Privacy Policy

KAIRA TECHNOLOGIES INC.
PRIVACY POLICY

Policy updated on December 20, 2024.

Protecting your privacy is important to Kaira Technologies Inc. (“Kaira” or “we”). That is why we take the privacy of our users’ personal information and compliance with applicable laws very seriously.
The purpose of this Privacy Policy (the “Policy”) is to explain and describe how we collect, use and disclose your personal information. The Policy is designed to comply with Quebec and Canadian privacy laws and, where applicable, the General Data Protection Regulation (“GDPR”) applicable to individuals in the European Union (“EU”).

1. Scope of Policy
The Policy applies to personal information in our possession or control, including information collected when using the Kaira mobile application or when browsing the Kaira website (the “Web Services”). The Policy also applies to information we receive from third parties about you while providing our services.

2. Acceptance
The use of the Web Services is also subject to compliance with our Terms and Conditions, which are available on the Kaira mobile application. By accessing our Web Services, you agree to be bound by the terms and conditions contained in the Policy. If you do not agree to be bound by these terms and conditions, please do not access or use our Web Services.

3. Modifications to the Policy
We occasionally update this Policy and reserve the right to change the content of this Policy at any time. Any changes made will appear on our website and in our application. The date of the latest version of this Policy appears at the bottom of the page. We recommend that you print a copy of this Policy for your records and review this section of our Web Services periodically.

4. Consent
Kaira acknowledges that your consent to the collection, use and disclosure of your personal information must be manifest, free and informed. Your consent must be given for specific purposes. Depending on the nature and sensitivity of the personal information, your consent may be express (such consent may be given orally, in writing or electronically) or implied (for example, when you voluntarily provide us with personal information). Generally, Kaira will seek your consent at the time of collection, except where we are required or otherwise permitted by law.

Your consent can be withdrawn at any time, subject to applicable legal restrictions and reasonable notice. Please note that if you choose to withdraw your consent to the collection, use or disclosure of your personal information, our Web Services may no longer be available to you and Kaira may no longer be able to provide certain services to you.

5. Collection of your personal information
Kaira collects only the personal information about you that is necessary for the purposes of establishing, managing and maintaining its relationship with you.
For example, and without limitation, personal information may be collected when you submit information via our Web Services, register for access to your online account, sign up to receive our newsletter, or participate in other interactive online activities. Personal information collected may include, but is not limited to, identification information, such as your first and last name, date of birth, employer, complete home address, telephone number, e-mail address, and Internet Protocol (commonly called “IP address”).
Information that does not identify you personally such as information about your professional status, family situation, dreams and plans may also be collected to enable us to provide you with personalized services.

6. Collection of personal information through third parties
Generally, we obtain information directly from you. However, we may also collect personal information about you from outside sources, with your consent or without your consent, if permitted by law.
In order to provide services related to your financial health, Kaira will also collect financial information for which you have authorized it directly from your financial institutions. This financial information, which may include, but is not limited to, your salary, assets, liabilities, transactions, loan, credit card, mortgages and other obligations, will be updated automatically to enable us to provide our personalized financial coaching services (on a daily basis or such other frequency as may be required to provide our services).

7. Use of your personal information
The purposes for which Kaira collects your personal information are determined before or at the time of collection. Kaira may use your personal information for the following purposes:
● identify you as a user of our Web Services and allow you to access your account;
● provide you with personalized financial coaching;
● help you maintain good financial health and develop your financial literacy; ● establish and maintain our business relationship;
● improve our service offerings, including the use of Web Services or any other online service, and to support our research and development;
● communicate with you when you submit questions, comments and suggestions; ● provide you with information about our financial services and products that may be of interest to you;
● prevent error and fraud;
● meet legal requirements.
Kaira may also use your personal information to compile statistics. However, these statistics do not identify you and have been de-identified. Your personal information will not be used for purposes other than those described above, except with your consent, or as required or permitted by law.

8. Automated decision making
Your personal information may be used by Kaira to make automated decisions about services that may be of interest or relevance to you. This automated decision making will have no legal or juridical effect on you. It is intended to automatically generate recommendations based on
your personal and financial information. Upon request, Kaira will provide you with information on the functioning of this automated system.

9. Communication of your personal information to third parties in Québec
Kaira recognizes that, except as described below or as permitted by law, the communication of your personal information to third parties requires your consent.
Access to your personal information within our company does not require your consent. However, it is strictly limited to those individuals for whom such information is necessary to carry out their duties and responsibilities.
Kaira may share your personal information, without your consent, with its agents, service providers or consultants who require such information in connection with Kaira’s business or to assist Kaira in administering its Web Services. Such agents, service providers and consultants will contractually guarantee that they will use your personal information exclusively to provide specific services and that they will keep it confidential in accordance with this Policy.
If your employer has provided you with free access to Kaira, we may share with them statistics compiled from your personal information. However, these statistics will not identify you and will have been de-identified. Kaira is committed to de-identifying your personal information and adopting statistical best practices to ensure that your employer cannot identify you.

Kaira may also, without your consent, disclose your personal information, where permitted or required by law, for example, to prevent fraud or serious physical harm to any person. Whenever Kaira is required to disclose your personal information, Kaira will endeavor to disclose no more information than is required under the circumstances.

10. Disclosure of your personal information outside the province in which you ordinarily reside
Kaira may from time to time disclose your information outside of the province in which you normally reside (to another province) as part of the performance of a service or business contract, such as for hosting or data processing. Where applicable, we will take all appropriate measures to ensure that the third-party service provider will protect your personal information with the same standards of protection as Kaira and that your personal information will not be used for purposes other than those permitted by the collection or by law. If we disclose sensitive personal information about you outside of Canada, we will obtain your express consent. You have the right to know, upon request, to whom your personal information is disclosed and the circumstances leading up to the disclosure and contact information for making such a request is provided in section 15 of the Policy.

11. Cookies
Your use of the Web Services allows Kaira to automatically compile certain information about your user profile, which may include the Internet Protocol address (or IP address) of your computer, your geolocation area, the operating system you are using, the identity of your Internet Service Provider, the date and time you access this website, the previous website you visited that provided you with a link to our website, and the content viewed and downloaded from our website.
To do this, our website, like most websites, uses cookies, which are small data files that are stored on your computer when you visit it. Kaira and its service providers use this information to tailor the website to your preferences and to compile statistics about website visits and usage in order to improve the website.
As with most Internet browsers, it is possible to erase cookies from your computer’s hard drive, block the creation of cookies, or receive a warning before a cookie is stored. However, doing so may affect your use of our Web Services and you may not have access to all of its features. We encourage you to visit Ads Setting and Network Advertising Initiative sites and your browser’s instructions or help section for more information about cookies.

12. Security safeguards

Kaira put in place a series of security safeguards to protect your personal information against loss or theft, as well as unauthorized access, disclosure, copying, use and modification, considering, among other things, the sensitivity of the information and the purposes for which it is used.
These security measures include:

● physical measures (e.g., office access cards for employees, registration of visitors, backup and archiving of data using an external system, etc.) ;
● administrative or organizational measures (e.g., restricting access to what is strictly necessary, restricting changes based on the principle of least privilege) ; and ● technological measures (such as de-identifying your personal information, using passwords, using a firewall, encrypting data, using SSL protocol, etc.) that are reasonable in light of the sensitivity of the information, its use, amount, distribution and medium.
Kaira also applies necessary measures to ensure that all of its employees are informed about the contents of the Policy and are aware of its privacy practices.
However, since no mechanism provides flawless security, a residual risk remains. It is your responsibility, if you create an account on our Web Services, to keep your password confidential and to change it regularly, including the usage of Authentification factors (2FA).
If a security incident involving personal information occurs, Kaira will, where required by law, disclose to the Commission d’accès à l’information du Québec, to the Office of the Privacy Commissioner of Canada and to affected individuals the occurrence of such incident, and we will take steps to minimize the impact of the security incident on affected individuals. Kaira will also investigate the security incident and adopt methods to reduce the risk of a same nature or similar type of security incident occurring again. Kaira maintains a record of all security incidents involving personal information and, upon request and where required by law, will make such record available to the appropriate privacy authorities.

13. Accuracy
Kaira recognizes that it is important to keep personal information accurate, complete and up-to date, and takes reasonable steps to ensure the accuracy and completeness of the information it uses or discloses. However, you are responsible to inform Kaira of any significant changes to your personal information that may occur and to ensure that all personal information in your account is accurate.

It is also your responsibility to keep your information up to date with your financial institution given the daily communication of information between your financial institution and Kaira. If you notice that your financial information needs to be corrected, we ask that you make the changes with your financial institution immediately.
Kaira retains your personal information only as long as necessary to fulfill the purpose for which it was collected, to meet legal retention requirements and as long as necessary to protect its legitimate business interests.

14. Processing of personal information of persons within the European Economic Area (EEA) and/or EU
Kaira complies with the provisions of the GDPR, where applicable. Section 14 of the Policy applies exclusively to the processing of personal information in connection with the EEA and the EU, insofar as such processing takes place while the people involved are in the EU or EEA and where the processing activities relate to the provision of goods or services or the monitoring of a person’s conduct, insofar as it involves conduct occurring within the EEA or EU. In case of conflict between this section 14 and the rest of the Policy, the provisions of this section shall prevail, only where the processing takes place while the people involved are in the EU or EEA and where the processing activities relate to the provision of goods or services or the monitoring of the behavior of those persons, to the extent that it is conduct taking place within the EEA or EU.
14.1 Consent – If your consent is provided in a written statement that addresses other matters, Kaira will ensure that the request for consent to process your personal information is clearly separated.
14.2 Collection, Retention and Use of Personal Information – Kaira will not retain personal information longer than is necessary to fulfill the purposes for which it was collected, and Kaira will take reasonable steps to indicate in advance the duration for which that personal information may be retained or the criteria for determining said-duration.
14.3 Automated Individual Decision Making – Kaira recognizes that you have the right to know whether your personal information is processed by an automated decision-making system. Upon request, Kaira will provide you with information on the functioning of this automated system. Unless required or permitted by law, you have the right to refuse to allow that a decision based solely on an automated system be made about you, where that decision has legal consequences for you.
14.4 Privacy Impact Assessment – Kaira will conduct a privacy impact analysis before implementing new technologies that are highly likely to infringe on your rights and freedoms, including your right to privacy.
14.5 Right to Erasure – Where permitted by law, you have the right to request Kaira to remove and erase personal information without unreasonable delay.
14.6 Accuracy and protection – Kaira will implement appropriate technical and organizational measures to protect personal information prior to its collection.
Kaira will only share personal information with outside agents, mandataries, consultants, data processors or service providers when they assure Kaira that appropriate measures are in place to protect personal information.
14.7 Liability – Kaira acknowledges that it is responsible for the protection of personal information and is able to demonstrate its compliance with the GDPR when processing personal information.
14.8 Complaint procedure, right of access or rectification – Kaira takes all necessary measures to facilitate the exercise of your right to access, your right to rectification or your right obtain your personal information. You can always obtain confirmation from us that personal information is being processed. Any rectification or deletion of your personal information will be communicated to third parties to whom the information has been disclosed.

15. Access and rectification requests
All questions or concerns regarding this Policy or about the collection, use and disclosure of your personal information, including requests for access or rectification, should be made in writing to the following contact person:
KAIRA TECHNOLOGIES INC.
Chief Financial Officer
4, Place Ville Marie
Montréal (Québec) H3B 3Y1
Email: mario.vachon@kaira.ai

You have the right to request access to your personal information held by Kaira. You also have the right to obtain confirmation that we hold personal information about you. We will provide you with your personal information, when collected electronically, in a structured, commonly used technological format. You may also request that your personal information be corrected if it is inaccurate, incomplete or misleading, or if its collection, disclosure or retention is not permitted by law.

Kaira will respond to any request for access or correction within 30 days of receiving the written request. In the event of a refusal to provide or correct information, Kaira will inform you of the reasons for the refusal and the sections of the applicable law that support the refusal, subject to the limitations of the law, and inform you of your recourses.
If Kaira refuses to correct your personal information, we will allow you to provide written comments to your file regarding the personal information that was refused correction. Kaira will also retain the personal information that has been the subject of an access request for as long as necessary to allow you to exhaust any recourse provided by law.
For more information about your privacy and your rights, you may contact the following law enforcement authorities:
● In Canada: Office of the Privacy Commissioner of Canada www.priv.gc.ca ● In the European Union: National Commission on Informatics and Liberty www.cnil.fr