Settle*

PIPEDA Compliance

How we meet Canada’s privacy and data protection standards.

Last Updated: January 17, 2026

1. What PIPEDA Is

The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada’s federal privacy law for private‑sector organizations. It sets the rules for how companies like Settle* must collect, use, and protect personal information in the course of doing business.

Because we work with sensitive financial and identity data, Settle* is designed from day one to align with PIPEDA’s ten fair information principles.

2. Consent and Purpose

We only collect personal information that is reasonably necessary to provide our services: underwriting rent guarantees, processing payments, and reporting rent for credit‑building purposes.

Consent is obtained in clear language during onboarding. Before you connect a bank account, sign a guarantee, or authorize payments, we explain:

  • What information we collect (e.g., identity, income, cash flow).
  • Why we need it (e.g., to assess affordability and manage risk).
  • Which partners are involved (e.g., Plaid/Flinks for bank data, Rotessa/GoCardless for PAD, Equifax/TransUnion for credit reporting).

3. Limiting Collection, Use, and Retention

We do not collect more information than we need, and we do not use it for secondary purposes without your consent.

Transaction and underwriting records are retained only as long as necessary to:

  • Administer active guarantees and payment obligations.
  • Meet legal, tax, and audit requirements (typically up to 7 years).

Banking credentials (such as login passwords) are never stored on Settle* servers. Access tokens issued by our Open Banking partners are revoked and deleted when you disconnect an account or close your profile.

4. Accuracy, Access, and Correction Rights

Decisions about your eligibility may depend on the information we hold about you. We therefore aim to keep your information accurate and up‑to‑date, especially financial and contact details.

You have the right to:

  • Request a copy of the personal information we hold about you.
  • Ask us to correct incomplete or inaccurate information.
  • Ask how your information has been used and to whom it has been disclosed, subject to legal and operational limits.

5. Safeguards and Security

Protecting your information is core to our product. We apply technical and organizational safeguards appropriate to the sensitivity of the data we handle, including:

  • Encryption in transit (TLS) and at rest (AES‑256) for core systems.
  • Strict access controls, mandatory multi‑factor authentication, and role‑based permissions for staff.
  • Vendor due diligence for all third‑party processors that handle personal information on our behalf.

For more detail, see our Privacy Policy and Information Security Guidelines.

6. Cross‑Border Data Transfers

While we prioritize Canadian hosting, some of our trusted service providers (such as cloud and Open Banking partners) process or store data in the United States or other jurisdictions.

When personal information leaves Canada, it may be subject to the laws of the destination country. We use contractual and technical safeguards to help protect your data in these cases, but law enforcement in those countries may have access under their own laws.

7. Questions and Complaints

We are committed to resolving privacy questions and concerns in a transparent way. If you want to exercise your rights under PIPEDA, or if you have a complaint about how your personal information has been handled, you can contact our Privacy Officer:

Privacy Officer
The Settle Company Inc.
Toronto, Ontario, Canada
privacy@getsettle.ca

If we cannot resolve your concern, you may also contact the Office of the Privacy Commissioner of Canada for further guidance.

Disclaimer: The information on this page is for informational purposes only and does not constitute legal advice. We recommend consulting with a legal professional for specific legal concerns.