Privacy Policy
This Privacy Policy explains how Looni handles your personal information. We've written it in plain English because you deserve to understand exactly what happens with your data before you trust us with it. This policy is built around Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and reflects the privacy expectations of people in Ontario and across Canada.
1. Who we are
Looni is operated by Looni Financial Inc., a company based in Ontario, Canada. You can find us online at loonifinancial.com. We help Canadians find and keep more of their money — spotting wasted subscriptions, hidden fees, and other small leaks that quietly drain your bank account.
For the purposes of PIPEDA, Looni Financial Inc. is the organization responsible for the personal information described in this policy. If you ever have a question about your privacy, you can reach our team using the contact details at the end of this page.
2. Information we collect
The information we collect depends on how you use Looni.
If you join the waitlist, we collect:
- Your name
- Your email address
If you use the Looni app, we may collect:
- Identity and contact information — such as your name, email address, and details you provide when you create and manage your account.
- Financial account data — accessed read-only through our banking partners, Plaid and Flinks. This includes account details, balances, and transaction history so we can analyze your spending and surface savings.
- Device, usage, and analytics data — such as your device type, operating system, app version, IP address, and how you interact with the app, which helps us keep the service working and improve it.
- Cookies and similar technologies — used on our website and in our service. You can learn more in our Cookie Policy.
3. How we use your information
We only use your personal information for clear, limited purposes:
- To provide and improve the service — running the app, maintaining your account, and making Looni better over time.
- To find savings and money leaks — analyzing your accounts to spot wasted subscriptions, duplicate charges, hidden fees, and other ways to keep more of your money.
- For security and fraud prevention — protecting your account and our service against unauthorized access, fraud, and abuse.
- To communicate with you — sending account updates, savings insights, support replies, and (where you've agreed) product news.
- To meet our legal obligations — complying with applicable laws, regulations, and lawful requests.
4. Consent
Under PIPEDA, your consent is the foundation of how we handle your information. We obtain your consent when you join the waitlist, create an account, or connect a financial account, and we make sure you understand what you're agreeing to. The type of consent we seek is appropriate to the sensitivity of the information — connecting your bank data, for example, always requires your clear, express consent.
You can withdraw your consent at any time, subject to legal or contractual limits and reasonable notice. To withdraw consent, disconnect an account, or close your account, just contact us at privacy@loonifinancial.com. We'll explain any consequences of withdrawing consent before we act on your request.
5. Your banking data
When you connect a financial account, that access happens read-only through our trusted partners, Plaid and Flinks. This means a few important things:
- We never store your banking login credentials — your username and password are handled by Plaid or Flinks and are never visible to us.
- Your data is encrypted in transit and at rest.
- We never move your money. Looni cannot make payments, transfers, or any changes to your accounts. We can only read account information to find you savings.
6. We never sell your personal information
Plainly: Looni does not sell your personal information. We don't sell it, rent it, or trade it to advertisers, data brokers, or anyone else. Your financial data is yours, and we treat it that way.
7. Service providers and sub-processors
We rely on a small group of vetted service providers to run Looni. We share only the limited data each provider needs to do its job, and every one of them is bound by contract to protect your information and use it only on our instructions. Our current providers include:
- Supabase — database, authentication, and hosting.
- Vercel — website and application hosting.
- Plaid and Flinks — secure bank-data aggregation.
- Resend — sending emails such as account and service messages.
- Stripe — processing payments for Looni Pro.
Cross-border transfers: Some of these providers may store or process data outside of Canada, including in the United States. When that happens, your information may be subject to the laws of those countries. We take reasonable steps — including contractual protections — to ensure your data continues to be safeguarded at a comparable level, and we only work with providers we trust to handle it responsibly.
8. Security
We protect your information with safeguards appropriate to its sensitivity. These include:
- Encryption of data in transit and at rest.
- Access controls that limit who can see your data.
- Least-privilege practices, so team members and systems only have the access they genuinely need.
No system can promise perfect security, but we work hard to keep your data safe and to continually strengthen our protections.
9. Data retention
We keep your personal information only as long as it's needed for the purposes described in this policy, or for as long as the law requires us to. When information is no longer needed, we take steps to securely delete or anonymize it. If you close your account or withdraw consent, we'll remove your data except where we're required to retain certain records.
10. Your rights under PIPEDA
Canadian privacy law gives you meaningful rights over your personal information. With Looni, you can:
- Access the personal information we hold about you.
- Correct information that's inaccurate or incomplete.
- Withdraw consent and ask us to stop using or to delete your information, subject to legal limits.
To exercise any of these rights, contact us at privacy@loonifinancial.com. If you're not satisfied with how we've handled your privacy, you have the right to complain to the Office of the Privacy Commissioner of Canada (OPC). You can learn more at https://www.priv.gc.ca.
11. Children
Looni is not intended for anyone under the age of 18. We don't knowingly collect personal information from children. If you believe a minor has provided us with information, please contact us and we'll take steps to remove it.
12. Changes to this policy
We may update this Privacy Policy from time to time as our service evolves or as the law changes. When we do, we'll post the updated version here with a new "Last updated" date. If the changes are significant, we'll take reasonable steps to let you know.
13. Contact us
If you have any questions, requests, or concerns about your privacy, we're here to help. Email us at privacy@loonifinancial.com and a member of our team will get back to you.