What Currentline knows about you, and what it does with that.

Currentline is a regulatory news aggregator. We need an email address to sign you in and tell you when something on your watchlist files a new document. That's about it.

• We don't sell your data. There is no advertising.
• We don't track you across the web.
• We use one cookie — your sign-in session.
• You can delete your account and all associated data yourself, at any time, from Account → Delete account — or by emailing privacy@currentlinewire.com.

Currentline is the publisher of this site at currentlinewire.com. For the purposes of PIPEDA, Currentline is the “organization” that determines the purposes for which your personal information is collected, used, and disclosed.

Privacy questions, access requests, and complaints go to privacy@currentlinewire.com.

Currentline has designated a person accountable for its compliance with this policy and applicable privacy law — the accountability principle under PIPEDA and the “person in charge of protecting personal information” required by Québec's Law 25. Reach them at the address above.

We collect only the information needed to operate the service. There are three categories:

Account information

• Email address (required to sign in)
• Display name + profile image, if you sign in with Google or Microsoft (we receive these from the provider)
• Subscription tier and billing status (returned by Stripe; we do not store payment details ourselves)

Usage information

• Sign-in timestamps and session expiry
• Watchlist selections (which utilities and EB case numbers you follow)
• Saved alerts (the search criteria and delivery channel you configure)
• Server logs — request URLs, timestamps, IP address, user agent — retained for security and debugging

Custom briefs (Pro & Enterprise)

When you request a custom regulatory brief, we store the topic/request text you submit (which may include context you provide), the resulting brief, and its review status. When you delete your account, these brief records are erased along with the rest of your data.

What we don't collect

• No payment card numbers — Stripe handles those, we never see them
• No social-graph data, contact lists, calendars, or files
• No location data beyond approximate region from your IP
• No tracking across other websites — we don't embed third-party trackers, analytics pixels, or advertising tags

Under PIPEDA we are only permitted to collect personal information for purposes a reasonable person would consider appropriate. Our purposes are:

• Authentication. Your email is how we recognize you between visits.
• Service delivery. Your watchlist determines what your digest emails contain.
• Billing. Tier + period information is used to determine which features you can access.
• Security. Server logs let us detect abuse, debug failures, and audit account activity if you ask.
• Communication. Transactional emails (sign-in links, billing receipts, security notices). We do not send marketing emails unless you separately opt in.

• Account record: until you ask us to delete it
• Session tokens: 30 days from last sign-in, then auto-purged
• Magic-link verification tokens: 60 seconds after first use, then auto-purged
• Watchlist: until you remove individual items, or until account deletion
• Server logs: 30 days
• Stripe billing records: 7 years (per Canada Revenue Agency record-keeping requirements)

We use the following third-party services to operate Currentline. Each is listed with the data they receive and the contractual basis (Data Processing Addendum, “DPA”) under which they process it.

Each subprocessor processes your information only on our instructions, under a written data processing agreement, and retains it only as long as necessary to deliver the service. Your information may transit and be stored on servers outside Canada. By using Currentline you consent to this cross-border transfer as contemplated by PIPEDA Principle 4.1.3.

Currentline uses one functional cookie:__Secure-authjs.session-token— the session identifier issued by our authentication library after you sign in. It is HTTP-only, Secure, and SameSite=Lax. Its purpose is to keep you signed in for up to 30 days so you don't have to authenticate on every visit.

We do not use any other cookies. There are no analytics cookies, advertising cookies, third-party tracking pixels, or fingerprinting scripts. Local storage is used only for client preferences (e.g., the tier-switcher demo state) and contains no personal information.

You may, at any time, ask us to:

• Access the personal information we hold about you
• Correct any inaccuracies
• Delete your account and all associated information (deleting your account also cancels any active paid subscription, so you are not billed further)
• Export a copy of your data in machine-readable form (JSON)
• Withdraw consent for any optional processing

You can delete your account and everything associated with it yourself, immediately, from Account → Delete account. For access, correction, export, or any other request, email privacy@currentlinewire.com from the address on your account. We respond within 30 days.

If you believe we have mishandled your personal information, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Canada's Anti-Spam Legislation (CASL) governs the commercial electronic messages we send.

• The free weekly Wire Brief is sent only to addresses that asked for it — you give express consent when you subscribe, and we keep a record of that consent and its date.
• Transactional and service messages — sign-in links, billing receipts, security and account notices, and the watchlist alerts you configure — are sent to operate your account and are not marketing.
• Every commercial message identifies Currentline and carries a one-click unsubscribe that takes effect right away. You can also stop alerts from your account or email privacy@currentlinewire.com.
• We never buy, rent, or message purchased contact lists.

If you reside in Québec, Québec's Law 25 (the Act respecting the protection of personal information in the private sector, as amended) gives you the access, correction, and deletion rights set out in section 7, plus the right to data portability and to be told about any decision based exclusively on automated processing — Currentline makes no such automated decisions about you.

Requests go to the same address, privacy@currentlinewire.com. If our response does not satisfy you, you may contact the Commission d'accès à l'information du Québec (CAI).

Currentline is built for the Ontario / Canada market, but the same rights travel with you:

• European Union / UK (GDPR). We process your information on the basis of your consent (the newsletter), the performance of our contract with you (your account and subscription), and our legitimate interest in operating and securing the service. You have the rights of access, rectification, erasure, restriction, portability, and objection, and may complain to your local supervisory authority.
• California (CCPA / CPRA). You have the right to know what we collect, to delete it, and to opt out of any sale or sharing. We do not sell or share personal information and do not use it for cross-context behavioural advertising — there is nothing to opt out of — and we will not discriminate against you for exercising these rights.

Exercise any of these the same way: delete your data yourself from Account → Delete account, or email privacy@currentlinewire.com.

We protect your information with the safeguards a reasonable organization in our position would apply:

• All traffic over HTTPS with current TLS
• Database encrypted at rest by our hosting provider
• Secrets stored in encrypted environment variables, never in code or git history
• Passwordless authentication — there is no password to be stolen
• Session cookies marked Secure + HTTP-only to prevent client-side or insecure-channel exfiltration
• Per-user data scoped via Postgres row-level access patterns

No system is perfectly secure. If we ever discover a breach affecting your personal information, we will notify you without unreasonable delay and report to the Privacy Commissioner of Canada as required by PIPEDA's breach-notification rule.

Currentline is a professional regulatory news service intended for users 18 years of age or older. We do not knowingly collect information from children under 18. If you believe a minor has provided us with personal information, please contact privacy@currentlinewire.com and we will delete it.

We may update this policy as the service evolves. Material changes are announced on the wire and, if they affect existing accounts, by email at least 30 days before they take effect. The version date at the top of this page always reflects the current revision.

privacy@currentlinewire.com

Currentline · Ontario, Canada