Effective Date: March 19, 2026 · Last Updated: March 19, 2026
CanadaClouds, operating as MarginMagic(“we”, “us”, or “our”), is committed to protecting the privacy and personal information of our users (“you” or “your”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the MarginMagic application and related services (collectively, the “Service”).
We are a Canadian business and comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and all applicable Canadian privacy legislation. By using the Service, you consent to the collection and use of your information in accordance with this Privacy Policy.
1. Information We Collect
We collect the following categories of information:
1.1 Account Information
Name and email address
Business name and role
Password (stored in hashed form only)
1.2 Business Data from QuickBooks
When you connect your QuickBooks account, we access the following data with your explicit consent:
Product catalog information: item names, part numbers/SKUs, descriptions, and unit prices
We do not access or store: payment data, customer lists, employee information, bank or financial account details, tax agency data, vendor contact information, invoices, bills, or purchase transactions.
1.3 Competitor Pricing Data
Publicly available product prices from competitor websites
Product matching data used to compare your catalog against competitors
1.4 Usage Data
Pages visited, features used, and interaction patterns
Browser type, device information, and IP address
Error logs and performance data
2. How We Use Your Information
We use the information we collect to:
Calculate and display your product margins based on cost and selling price data
Compare your pricing against publicly available competitor prices
Generate reports, alerts, and recommendations to help you optimize margins
Provide historical price trend analysis and margin tracking over time
Authenticate your identity and maintain your account security
Improve, maintain, and troubleshoot the Service
Communicate with you about your account and Service updates
Comply with legal obligations
3. How We Store and Protect Your Data
We take the security of your data seriously and employ the following measures:
Encryption at rest: All data stored in our database (powered by Supabase/PostgreSQL) is encrypted at rest using AES-256 encryption.
Encryption in transit: All communications between your browser and our servers are encrypted using TLS 1.2 or higher.
Row-Level Security (RLS): Our database enforces row-level security policies ensuring that each user can only access their own data. Your business data is never accessible to other users.
Access controls: Administrative access to production systems is restricted, audited, and requires multi-factor authentication.
Secrets management: API keys, credentials, and tokens are stored in a dedicated secrets management service and are never hardcoded or stored in source code.
4. How We Share Your Data
We do not sell your personal information or business data to any third party.
We do not share your data with third parties for their marketing or advertising purposes. Your business data (product catalogs, pricing, margins, purchase history) is strictly confidential and is used solely to provide the Service to you.
We may share limited information only in the following circumstances:
Service providers: We use third-party infrastructure providers (such as Supabase for database hosting and Vercel for application hosting) that process data on our behalf under strict contractual obligations to protect your data.
Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
Business transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.
5. Your Rights
Under PIPEDA and applicable Canadian privacy legislation, you have the following rights regarding your personal information:
Right to access: You may request a copy of all personal and business data we hold about you. We will respond within 30 days.
Right to correction: You may request correction of any inaccurate or incomplete personal information.
Right to deletion: You may request deletion of your account and all associated data. Upon request, we will delete your data within 30 days, except where retention is required by law.
Right to withdraw consent: You may revoke your consent for data collection at any time by disconnecting your QuickBooks account or deleting your MarginMagic account. Withdrawal of consent may limit your ability to use certain features of the Service.
In the event of a breach of security safeguards involving your personal information, we are committed to transparency and prompt action. In accordance with PIPEDA and the Breach of Security Safeguards Regulations, we will:
Notify affected users within 72 hours of determining that the breach poses a real risk of significant harm
Provide you with a description of the incident, the types of information involved, and steps you can take to reduce the risk of harm
Maintain records of all security breaches for a minimum of 24 months as required by law
If you believe your data may have been compromised, contact our Privacy Officer immediately at privacy@canadaclouds.org.
6. Data Retention
We retain your data according to the following schedule:
Account information: Retained for as long as your account is active, and deleted within 30 days of account deletion request.
Price history and margin data: Retained for up to 5 years to support historical trend analysis and reporting. Deleted upon account deletion request.
Usage and analytics data: Retained for up to 2 years in anonymized form for service improvement.
QuickBooks integration tokens: Revoked and deleted immediately when you disconnect your QuickBooks account.
You may request immediate deletion of all your data at any time by contacting us at privacy@canadaclouds.org.
7. QuickBooks Integration
MarginMagic integrates with Intuit QuickBooks to import your product catalog data. When you connect your QuickBooks account:
You are redirected to Intuit to authorize access via OAuth 2.0.
We request only the minimum permissions necessary to read your product catalog (item names, prices, part numbers, and descriptions).
Your QuickBooks credentials are never stored by MarginMagic. We store only the authorization tokens required to sync data.
You may revoke access at any time through your MarginMagic account settings or directly through your Intuit account at accounts.intuit.com.
7.1 Data We Access
We access only product catalog information from QuickBooks: item names, selling prices, part numbers (SKUs), and descriptions. This data is used solely to calculate and compare your product margins.
7.2 Data We Do Not Access
MarginMagic does not access, collect, or store any of the following from your QuickBooks account:
Payment or transaction data
Customer names, contact details, or account balances
Employee information (names, pay rates, tax details)
Bank account or financial institution details
Tax agency information or tax filings
Invoices, bills, purchase orders, or sales receipts
7.3 Data Flow
When you sync your QuickBooks data, it flows through the following path: your QuickBooks account hosted by Intuit (United States) is accessed via their API, processed by our application hosted on AWS (United States), and stored in our database hosted on Supabase. All transfers occur over encrypted connections (TLS 1.2+).
7.4 Retention and Deletion
QuickBooks product data is retained for the duration of your active subscription. You can disconnect your QuickBooks account at any time through your account settings to stop further data synchronization.
When you disconnect QuickBooks, you may choose to delete all previously synced product data. If you do not request deletion, synced product data remains available in your account but is no longer updated from QuickBooks. Upon account deletion, all synced data is permanently removed within 30 days.
8. Cookies and Tracking
We use essential cookies required for the Service to function, including authentication session cookies and user preference cookies (such as theme selection). We do not use third-party advertising or tracking cookies.
9. Cross-Border Data Transfers
Some of our infrastructure providers may process or store data in the United States. Where your data is transferred outside of Canada, we ensure that adequate safeguards are in place through contractual obligations with our service providers that require them to protect your data to a standard consistent with Canadian privacy law.
10. Children's Privacy
The Service is intended for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice within the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.
12. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: