing. Integration with Clover is done via the OAuth 2.0 protocol — YandiPro never stores the merchant's Clover login credentials on the frontend. OAuth access tokens are securely stored on our servers and automatically renewed. No customer card numbers are processed or stored by YandiPro. See Clover's privacy policy: https://www.clover.com/privacy-policy
7. Encryption and Security
All data transmissions are protected by the TLS 1.2 protocol or higher. Sensitive data is encrypted at rest using the AES-256 algorithm. We maintain our compliance with PCI-DSS standards for the processing of payment data.
8. Data Retention
Transaction data is retained for as long as necessary to provide our services, meet legal obligations and resolve disputes. Payment tokens are retained as long as the card is active in the user's account and deleted when the user removes their card.
9. PIPEDA and Act 25 Compliance
As a Quebec-based company, we comply with the Act respecting the protection of personal information in the private sector (Act 25) as well as the Personal Information Protection and Electronic Documents Act (PIPEDA). We only collect the information necessary to provide our services.
10. Data Breach
In the event of a data breach likely to present a serious risk of harm, we will notify affected users and the relevant authorities as soon as possible, in accordance with the law.