1. Our Privacy Principles
Protecting privacy is a core value and legal responsibility. We follow five principles:

Transparency — clear explanations of what we collect and why.
User Control — tools to access, correct, delete, or export your data.
Data Minimization — we only collect what is necessary.
Security by Design — encryption, access controls, and ongoing reviews.
Global Compliance — alignment with PIPEDA, GDPR/UK GDPR, CCPA/CPRA, APPI, PDPA, and other laws.
2. Information We Collect
We collect information to provide services effectively and safely:

Personal details: name, email, phone number (as provided by you).
Demographics: age range, gender, occupation, income range (optional).
Service data: privacy scan results, account activity, alerts history.
Technical data: IP address, device, browser, operating system, cookies and analytics logs.
Behavioral data: navigation and usage trends on our site/app.
Voluntary contributions: survey responses, preferences, and feedback.
We do not collect highly sensitive identifiers (e.g., government IDs, passport numbers, or banking credentials) unless strictly necessary and with explicit consent.

3. How We Use Your Data
Deliver personalized privacy protection services, reports, and alerts.
Improve features and user experience, including quality assurance and support.
Provide service communications, policy updates, and relevant offers.
Conduct research and publish anonymized, aggregated insights (never PII).
Comply with legal and regulatory obligations.
We never sell personally identifiable information.

4. Cookies & Tracking
We use cookies and similar technologies for authentication, preferences, analytics, and security.

Essential cookies
Preference cookies
Analytics cookies
Most browsers allow you to control cookies. Disabling some cookies may limit features.

5. Data Sharing & Third Parties
Service providers: cloud hosting, analytics, email delivery, and security vendors under contract and confidentiality.
Legal reasons: to comply with law, court orders, or protect users and our services.
Business transfers: in mergers, acquisitions, or restructuring, with equivalent protections.
Research/Reports: we only share anonymized, aggregated insights.
We do not sell data to advertisers.

6. International Compliance
Dilimi is incorporated in Canada and primarily governed by PIPEDA. We also respect key international frameworks:

Canada — PIPEDA
Access, correction, and consent withdrawal rights. Clear purposes and safeguards.

USA — CCPA/CPRA
For California residents: right to know, delete, and opt out of data sale.

UK & EU — GDPR/UK GDPR
Transparency, minimization, portability, erasure, restriction, objection. Transfers via SCCs.

Japan — APPI
Purpose specification, security controls, and notices for cross-border transfers.

China Mainland — PIPL
We do not actively target Mainland users; some features may be limited. If accessed, data may be processed outside China.

Hong Kong & Macau — PDPO / DPA
Rights to access and correct personal data; purpose limitation applies.

Singapore — PDPA
Consent-based processing; rights to access, correct, and withdraw consent.

Australia — Privacy Act 1988
Access and correction rights; reasonable steps to protect personal information.

7. Data Retention
We retain personal data only as long as necessary for the stated purposes or as required by law. When no longer needed, we anonymize or securely delete it. Retention schedules are reviewed periodically to uphold data minimization.

8. Data Security
Encryption in transit (TLS) and at rest where applicable.
Role-based access controls and least-privilege practices.
Security monitoring, logging, and incident response procedures.
Periodic audits and penetration testing.
No system is perfectly secure; we encourage strong passwords and multifactor authentication where available.

9. Your Rights
Depending on your jurisdiction, you may have rights to:

Access a copy of your personal data.
Correct or update inaccurate information.
Delete your data (“right to be forgotten”).
Restrict or object to processing.
Obtain portability in machine-readable format.
Withdraw consent at any time.
Submit requests to privacy@dilimi.com. We respond within legally required timelines (e.g., 30 days under GDPR).

10. Cross‑Border Transfers
Your data may be processed in Canada or other countries. Where required, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards, apply risk assessments, and ensure vendors implement appropriate protections.

11. Children’s Privacy
Our services are not directed to children under 13 (or 16 in certain jurisdictions). We do not knowingly collect data from minors. If we become aware of such collection, we will delete it promptly.

12. Updates to This Policy
We may update this policy over time. Minor updates will change the effective date; significant changes will be announced via email and prominent website notices.

Back to top ↑
13. Contact Us
Questions, requests, or concerns about this Privacy Policy?

Email: privacy@dilimi.com
Address: Dilimi Inc., [Company Address], Canada