Privacy Policy

When you create a customer account or book a mystery shop, we collect:

• Your name, business name, email, and mobile phone number.
• The address of the location you want shopped (used to match a shopper and dispatch them).
• Payment information — processed by Stripe, never stored on our servers.
• Mission briefs, evaluation criteria, and any free-text notes you provide.
• Standard server logs (IP, user agent, timestamps) for security and abuse prevention.

• To dispatch a vetted shopper to your location and deliver the resulting report.
• To bill you, issue receipts, and apply Canadian taxes.
• To send transactional emails and SMS messages about your account (sign-in links, mission status, report delivery).
• To detect fraud and abuse, and to enforce our Terms.
• To meet our obligations under tax, accounting, and contractor payment laws (e.g. T4A reporting for shoppers).

We share the minimum information necessary with the service providers that run our platform:

• Stripe Inc. — payment processing.
• Resend — transactional email delivery.
• Twilio Inc. — SMS delivery.
• Mapbox — address autocomplete and geocoding.
• Cloudflare (R2 + edge) — image storage and CDN.
• Turso — managed database hosting.
• Vercel Inc. — application hosting.

The shopper assigned to your mission receives only the business name, address, evaluation criteria, and purchase brief — not your personal contact information. We do not sell or rent personal information to third parties.

Some of these providers process data in the United States and other jurisdictions. We rely on standard contractual safeguards. If you object to cross-border processing, contact us at the address below and we will discuss your options.

• Active customer records: while your account is open.
• Deleted accounts: we retain a one-way salted hash of the email and phone for fraud prevention (PIPEDA s.5(3) legitimate interest), and mission report records as required for tax and contractor payment reporting (CRA T4A retention — six years from the end of the tax year).
• Server logs: 90 days unless retained longer for an active security investigation.

Under PIPEDA you may:

• Request access to the personal information we hold about you.
• Request correction of inaccurate information.
• Withdraw consent and request deletion of your account — available self-service from your dashboard, or by emailing us.
• File a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

We use TLS in transit, hash-only storage of magic-link tokens and session secrets, encryption at rest via our hosting providers, and least-privilege access for our small team. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

We use a single first-party cookie (us_session) to keep you signed in. For aggregate traffic measurement we use Google Analytics 4, which sets its own cookies and processes pseudonymous identifiers. We do not run third-party advertising trackers. You can opt out of Google Analytics with the Google Analytics opt-out browser add-on or by enabling your browser’s “Do Not Track” / global privacy control setting.

Privacy questions or requests: privacy@undercovershopper.ca. We aim to respond within 30 days as required by PIPEDA.

We may update this policy. Material changes will be announced by email and reflected by an updated “Last updated” date at the top of this page.