Information We Collect

What You Give Us Directly

When you sign up or use our services, you share information with us. Here's what that includes:

• Account Information: Your name, email address, phone number, and password when you create an account
• Financial Data: Investment preferences, risk tolerance assessments, and financial goals you set within your profile
• Payment Details: Billing information when you subscribe to premium features (we don't store full credit card numbers)
• Communications: Messages you send us through contact forms, support tickets, or email

Information We Collect Automatically

Like most websites, we gather some data automatically when you visit:

• Usage Data: Pages visited, features used, time spent on different sections, and your navigation path
• Device Information: Browser type, operating system, IP address, and device identifiers
• Location Data: General geographic location based on IP address (we don't track precise GPS location)
• Cookies and Tracking: Session data, preferences, and analytics information through cookies and similar technologies

How We Use Your Information

We're not selling your data to advertisers or spamming you with junk. Here's what we actually do with your information:

Service Delivery

• Provide access to educational content, tools, and resources you've signed up for
• Personalize your learning experience based on your progress and interests
• Send you course updates, new content notifications, and program reminders
• Process payments and manage your subscription status

Platform Improvement

• Analyze how people use the site to fix bugs and improve functionality
• Understand which educational content resonates most with learners
• Test new features and measure their effectiveness
• Generate aggregate statistics (never identifying individual users publicly)

Communication

• Respond to your questions, feedback, and support requests
• Send important account notices and security alerts
• Share educational newsletters (you can unsubscribe anytime)
• Notify you about changes to our services or policies

Legal Compliance

• Meet regulatory requirements under Canadian financial education standards
• Protect against fraud, abuse, and security threats
• Enforce our terms of service and user agreements
• Respond to legal requests when required by law

Data Sharing and Third Parties

We don't hand your information to random companies. But we do work with specific partners who help us run the platform:

When We Might Share Data

• With Your Consent: When you explicitly ask us to share information with another service
• Legal Requirements: If required by Canadian law, court order, or government request
• Business Transfers: If Metafina is acquired or merged (users would be notified in advance)
• Safety Concerns: To prevent fraud, protect user safety, or address security issues

We never sell your personal information to data brokers, advertisers, or marketing companies. Period.

Your Rights Under Canadian Law

Canada's privacy legislation (particularly PIPEDA) gives you specific rights over your personal information. Here's what you can do:

Access Your Data

You can request a copy of all personal information we have about you. We'll provide it in a readable format within 30 days. There's no charge for your first request in a calendar year.

Correct Inaccuracies

Found something wrong? You can update most information directly in your account settings. For data you can't edit yourself, contact us and we'll fix it within 10 business days.

Delete Your Account

You can delete your account anytime through your profile settings. We'll remove your personal data within 30 days, except for information we're legally required to keep (like transaction records for tax purposes).

Restrict Processing

You can ask us to limit how we use your data while we investigate a concern you've raised. During this time, we'll only store your information, not actively process it.

Withdraw Consent

For anything requiring your consent (like marketing emails), you can withdraw permission anytime. Click unsubscribe in any email or adjust your communication preferences in account settings.

File a Complaint

If you're unhappy with how we've handled your information, you can complain to the Office of the Privacy Commissioner of Canada. We'd prefer you contact us first so we can try to resolve things directly.

Data Security Measures

We take security seriously. Here's how we protect your information:

Technical Safeguards

• Encryption: All data transmitted between your browser and our servers uses TLS 1.3 encryption
• Database Security: Personal data is encrypted at rest using AES-256 encryption
• Access Controls: Staff access is restricted on a need-to-know basis with two-factor authentication required
• Regular Audits: Quarterly security assessments and annual penetration testing
• Monitoring: 24/7 automated threat detection and intrusion prevention systems

Organizational Safeguards

• Background checks for all employees with data access
• Mandatory privacy training for staff annually
• Confidentiality agreements with all team members and contractors
• Incident response plan with notification procedures
• Data backup systems with encrypted off-site storage

Your Responsibilities

Security is a shared responsibility. You should:

• Use a strong, unique password (we recommend a password manager)
• Never share your login credentials with anyone
• Log out when using shared or public computers
• Report suspicious activity immediately
• Keep your email account secure (we use it for account recovery)

Data Retention and Deletion

We don't keep your data forever. Here's how long we retain different types of information:

Automated Deletion

Our systems automatically delete data once retention periods expire. You don't need to request deletion for time-limited data – it happens automatically.

Account Closure

When you close your account, we start the deletion process immediately. Within 30 days, all personal data except legally required records will be permanently removed. You'll receive confirmation when the process is complete.

Inactive Accounts

If you haven't logged in for 3 years, we'll send reminder emails at the 2.5 year mark and again at 2 years 11 months. If there's still no activity after 3 years, we'll close the account and begin data deletion.

Cookies and Tracking Technologies

We use cookies and similar technologies to make the site work better. Here's the breakdown:

Essential Cookies

These are required for basic functionality. You can't opt out of these and still use the site:

• Session management (keeps you logged in)
• Security features (prevents unauthorized access)
• Load balancing (distributes traffic efficiently)
• Form submission (remembers what you've filled out)

Functional Cookies

These remember your preferences and choices:

• Language preferences
• Display settings and layout choices
• Course progress and bookmarks
• Recently viewed content

Analytics Cookies

We use these to understand how people use the site. The data is anonymized:

• Page views and navigation patterns
• Time spent on different sections
• Error messages and technical issues
• Device and browser information

Managing Cookies

You can control cookies through your browser settings. Most browsers let you block or delete cookies, but this might affect site functionality. You can also use our cookie preference center in your account settings to manage non-essential cookies.

International Data Transfers

Metafina operates with offices in Germany and the United States, but we primarily serve Canadian users. Here's what that means for your data:

Where Your Data Lives

User data for Canadian customers is stored on servers located in Canada whenever possible. Some data processing may occur in the United States or Germany for technical or operational reasons.

Data Transfer Safeguards

When we transfer data internationally, we ensure:

• All transfers comply with Canadian privacy laws (PIPEDA)
• Data processing agreements are in place with international partners
• Encryption protects data during transfer
• Recipients maintain privacy standards equivalent to Canadian requirements
• You're notified if significant changes occur to data storage locations

US and German Operations

Our US office in Pensacola, Florida handles some customer support functions. Our German headquarters in Hamburg manages technical infrastructure and development. Both locations follow the same privacy commitments outlined in this policy.

Children's Privacy

Our services are designed for adults learning about investment strategies. We don't knowingly collect information from anyone under 18 years old.

If you're under 18, please don't create an account or provide personal information. If we discover we've accidentally collected data from someone under 18, we'll delete it immediately.

Parents or guardians who believe their child has provided information to us should contact help@metafina.it.com immediately. We'll verify the situation and remove any data within 48 hours.

Changes to This Policy

We update this privacy policy occasionally to reflect new features, legal requirements, or business practices. When we make changes:

• Minor Updates: Small clarifications or additions will be posted with an updated "Last Modified" date
• Significant Changes: Major modifications affecting how we use your data will trigger an email notification to all users
• Review Period: Significant changes take effect 30 days after notification, giving you time to review and decide if you want to continue using the service
• Policy Archive: Previous versions are available upon request so you can see what changed

Continuing to use Metafina after policy updates means you accept the changes. If you disagree with new terms, you can close your account before they take effect.