Skip to main content
Benefit Check .CA

Privacy Policy

Benefit Check .CA

https://benefitcheck.ca

Effective Date: May 15, 2026 | Last Updated: May 15, 2026

1. Who We Are

BenefitCheck.ca is operated by Global Web Rise ("we," "us," or "our"), based in Ontario, Canada. BenefitCheck.ca provides an online calculator that estimates eligibility and approximate amounts for federal Canadian and Ontario provincial benefit programs. You may use the calculator for free, create a free account to save and manage information, and purchase a paid full report with application steps, deadlines, official links, and related account features.

This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada's Anti-Spam Legislation (CASL). For all privacy-related inquiries, contact us at contact@benefitcheck.ca. We will acknowledge your inquiry within 5 business days and respond substantively within 30 calendar days, as required by PIPEDA.

2. Information We Collect

2.1 Calculator Inputs

When you use the calculator, you provide non-identifying inputs such as approximate income, family composition (for example, marital status and number of children in age bands), age, housing costs, and province of residence. These inputs are not personally identifying on their own. We do not request your legal name, Social Insurance Number, government identification, or banking details.

2.2 Email Address

We collect your email address when you create or access an account, request a magic link, use Google sign-in, purchase the full report, request support, or ask us to send you report-related email. We use your email to authenticate you, deliver transactional messages, provide support, send the Stripe receipt, and send a magic-link sign-in URL after purchase. Creating a free account does not by itself give access to the paid full report.

2.3 Account and Sign-In Data

We use Supabase Auth for passwordless email magic links and Google OAuth sign-in. Depending on the method you choose, Supabase may provide us with your email address, user ID, sign-in timestamps, provider information, display name, and profile photo URL. We use this information to create and maintain your account, link eligible purchases to the correct email address, and protect your account from unauthorized access. We do not receive your Google password.

2.4 Payment Information

Payment-card data is collected and processed by Stripe, our payment processor. We never see or store full card numbers, CVV, or expiry dates. Stripe shares with us only the metadata needed to provide the service:

  • Last four digits of the card and card brand (for receipts and customer support).
  • Billing postal code (for fraud prevention).
  • Stripe customer ID and Checkout Session ID.
  • Amount, currency, and timestamp of the charge.
  • Payment status, refund status, and purchase metadata needed to unlock the report.

2.5 Analytics

We collect first-party analytics events (page views, scroll depth, paywall funnel events, button clicks). Each event is associated with a randomly generated session ID and visitor ID, not your email. Where an event relates to an email subscriber, we record only a one-way SHA-256 hash of the lowercased email — never the raw email address. We also collect:

  • Browser and device type.
  • Referring URL and UTM parameters on first page view of a session.
  • General geographic region inferred from request metadata (no precise location).

2.6 Server Logs

Our hosting provider records standard request logs. Where our application stores request metadata for abuse prevention, rate limiting, or diagnostics, IP addresses are stored as one-way hashes rather than raw IP addresses. We may also retain user-agent strings for diagnostics and security troubleshooting.

2.7 What We Do Not Collect

  • Social Insurance Numbers.
  • Government-issued identification documents or numbers.
  • Full credit card numbers, CVV, or expiry dates.
  • Passwords (we use passwordless email magic links).
  • Google passwords or full Google account credentials.
  • Precise geolocation.

3. How We Use Your Information

  • Deliver calculator results and, where purchased, the paid full report.
  • Create and maintain free accounts, authenticate sign-ins, and protect account access.
  • Send the Stripe receipt and a magic-link sign-in URL after purchase.
  • Link paid purchases to the account that uses the same email address.
  • Maintain your account so you can review, save, and recalculate reports.
  • Provide customer support and respond to refund or access requests.
  • Improve the calculator and the website by analyzing aggregated usage.
  • Detect fraud and abuse, and protect the integrity of the service.
  • Comply with legal obligations, including the six-year record-retention requirement under the Income Tax Act for purchase and tax records.

We do not currently send marketing email. After the paid report is delivered, the emails you receive (account sign-in, receipt, magic link, refund-related correspondence) are transactional under CASL. If we add an opt-in marketing channel in the future, we will obtain your express consent first and provide a one-click unsubscribe.

4. Stripe — Our Payment Processor

Stripe Payments Canada Ltd., with payment processing performed by Stripe, Inc. (United States), processes all payment card data. Stripe collects and stores that data on its own infrastructure, located outside Canada. We never see or store full card numbers. Stripe's privacy policy is available at https://stripe.com/privacy.

By completing a purchase, you acknowledge that your payment information is transferred to and processed by Stripe in the United States, where it is subject to United States law.

We have entered into the data-protection terms required of Stripe customers, and Stripe is contractually bound to use your payment data only to process the transaction and meet its legal obligations.

5. Where Your Data Is Stored

Your account, calculation, and purchase records are stored in our Supabase database. The Supabase project URL currently configured for production is checked at launch from the Supabase Dashboard, including the project's database region; depending on the configured region, this data may be stored in Canada or the United States. Our website is served by Vercel, which routes traffic through edge locations around the world.

  • Accounts, calculations, purchases, analytics events, and authentication records: Supabase (database region as configured for our project).
  • Payment-card data: Stripe (United States).
  • Outgoing email delivery: Resend (United States).
  • Website hosting and edge cache: Vercel (global edge network).

Where personal information is processed outside Canada, we use contractual and technical safeguards consistent with PIPEDA's accountability principle to ensure a comparable level of protection.

6. Retention

  • Purchase and tax records (Stripe receipts, invoices, refund records): retained for at least six (6) years to meet the Canada Revenue Agency record-retention requirement.
  • Account and calculation data: retained for as long as your account is active. You may request deletion at any time.
  • Authentication records and magic-link events: retained as needed for account security, fraud prevention, diagnostics, and legal compliance.
  • Analytics events: retained for up to 26 months in raw form, then aggregated or deleted.
  • Email subscriber records and proof of consent: retained for 3 years after your last interaction, or as required to demonstrate CASL compliance.
  • Server logs: rotated by our hosting provider on a rolling basis (typically 30–90 days).

To request deletion of your account or any personal information we hold about you, email contact@benefitcheck.ca. We may retain limited records of completed purchases to satisfy tax-law retention obligations even after your account is deleted; those records are no longer linked to a live account.

7. Your Rights Under PIPEDA

As a user of our Services, you have the following rights:

  • Right of Access: request a copy of the personal information we hold about you. We respond within 30 days.
  • Right to Correction: ask us to correct information you believe is inaccurate or incomplete.
  • Right to Withdraw Consent: withdraw your consent to any optional processing at any time.
  • Right to Deletion: request deletion of your account and associated data, subject to legal retention obligations.
  • Right to Complain: if you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada.

To exercise any of these rights, contact us at contact@benefitcheck.ca. We may need to verify your identity before fulfilling your request.

Office of the Privacy Commissioner of Canada: www.priv.gc.ca

8. Disclosure of Personal Information

We do not sell, rent, or trade your personal information. We disclose personal information only to:

  • Service providers (Stripe, Supabase, Google OAuth, Vercel, Resend, analytics providers) that process data on our behalf or at your direction and only as needed to operate the Services.
  • Authorities, where required by law, court order, or other lawful demand, or where we believe in good faith that disclosure is necessary to protect rights, safety, or to investigate fraud.
  • A successor entity in the event of a merger, acquisition, or sale of our business; we will notify you of any such transfer and any choices you may have.
  • Other parties with your express consent.

9. Security

  • TLS/HTTPS encryption for all traffic between your browser and our servers.
  • Row-level security policies in our database so users can only access their own records.
  • Passwordless authentication via Supabase email magic links and optional Google OAuth sign-in.
  • Stripe webhook signatures verified server-side; payment events deduplicated by event ID.
  • Service-role database keys are kept server-side only and never exposed to the browser.

No system is perfectly secure, but we work to use commercially reasonable safeguards appropriate to the sensitivity of the information we hold.

10. Children

Our Services are not directed at children under 13, and we do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete it promptly.

11. Data Breach Notification

If a breach of security safeguards creates a real risk of significant harm, we will notify the Office of the Privacy Commissioner of Canada and affected individuals as soon as feasible, in accordance with PIPEDA, and we will keep a record of the breach as required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the Effective Date at the top of this page and post a notice on the website. For significant changes that affect how we use your personal information, we will email you where we have your address. Your continued use of the Services after a change becomes effective constitutes acceptance of the revised Policy.

13. Contact

Email: contact@benefitcheck.ca

Website: https://benefitcheck.ca

© 2025-2026 Global Web Rise — BenefitCheck.ca. All rights reserved.

Contact: contact@benefitcheck.ca | Website: benefitcheck.ca