What We Obtain and When It Happens
The information we receive from you isn't gathered arbitrarily. It emerges at specific moments in your relationship with us, depending on what you're trying to accomplish. Here's how it typically unfolds:
Account Creation
When you sign up, we record your name, email address, phone number, and residential address. This forms the foundation of your account identity.
Investment Activity
As you engage with investment products, we capture transaction histories, portfolio preferences, risk tolerance indicators, and financial goals you've outlined.
Communication Exchanges
Messages sent through our platform, support inquiries, feedback submissions, and any correspondence you initiate with our team get logged and retained.
Device and Access Data
Technical information like IP addresses, browser types, operating systems, and access timestamps emerge automatically when you interact with our services.
Some details arrive passively – your device shares certain technical markers whenever it connects to our platform. Others require active input from you. Either way, intake only happens when there's a functional reason tied to delivering or improving our services.
Important distinction: We don't purchase lists or acquire your details from third-party data brokers. Everything we hold either came directly from you or was generated through your use of our platform.
Why We Need These Details
Data doesn't sit idle in our systems. Each category serves a specific operational or legal function. Understanding the "why" helps explain the scope of what we hold.
Service Delivery
Your account details enable us to authenticate your identity, process transactions, maintain investment records, and provide customer support when issues arise. Without these fundamentals, the platform wouldn't function for you as an individual user.
Regulatory Compliance
Canadian financial regulations require us to verify identities, monitor transactions for unusual patterns, and maintain accurate records for specified periods. This isn't optional – it's mandated by law to protect the integrity of financial markets.
Communication and Notifications
Your contact information allows us to send transaction confirmations, portfolio updates, security alerts, and responses to inquiries you've submitted. These aren't marketing blasts – they're functional messages tied to your account activity.
Platform Improvement
Aggregated usage patterns help us identify where users encounter friction, which features get ignored, and what improvements might enhance the overall experience. This analysis happens at a collective level, not through individual profiling.
Fraud Prevention
Technical access data helps us spot suspicious login attempts, unauthorized access patterns, or account takeover efforts. This protective layer benefits all users by maintaining platform security.
How Information Moves Beyond Our Organization
We don't hoard everything internally. Certain operational realities require sharing specific details with external entities. Here's when and why that happens:
Financial Infrastructure Partners
Payment processors, banking institutions, and investment custodians receive transaction-related information necessary to execute trades, process deposits and withdrawals, and maintain accurate financial records. These entities operate under strict contractual obligations and regulatory oversight.
Technology Service Providers
Cloud hosting providers, security monitoring services, and data backup systems handle technical infrastructure on our behalf. They access information only to the extent required to maintain platform functionality and security.
Legal and Regulatory Demands
Court orders, regulatory investigations, or statutory reporting requirements may compel disclosure to government authorities. We respond to these demands only when legally obligated and limit disclosure to what's specifically requested.
Professional Advisors
Legal counsel, auditors, and compliance consultants occasionally need access to records during audits, legal proceedings, or regulatory examinations. These professionals operate under confidentiality obligations that match or exceed our own.
What we don't do: Sell, rent, or trade your personal details to advertisers, marketers, or data aggregators. Your information has operational value to us precisely because it stays confidential.
Your Control and Options
You're not a passive participant in this arrangement. Several mechanisms allow you to view, modify, limit, or remove the information we hold:
Access and Correction
You can request a complete export of your personal details at any time. If you spot inaccuracies or outdated information, contact us to initiate corrections. We'll update records within a reasonable timeframe, though some changes may require verification steps.
Deletion Requests
You may ask us to erase your personal details, subject to certain limitations. We can't delete records we're legally required to retain for regulatory purposes, nor can we remove information actively involved in ongoing disputes or investigations. Outside those constraints, we'll honor deletion requests within 30 days.
Communication Preferences
Adjust your notification settings through your account dashboard. You control which messages you receive, though certain critical communications (like security alerts or regulatory notices) can't be disabled without closing your account entirely.
Data Portability
Request your information in a structured, machine-readable format if you want to transfer it to another service provider. We'll provide this within 45 days of your request.
Objections and Restrictions
If you believe we're handling your information inappropriately or beyond what's necessary, raise an objection. We'll review your concern and either adjust our practices or explain why the current handling is required.
Protection Approach and Remaining Risks
We implement technical safeguards to defend against unauthorized access, but no system achieves perfect security. Here's our philosophy and the reality of residual risk.
Technical Safeguards
Encrypted transmission channels, access controls tied to job functions, regular security audits, intrusion detection systems, and multi-factor authentication requirements form layers of defense. We patch vulnerabilities promptly when identified and maintain incident response protocols for breach scenarios.
Organizational Controls
Staff access to personal details is restricted based on role necessity. Training programs emphasize data handling responsibilities, and violation of protocols triggers disciplinary action. Third-party auditors periodically assess our compliance with security standards.
Residual Risks
Despite precautions, sophisticated attacks, human error, or unforeseen vulnerabilities could result in unauthorized disclosure. Internet transmission carries inherent risks that no entity can eliminate entirely. We work to minimize these exposures but can't guarantee absolute immunity from breach events.
If a security incident occurs that affects your personal details, we'll notify you in accordance with applicable breach notification laws, explain what happened, and outline steps we're taking to address the situation.
Retention Duration and Disposal
We don't keep information indefinitely. Retention periods depend on the category of data and the legal or operational requirements governing it:
- Account Information: Retained for as long as your account remains active, plus seven years following closure to satisfy regulatory recordkeeping requirements.
- Transaction Records: Maintained for seven years from the transaction date, as mandated by Canadian financial regulations.
- Communication Logs: Stored for three years from the date of interaction, then securely deleted unless involved in ongoing disputes.
- Technical Access Data: Typically purged after 90 days unless needed for security investigations or fraud prevention efforts.
- Marketing Preferences: Retained until you revoke consent or close your account, at which point they're immediately removed.
When retention periods expire, we either securely delete the information or anonymize it to the point where it can no longer identify individuals. Anonymized data may be retained indefinitely for statistical analysis.
Questions, Concerns, or Requests
If you want to exercise any of the rights described above, need clarification about our practices, or have concerns about how your information is being handled, reach out through any of these channels:
Email: info@godexion.com
Phone: +1 613-271-8853
Mail: 950, rue Cowie, Granby, Quebec J2J 1P2, Canada
We'll respond to inquiries within 30 days. If your concern isn't resolved to your satisfaction, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada.