Effective date: April 17, 2026 · Last updated: April 17, 2026
ImmiNorth is an independent Canadian immigration toolkit. We collect the minimum information needed to run the tools you ask us to run, we never sell your data, and you can export or delete your account at any time.
ImmiNorth (“ImmiNorth”, “we”, “us”, or “our”) operates the website imminorth.com and its associated tools, AI features, notifications, and subscription service (collectively, the “Service”).
Under PIPEDA, every organization must designate a person accountable for compliance. You can reach our privacy contact at hello@imminorth.com.
ImmiNorth is not affiliated with, endorsed by, or connected to Immigration, Refugees and Citizenship Canada (IRCC) or the Government of Canada.
We only collect information that is necessary to provide the Service you are using. The table below explains, for each category, what we collect and why.
If you create an account: your email address, and — if you sign in with Google — your name and profile photo as provided by Google OAuth. We do not receive or store your Google password. We authenticate via magic link or Google OAuth only.
If you are signed in and use our CRS calculator, assessment, or journey tracker, we store the inputs you provide (age, education, language test scores, work experience, spouse information where applicable, NOC code, province of interest) and the scores we calculate from them. If you are signed out, these inputs stay in your browser’s localStorage and are never sent to our servers.
If you opt in to draw alerts or push notifications, we store your target CRS score, draw categories of interest, and the push endpoint your browser or operating system provides so we can deliver alerts.
If you subscribe to ImmiNorth Pro, payment is processed by Stripe. We do not see or store your full card number, expiry, or CVC. We store your Stripe customer ID, subscription status, billing email, last four digits of the card, card brand, and billing country solely for account management, tax compliance, and fraud prevention.
When you use our AI-powered question feature, your question — along with relevant context you have saved to your profile (such as your CRS score or stage) — is sent to Anthropic, our AI provider, to generate an answer. We log each question and answer for rate limiting, abuse prevention, and service improvement. We do notuse your questions to train any AI model, and Anthropic’s API terms prohibit them from using our prompts for training.
We use Google Analytics 4 with IP anonymization enabled to understand aggregate traffic patterns (pages viewed, time on site, approximate region, referring source, device type). This data is pseudonymized and, in aggregate, does not identify you. We do not run advertising cookies, tracking pixels from ad networks, or browser fingerprinting.
Our hosting provider (Vercel) retains standard server logs for up to one hour. These logs include IP address, request URL, HTTP status, user agent, and timestamp, and are used for debugging, security monitoring, and abuse prevention.
When we send you email (draw alerts, newsletter, account notifications), Resend reports delivery, open, and bounce events so we can manage list hygiene. We do not sell or share email engagement data.
If you email us, we retain your message and our response to handle the inquiry and, where relevant, improve the Service.
We do not knowingly collect biometric data, precise location, health information, or any category of “sensitive personal information” beyond what is described above. We do not purchase personal information from data brokers.
PIPEDA requires us to identify the specific purposes for which we collect personal information at or before the time of collection. We collect and use your information only for these purposes:
We do not use your personal information for any purpose that is materially different from these without notifying you and, where required by law, obtaining additional consent.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the General Data Protection Regulation (GDPR):
You may withdraw consent at any time by emailing us or using the controls on your account page.
We share personal information only in the limited circumstances described below. We do not sell, rent, trade, or commercially license your personal information to third parties.
We share information with vendors who process data on our behalf, under written agreements that restrict them to using your information only for our purposes and require appropriate security safeguards:
We may disclose information when required by law, court order, lawful warrant, subpoena, or other valid legal process; to comply with regulatory obligations; to enforce our Terms of Use; or where we have a good-faith belief that disclosure is necessary to protect the rights, property, or safety of ImmiNorth, our users, or the public. Where legally permitted, we will notify affected users before disclosure.
If ImmiNorth is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction, subject to standard confidentiality protections and this Privacy Policy. We will notify you of any such transfer that materially changes how your information is handled.
We use AI to generate answers to immigration questions and, in some cases, to surface personalized suggestions on your dashboard. AI output is provided for information only. It is not immigration advice, can be wrong, and must always be verified against canada.ca.
We do not make decisions that produce legal or similarly significant effects solely on the basis of automated processing. If you are in the EU/UK, you have the right under GDPR Article 22 not to be subject to such decisions; because we do not make them, this right is protected by default.
Your AI interactions are sent to Anthropic under an API agreement that prohibits training on your prompts.
ImmiNorth is a Canadian service. Some of our processors (Vercel, Stripe, Anthropic, Google) are based in the United States or route data through US infrastructure. When your information is transferred outside your country, it may be subject to access by governmental authorities under the laws of those jurisdictions, including US surveillance laws such as the USA PATRIOT Act and FISA.
By using the Service, you acknowledge and consent to these transfers. Where required, we rely on Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent mechanisms to protect your information in transit.
We use three categories of cookies:
You can clear or block cookies in your browser settings, or opt out of Google Analytics via the Google Analytics Opt-out Browser Add-on. We do not use advertising, retargeting, or cross-site tracking cookies.
We honour the Global Privacy Control (GPC) signal and “Do Not Track” headers where technically possible by disabling non-essential analytics for those sessions.
We retain personal information only for as long as necessary to fulfil the purposes set out in this policy, unless a longer retention period is required by law.
We use commercially reasonable administrative, technical, and physical safeguards to protect your information:
No system is perfectly secure. If you discover a vulnerability or suspect your account has been compromised, contact hello@imminorth.com immediately.
If a breach of security safeguards creates a real risk of significant harm to you, we will notify you and the Office of the Privacy Commissioner of Canada as soon as feasible, as required by PIPEDA’s Breach of Security Safeguards Regulations. Notification will describe the nature of the breach, the information involved, steps we have taken, and steps you can take to reduce the risk of harm.
Under PIPEDA, GDPR, and applicable provincial privacy laws, you have the following rights. Some rights may be subject to limitations or exemptions under applicable law:
Signed-in users can export or permanently delete their account and associated data from the account page. For any other request, email hello@imminorth.com. We respond within 30 days. We may ask you to verify your identity before acting on a request.
The Service is not directed at children under 13, and we do not knowingly collect personal information from them. A parent or guardian who believes we have information about a child under 13 should contact us and we will delete it. Subscription to Pro requires that you be the age of majority in your province or territory (18 or 19 in Canada depending on province).
If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act give you additional rights:
We do not sell personal information and do not share it for cross-context behavioural advertising. To exercise any of these rights, email hello@imminorth.com.
If you are a Quebec resident, you have additional rights under Quebec’s Act respecting the protection of personal information in the private sector (as amended by Law 25), including rights to data portability, to be informed of automated decision-making, and to request the destruction of your personal information. You can also file a complaint with the Commission d’accès à l’information du Québec.
If you have a concern about how we handle your personal information, please contact us first so we can try to resolve it. If you are not satisfied with our response, you can file a complaint with:
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and — for signed-in users — send an email notice before the change takes effect. Your continued use of the Service after the effective date of a change constitutes acceptance of the revised policy.
For privacy questions, correction requests, deletion requests, or complaints, email hello@imminorth.com. We respond to all privacy inquiries within 30 days.