Privacy Policy

Effective date: May 22, 2026 · Last updated: June 11, 2026

This Privacy Policy describes how Hisavings Internet Inc. (operating the YepSavings brand — “YepSavings,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects personal information when you access yepsavings.com, our mobile-web experiences, our email communications, and our official social media accounts (collectively, the “Service”).

At a glance

We are a Canadian company. Our servers and core data stores are hosted in Canada (AWS ca-central-1). Some processors (analytics, advertising, email) operate from the United States.
We do not sell your personal information for money. We do share limited identifiers and behavioural data with advertising and analytics partners, which under California law (CCPA/CPRA) is treated as a “sale” or “share.” You can opt out at any time — see Section 11.
We honour the Global Privacy Control (GPC) browser signal as a valid opt-out of sale and sharing.
You can delete your account at any time using the Delete My Account option in the site menu; we remove your data from our active systems and from our email provider within a short, defined window. See Section 18.
Privacy questions, requests, or complaints: email yepsavings@gmail.com — attention: Privacy Officer.

Who we are and how to contact us
Scope and acceptance
Cross-border storage and transfers
Information we collect
How we use information
How we share information
Cookies and tracking technologies
Third-party processors and recipients
Your privacy rights
Sensitive personal information
Do Not Sell or Share · GPC · DNT
Automated decision-making and profiling
Children’s privacy
Data retention
Security and breach notification
Google Sign-In and Google One Tap
Analytics and the User-ID feature
Account deletion
Email marketing and CASL
Third-party links
Changes to this policy
Contact and complaints

1. Who we are and how to contact us

The Service is operated by Hisavings Internet Inc., a corporation organized under the laws of British Columbia, Canada. Where this Policy refers to “YepSavings,” “we,” “us,” or “our,” it refers to Hisavings Internet Inc.

Privacy Officer. We have designated an individual accountable for our compliance with this Policy and with applicable privacy laws, including the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec’s Act respecting the protection of personal information in the private sector (Law 25). You can reach our Privacy Officer at yepsavings@gmail.com with the subject line “Privacy Officer”.

2. Scope and acceptance

This Policy applies to personal information we collect through the Service. It does not apply to information collected by third parties we do not control, even if their content is embedded in or linked from the Service.

By accessing or using the Service, you acknowledge that you have read and understood this Policy. New features that augment the Service are subject to this Policy unless we state otherwise. Material changes are communicated as described in Section 21.

3. Cross-border storage and transfers

Our primary application servers, databases, and file storage are hosted in Canada (AWS region ca-central-1, Montreal). However, several of the processors and advertising third parties we engage to operate the Service may store, process, or access personal information from outside Canada — primarily the United States, and in the case of MailerLite, the European Union (Lithuania). These recipients are listed in Section 8.

When personal information is transferred outside Canada, it may be accessible to foreign courts, law enforcement, and regulators under the laws of the receiving jurisdiction. We rely on contractual and technical safeguards proportionate to the sensitivity of the information, including written data-processing agreements (or equivalent controller-to-controller agreements where the recipient acts as an independent third party), encryption in transit, encryption at rest where supported, role-based access controls, and audit logging. We use these providers because they are necessary to operate the Service; we do not transfer personal information abroad for any purpose disconnected from the Service.

EEA, UK, and Swiss residents. To the extent any personal information of residents of the European Economic Area, United Kingdom, or Switzerland is transferred to Canada through incidental access to the Service, we rely on the European Commission’s adequacy decision for Canada (commercial organizations subject to PIPEDA) and on the UK extension of that adequacy decision. For onward transfers from Canada to the United States (e.g., Ezoic, Google, Stripe) and other third countries, the European Commission’s Standard Contractual Clauses (2021/914) and the UK International Data Transfer Addendum would apply where mandatory, alongside the contractual and technical safeguards described above. The volume and nature of EEA/UK processing is addressed further in Section 9.5.

4. Information we collect

For California-residents’ reference, we list categories below using the enumeration in Cal. Civ. Code §1798.140(v). We have collected information in the following categories within the 12 months preceding the last-updated date.

4.1 Identifiers

Account email address, display name, profile picture URL.
Internal numeric user ID (a surrogate key generated by our backend, not derived from your name or email).
IP address, device identifiers, browser cookies and similar identifiers.

4.2 Customer-records information

Where you voluntarily provide them: phone number, mailing address (for contests / fulfilment), Stripe-managed payment identifiers if you purchase a paid feature. We do not store full card numbers; Stripe processes and stores payment credentials directly.
If you purchase a Premium subscription: our internal record of your Stripe customer ID, subscription ID, plan, billing period, payment status, cancellation status, and related Stripe webhook events. Full card and payment-method details are held by Stripe only.

4.3 Commercial information

Shopping-list items, watch-list items, deal interactions (saves, clicks, dismissals).
Records of any paid subscriptions, redemption history, and transactional events (held by Stripe under their retention policy).

4.4 Internet or network activity

Pages viewed, referring/exit pages, session duration, search terms within the Service, scroll depth on long pages, time on page.
Ad interactions (impressions, viewability, clicks) recorded by our ad partner Ezoic and its downstream demand-side platforms.

4.5 Geolocation data

Approximate location inferred from IP (city/region level) used to default you to the nearest Costco warehouse and to localize pricing and flyer content. We do not request or store precise GPS coordinates.

4.6 Inferences

Inferences drawn from the categories above to personalize content (e.g., predicted store preference, content engagement signals).

4.7 Categories we do NOT collect

For completeness with respect to the CCPA §1798.140(v) category enumeration, we do not knowingly collect:

Characteristics of protected classifications (Cat. C) under California or federal law — age, race, color, religion or creed, ancestry, national origin, citizenship, immigration status, marital status, medical condition, mental or physical disability, sex, sexual orientation, gender identity or expression, veteran or military status, or genetic information.
Biometric information (Cat. E) — fingerprints, retina or iris images, voiceprints, keystroke patterns, or other physiological, biological, or behavioural identifiers.
Sensory data (Cat. H) — audio, electronic, visual, thermal, olfactory, or similar information.
Professional or employment-related information (Cat. I).
Non-public education information (Cat. J) under the federal Family Educational Rights and Privacy Act (FERPA) and its implementing regulations.
Government-issued identifiers — Social Insurance Number, driver’s licence, passport, health card, provincial ID.
Sensitive personal information for secondary purposes under CPRA §1798.140(ae) — see Section 10.
The content of private communications (mail, chat, SMS) routed outside the Service.

4.8 Sources of the information

Directly from you — when you create an account, sign in, contact us, subscribe to email, or interact with features.
Automatically — via cookies, log files, SDKs, and pixels as you use the Service.
From third-party identity providers — Google (Sign-In, One Tap) and Facebook (Login) share verified email, name, and profile picture only if you choose those sign-in methods. See Section 16.
From advertising and analytics partners — Ezoic and its demand partners, Google Analytics, and GTM share aggregated and pseudonymous performance signals back to us.

4.9 California sale, share, and retention disclosure

The following disclosure satisfies the Right-to-Know notice requirements of Cal. Civ. Code §1798.130(a)(5) and the CPRA regulations at 11 CCR §7011(e). For each category of personal information we collect, we identify whether it is sold or shared (as those terms are defined under CCPA/CPRA), the categories of recipients, the business or commercial purpose, and the retention period.

Cat. A — Identifiers (collected, see §4.1).

Sold or shared? Pseudonymous online identifiers (cookies, device identifiers, IP-derived approximate location) attached to cross-context behavioural advertising are sold or shared with advertising third parties (as those terms are defined under CCPA/CPRA, regardless of whether monetary consideration is exchanged). Account email, display name, profile picture, and our internal numeric user ID are not sold and not shared.
Recipients. Advertising and analytics third parties (Ezoic and downstream demand-side platforms, including Google and Meta) for online identifiers; service providers (AWS, CloudFront, MailerLite, Stripe) for account identifiers; identity providers (Google, Meta) for federated sign-in identifiers if you choose those methods.
Purpose. Operating accounts; serving, measuring, and capping advertising; security and anti-fraud; analytics.
Retention. Account record for the life of the account; web server access logs for 90 days; pseudonymous analytics events for 14 months; advertising identifiers managed by Ezoic partners under their own retention.

Cat. B — Customer-records information (collected, see §4.2).

Sold or shared? Not sold and not shared.
Recipients. Service providers strictly necessary to deliver the Service (AWS for storage; Stripe for payment processing if you purchase a paid feature; MailerLite for transactional email).
Purpose. Account management, customer support, fulfilment, payment processing.
Retention. Life of the account; payment records retained by Stripe under its own policy.

Cat. D — Commercial information (collected, see §4.3).

Sold or shared? Aggregate shopping-list and deal-interaction signals contribute to anonymized analytics; not sold and not shared in an identifiable form.
Recipients. Service providers (AWS, Google Analytics).
Purpose. Personalizing the deal feed, measuring feature usage.
Retention. Life of the account.

Cat. F — Internet or network activity (collected, see §4.4).

Sold or shared? Pseudonymous activity tied to advertising identifiers is sold or shared with Ezoic and downstream demand partners for cross-context behavioural advertising; first-party activity tied to your account is not sold and not shared.
Recipients. Advertising and analytics third parties (pseudonymous); service providers (account-bound).
Purpose. Advertising, analytics, security, diagnostics.
Retention. 14 months in Google Analytics; 90 days in web server access logs.

Cat. G — Geolocation (collected, see §4.5).

Sold or shared? Approximate IP-derived location is included in the pseudonymous advertising signal sold or shared with Ezoic and demand partners. We do not collect or transmit precise GPS coordinates.
Recipients. Advertising and analytics third parties; service providers.
Purpose. Defaulting the user to the nearest Costco warehouse; localized advertising.
Retention. 14 months in analytics; 90 days in access logs.

Cat. K — Inferences (collected, see §4.6).

Sold or shared? Aggregate behavioural-segment signals are sold or shared with Ezoic and demand partners for advertising in the same way as the underlying activity data.
Recipients. Advertising and analytics third parties.
Purpose. Personalization, advertising frequency capping.
Retention. Derived in real time; not retained beyond the underlying activity records.

Categories C, E, H, I, and J are not collected (see §4.7) and are therefore not sold, not shared, and have no retention period.

5. How we use information

We use personal information for the purposes listed below. Where we operate under the EU General Data Protection Regulation (GDPR) or the UK GDPR, the lawful basis is indicated in parentheses.

To create and operate your account, deliver the Service, and provide customer support (performance of a contract).
To personalize content (default warehouse, deal recommendations) and remember your preferences across sessions (legitimate interests/ consent for non-essential cookies).
To measure and improve the Service using analytics, including cross-device measurement via the GA4 User-ID feature described in Section 17 (legitimate interests / consent where required).
To serve and measure advertising through Ezoic and downstream demand partners (consent in regulated regions; legitimate interests elsewhere, subject to opt-out).
To send transactional emails (account, password, deletion confirmation) and, where you have opted in, marketing emails via MailerLite (consent; see Section 19).
To detect, prevent, and respond to fraud, abuse, security incidents, and policy violations (legitimate interests / legal obligation).
To comply with legal obligations, respond to lawful requests, enforce our Terms, and defend our rights (legal obligation / legitimate interests).

We do not use your information to make decisions that produce legal or similarly significant effects about you without human involvement — see Section 12.

6.1 Service providers (processors)

We share information with vendors that process information on our behalf under written contracts that restrict use of the information to providing services to us. See the complete list in Section 8.

6.2 Advertising and analytics third parties

We work with Ezoic and downstream demand-side platforms (which include Google, Meta/Facebook, and other IAB-TCF-registered vendors) to deliver and measure advertising. These entities act as independent third parties or controllers, not as service providers or processors acting on our behalf, because they determine their own purposes and means of further processing the information they receive (including building their own user profiles and selling or sharing those profiles with their downstream demand chains). Google Analytics 4 is configured as a service provider for first-party measurement but Google’s use of GA data may, under its own terms, also fall under independent-controller processing for certain functions.

These third parties receive cookies, online identifiers, IP-derived approximate location, and behavioural signals from your device when you visit the Service. Under the California Consumer Privacy Act as amended by the CPRA, this exchange of identifiers and behavioural data for cross-context behavioural advertising is treated as a “sale” or “share” regardless of whether money changes hands. The detailed disclosure required by Cal. Civ. Code §1798.130(a)(5) is provided at Section 4.9. You can opt out at any time — see Section 11.

If you hold an active Premium (ad-free) subscription, advertising is not loaded while you are signed in: during those sessions the advertising identifiers and behavioural signals described above are not shared with Ezoic or its demand partners.

6.3 Identity providers

If you choose Google or Facebook sign-in, the relevant identity provider receives a sign-in event and we receive your verified email, name, and profile picture. The provider’s own privacy policy governs their processing.

6.4 Legal, safety, and corporate transactions

We may disclose information when required by applicable law, valid legal process, or government request; to enforce our Terms; or to protect the rights, property, or safety of YepSavings, our users, or the public.
In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We will notify users of any change in ownership or material change in handling of personal information.

6.5 With your consent

We share information with other parties when you direct us to do so — for example, by clicking a share link for your shopping list.

6.6 What we never do

We do not sell your personal information for monetary consideration.
We do not share your internal user ID, email, or name with advertising networks for ad targeting.
We do not knowingly sell or share personal information of consumers we know to be under 16.

7. Cookies and tracking technologies

We and our partners use cookies, pixel tags, SDKs, local storage, and similar technologies. They fall into four categories:

Strictly necessary — required for the Service to function (authentication session, CSRF protection, store-selection cookie ys_store_url, load-balancer routing). Cannot be disabled without breaking the Service.
Functional — remember preferences such as your shopping list, default warehouse, and recently viewed items (localStorage; persisted across sessions).
Analytics — Google Analytics 4 and Google Tag Manager; measure aggregate usage and feature performance.
Advertising — Ezoic and its downstream demand partners; serve and measure advertising and frequency-cap impressions.

A live, automatically updated list of specific cookies and vendors is published by our consent-management platform at the bottom of this page. If that list fails to load (for example, because you have blocked the consent-management script or your browser is offline), you can request a static snapshot of the most recent vendor list by emailing our Privacy Officer at yepsavings@gmail.com.

You can manage analytics and advertising cookies by:

Using the consent controls surfaced by our consent-management platform in regulated regions.
Sending a Global Privacy Control (GPC) signal from your browser or extension; we treat this as a valid opt-out of sale and sharing.
Using industry opt-outs: Digital Advertising Alliance optout.aboutads.info, Network Advertising Initiative optout.networkadvertising.org, AdChoices Canada youradchoices.ca.
Installing the Google Analytics Opt-Out Browser Add-On.
Clearing cookies and disabling them in your browser settings (this may impair functional features).

Do Not Track: Most browsers offer a Do Not Track (DNT) setting. Because there is no industry consensus on how to interpret DNT signals, we do not respond to DNT. We do respond to GPC signals as described above and in Section 11.

8. Third-party recipients

We rely on the recipients listed below. Each is engaged under the relevant vendor’s standard data-processing terms (for service providers acting on our behalf) or the vendor’s standard controller-to-controller terms (for independent third parties). Where a recipient has not made a written privacy agreement available, we assess whether the recipient’s published privacy commitments and certifications provide equivalent protection before relying on them. Jurisdiction indicates the primary processing location.

8.1 Service providers (processors acting on our behalf)

Amazon Web Services (AWS) — application hosting, primary databases, file storage, and transactional and notification email delivery (Amazon SES, including Premium Sale Alert emails). Canada (ca-central-1).
Amazon CloudFront — content delivery network and edge caching for static assets and HTML. Global edge; origin in Canada.
MailerLite (UAB “MailerLite”) — transactional and marketing email delivery, supporting privacy-erasure API for account deletion. European Union (Lithuania).
Stripe, Inc. — payment processing for any paid features. United States. Stripe stores card and payment-method data as an independent controller under its own privacy policy and retention schedule; we receive only tokenized references.

8.2 Independent third parties and controllers

The following entities act as independent third parties or independent controllers with respect to information they receive when you use the Service. They determine their own purposes and means of further processing.

Ezoic, Inc. — advertising mediation, consent-management platform, and ad performance analytics. United States; serves global edge. Ezoic and its downstream demand-side platforms further share information among themselves for advertising purposes.
Google LLC — Google Analytics 4 and Google Tag Manager (acting as a service provider for first-party measurement, and as an independent controller for certain Google-operated functions per Google’s own terms); Google Sign-In and Google One Tap (identity provider, independent controller). United States.
Meta Platforms, Inc. (Facebook) — Facebook Login if you choose it; independent controller. United States.

We update this list when we add, replace, or remove a material recipient. The most current list lives at this section of the Policy.

9. Your privacy rights

Subject to your jurisdiction and to verification of your identity, you have the rights described below. To exercise any right, email yepsavings@gmail.com — attention: Privacy Officer.

9.1 Canada (PIPEDA)

Access the personal information we hold about you, subject to limited exceptions in the Act.
Correct information that is inaccurate or incomplete.
Withdraw consent to collection, use, or disclosure, subject to legal or contractual restrictions and reasonable notice. Withdrawal may affect access to features that depend on the withdrawn consent.
Receive a response to an access request within 30 days (extension permitted under PIPEDA s.8(3)).
File a complaint with us first and, if unresolved, with the Office of the Privacy Commissioner of Canada (priv.gc.ca).

9.2 Quebec (Law 25)

In addition to the PIPEDA rights above, Quebec residents have:

The right to be informed of the existence of an automated decision that produces effects on them, and to request human review (Section 12).
The right to data portability — to receive, in a structured and commonly used technological format, the personal information you have provided us.
The right to deindexation — to request that a hyperlink linking your name to information that disseminates a serious injury to reputation or privacy be ceased.
The right to file a complaint with the Commission d’accès à l’information du Québec (cai.gouv.qc.ca).

9.3 California (CCPA / CPRA)

California residents have the rights listed below. The summary disclosure required by Cal. Civ. Code §1798.130(a)(5) is provided in Section 4.9.

Right to know what personal information we have collected, the sources, the business purposes, the categories of recipients, and the categories sold or shared, over the preceding 12 months (or longer where requested).
Right to data portability — to receive a copy of the specific pieces of personal information we have collected about you in a structured, commonly used, and machine-readable format that allows you to transmit the information to another entity without hindrance, per Cal. Civ. Code §1798.110(a)(5) and §1798.130(a)(2)(B).
Right to delete personal information we have collected, subject to statutory exceptions (legal compliance, security, completion of transactions, backups).
Right to correct inaccurate personal information.
Right to opt out of sale or sharing — see Section 11.
Right to limit use and disclosure of sensitive personal information — we do not use sensitive PI for any purpose outside the limited purposes permitted by CPRA §1798.121(a) and 11 CCR §7027(m), so this right is satisfied by default; see Section 10.
Right to non-discrimination — we will not deny services, charge different prices, or provide a different level of quality because you exercised a privacy right. We offer an optional paid Premium subscription that adds features (Sale Alert emails and ad-free browsing). Premium is a paid feature set, not an exchange of personal information: free users who exercise their privacy rights, including opting out of sale or sharing, are not charged and do not receive a lower quality of the free Service. We do not offer financial incentive programs in exchange for the collection, sale, or retention of personal information, so no notice of financial incentive under Cal. Civ. Code §1798.125(b) is required.
Right to use an authorized agent — you may designate an authorized agent to submit a request on your behalf. We will ask the agent to provide written authorization signed by you and will verify your identity directly. Powers of attorney under Cal. Prob. Code §4000 et seq. are accepted in lieu of agent verification.

Verification. To verify your identity we will ask you to confirm information already associated with your account (e.g., the email used at registration). For high-risk requests we may require additional verification proportionate to the sensitivity of the data.

Response times. We will confirm receipt of a verifiable request within 10 business days and respond substantively within 45 calendar days (extendable once by 45 days with notice).

Shine the Light (Cal. Civ. Code §1798.83). California residents may request information about disclosures of personal information to third parties for those parties’ direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes.

9.4 Other U.S. states

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Oregon (OCPA), Montana (MCDPA), Texas (TDPSA), Delaware (DPDPA), Iowa (ICDPA), Indiana (INCDPA), Tennessee (TIPA), New Hampshire, New Jersey, Florida, and other states with comprehensive consumer privacy laws have rights to access, correct, delete, port, and opt out of targeted advertising and certain profiling. Submit requests to yepsavings@gmail.com — attention: Privacy Officer.

Universal opt-out signals. Where required by state law (Colorado CPA, Connecticut CTDPA, Texas TDPSA, Oregon OCPA, and others as those provisions come into force), we recognize the Global Privacy Control (GPC) and any other universal opt-out mechanisms designated by the relevant state attorney general as a valid opt-out of sale, share, and targeted advertising. See Section 11.

Sensitive-data consent (Colorado, Connecticut, Virginia, and others). Where state law requires opt-in consent for the processing of sensitive data, we do not process such data without that consent. As noted in Section 10, we do not knowingly collect sensitive data outside the limited categories necessary to operate the Service.

Appeal of a denied request. If we deny your request in whole or in part, you may appeal by replying to our response email with the word “Appeal” in the subject line. We will review the appeal and respond within 45 days (Colorado, Connecticut, Virginia, Texas) or 60 days (other states) of receipt, with a written explanation of the action taken. If the appeal is denied, we will provide information on how to file a complaint with your state attorney general.

Oregon — list of specific third parties. Oregon residents have an additional right under the OCPA to request a list of the specific third parties (not just categories) to whom we have disclosed their personal data. Submit the request to our Privacy Officer.

9.5 European Economic Area, United Kingdom, and Switzerland

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR, UK GDPR, or Swiss FADP, subject to the conditions in those laws:

Right of access (GDPR Art. 15).
Right to rectification (Art. 16).
Right to erasure / “right to be forgotten” (Art. 17).
Right to restriction of processing (Art. 18).
Right to data portability (Art. 20).
Right to object to processing (Art. 21).
Right not to be subject to a decision based solely on automated processing (Art. 22) — see Section 12.
Right to lodge a complaint with your local supervisory authority.
Where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Territorial scope. YepSavings is operated from Canada and targeted at Canadian consumers; the Service offers no EEA-specific language, currency, retail partnerships, or marketing. We do not intentionally direct goods or services to the EEA, UK, or Switzerland within the meaning of GDPR Article 3(2)(a). However, our analytics and advertising tools (Google Analytics 4, Ezoic and its demand partners) may, when EEA residents visit the Service, monitor behaviour that occurs within the Union for the purposes of GDPR Article 3(2)(b). To the extent the GDPR or UK GDPR applies on that basis, the rights above apply and this Policy is the Article 13 disclosure for that processing.

Article 27 representative. We have not designated an EU or UK representative under GDPR Article 27. The Service is operated from Canada for a primarily Canadian audience; EEA, UK, and Swiss visitor traffic to YepSavings is incidental. The processing of EEA/UK/Swiss personal data that may fall within Article 3(2)(b) is limited to pseudonymous analytics and advertising signals and does not include special categories of personal data under Article 9 or personal data relating to criminal convictions under Article 10. On that basis we rely on the exemption in Article 27(2)(a) for processing that is occasional, not large-scale of special-category data, and unlikely to result in a risk to the rights and freedoms of natural persons. EEA, UK, and Swiss residents may exercise their rights directly with our Privacy Officer at yepsavings@gmail.com; we will respond within one month (extendable by two further months for complex requests, with notice). If the volume or nature of EEA/UK processing materially changes, we will re-assess the Article 27 analysis and update this Policy.

Transfers from the EEA / UK to Canada. We rely on the European Commission’s adequacy decision for Canada (commercial organizations subject to PIPEDA) and the UK’s extension thereof. For onward transfers from Canada to third countries, see Section 3.

10. Sensitive personal information

Under the CPRA, “sensitive personal information” includes precise geolocation, account log-in credentials with required password, race or ethnic origin, religious beliefs, union membership, the contents of mail and messages not directed to us, biometric and genetic data, and certain health information.

We collect account log-in credentials (email plus password hash, or a federated identity token). We use these only to authenticate you and to operate the authentication and security functions of the Service. We do not use these credentials for inferring characteristics about you, and we do not disclose them except to service providers strictly necessary to deliver authentication and security (e.g., AWS for storage of the hashed credential record), and to the federated identity provider whose token you have presented.
We do not collect precise geolocation (GPS-level), biometric or genetic data, race or ethnic origin, religious beliefs, union membership, private communications content, or health information.

Because we do not use sensitive PI for any purpose other than the purposes listed in CPRA §1798.121(a) and its implementing regulations (providing the service requested, security, anti-fraud, short-term transient use, performing services on behalf of the business), no separate “limit use” request is required.

11. Do Not Sell or Share, GPC, and DNT

You can opt out of the sale or sharing of your personal information at any time by:

Clicking Do Not Sell or Share My Info in the site footer; or
Sending a Global Privacy Control (GPC) signal from your browser or browser extension. As required by 11 CCR §7025(c)(1) and equivalent universal-opt-out regulations in other states, we apply the opt-out (i) to the browser or device transmitting the signal, without requiring you to verify identity, including any pseudonymous consumer profile we associate with that browser or device based on cookie or device identifiers; and (ii) where you are signed in to a YepSavings account at the time the signal is received, to any consumer profile we associate with that account, so that the opt-out persists across the devices and browsers we have linked to it. If you are not signed in, we cannot link the signal to other devices; sign in to extend the opt-out to your full profile. We also notify the advertising third parties to whom we have sold or shared your personal information of your opt-out, to the extent required by 11 CCR §7026(f).

In regulated regions where our consent-management platform exposes a consent UI, the footer button opens that UI directly. Where the consent UI is not available, the footer button opens our Privacy Choices form, which prepares a structured email to our Privacy Officer; we will action your opt-out within 15 business days of receipt and confirm by reply. Once an opt-out is in effect, we will not re-request authorization to sell or share your personal information for at least 12 months, as required by 11 CCR §7026(c).

Do Not Track. We do not respond to browser DNT signals — see Section 7.

12. Automated decision-making and profiling

We use lightweight personalization (e.g., predicting which Costco warehouse to default you to, ranking deals on the home feed, ordering the deal grid) based on your past interactions with the Service. These are not decisions about access to rights, services, or eligibility; they are content-ordering choices that adjust what you see first.

GDPR Article 22. None of the personalization described above produces legal effects concerning you or similarly significantly affects you within the meaning of GDPR Art. 22, and none of it is made exclusively by automated means without the ability for a human to review or override the result.

Quebec Law 25 s. 12.1. The Quebec threshold is broader: it covers decisions based exclusively on automated processing of personal information. For clarity, the personalization described above is not a decision about you in the s. 12.1 sense—it is a presentation-layer adjustment based on aggregate and behavioural signals. We do not use automated processing as the sole basis for any decision that grants, denies, or modifies your rights, access to features, pricing, or services.

If you are a Quebec resident or otherwise have the right to be informed of automated decisions affecting you, you may request additional information about the personal information used and the principal factors and parameters that led to a decision affecting you, you may submit observations, and you may request human review. Contact our Privacy Officer.

13. Children’s privacy

The Service is intended for adults. We do not knowingly direct the Service to or knowingly collect personal information from:

Children under 13 (United States — COPPA);
Children under 14 (Quebec — Law 25 default threshold);
Children under 16 (European Economic Area — GDPR Art. 8 default; individual EU member states may set the applicable age lower, no less than 13. Where a member state has set a lower age, that lower age applies to residents of that state).

If you believe a child has provided personal information to us, please contact our Privacy Officer and we will delete the information promptly. Where parental consent is required by applicable law and we have not obtained it, we will not collect or use the information.

No sale or share of children’s data. We do not knowingly sell or share for cross-context behavioural advertising the personal information of consumers we have actual knowledge are under 16, as required by Cal. Civ. Code §1798.120(c).

14. Data retention

We retain personal information only as long as needed for the purposes described in this Policy, to comply with legal obligations, to resolve disputes, and to enforce our agreements.

Account record (email, profile, credentials) — for the life of the account; removed from active production systems on user-initiated deletion (see Section 18for backup, log, and analytics carve-outs).
Shopping list, watch list, preferences — for the life of the account; removed from active production systems on deletion.
Comments, likes, replies, notifications — for the life of the account; removed from active production systems on deletion.
Newsletter subscription — until you unsubscribe or delete your account, at which point the record is removed from our database and from MailerLite via their privacy-erasure API.
Sale Alert send history — 12 months, to enforce one-alert-per-sale-cycle limits and to demonstrate CASL compliance; then deleted.
Application activity records containing a direct account identifier — removed from active production systems on account deletion.
Deletion audit record — 2 years, containing only an HMAC-hashed identifier and the deletion timestamp (not your email), to demonstrate compliance with PIPEDA accountability.
Banned-user records — 3 years, to enforce platform safety where applicable.
Database backups — rolling 30-day window; your data persists in the most recent backups during that window and is automatically overwritten thereafter. Backups are used only for disaster recovery, never for business queries.
Payment records (Stripe) — held by Stripe under its own retention policy; we do not control Stripe’s retention.
Analytics events — Google Analytics 4 data retention is set to 14 months. Aggregated, non-identifying summaries may be retained longer.
Web server access logs — 90 days, for security and abuse investigation.

15. Security and breach notification

We implement administrative, technical, and physical safeguards proportionate to the sensitivity of the information and the risks it faces. These include encryption in transit (TLS), encryption at rest for databases and file storage, role-based access controls, audit logging, least-privilege credentials, and routine dependency patching. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

Breach notification. If we become aware of a breach of security safeguards involving personal information under our control and we determine that it poses a real risk of significant harm to an individual, we will:

Report the breach to the Office of the Privacy Commissioner of Canada and to other regulators as required by law;
Notify affected individuals as soon as feasible with the information required by PIPEDA s.10.1, including the nature of the breach, the personal information involved, the steps we are taking, and steps individuals can take to reduce the risk of harm;
Where notification to another organization, government institution, or part of a government institution may reduce the risk of harm or mitigate the harm (PIPEDA s.10.2), notify that organization or institution accordingly; and
Maintain a record of all breaches of security safeguards for at least 24 months, as required by PIPEDA s.10.3.

Equivalent notifications will be made under GDPR (within 72 hours to the lead supervisory authority where feasible) and under U.S. state breach-notification statutes that apply to the affected residents.

When you visit YepSavings while signed into a Google account, we may display a Google One Tap prompt. If you confirm the prompt or if auto-sign-in is enabled in your Google settings, we receive your verified email address, name, and profile picture from Google and use them to create or sign in to your YepSavings account.

We do not subscribe you to marketing emails through this flow — newsletter sign-up requires a separate explicit action.
You can disable Google One Tap at any time in your Google account settings (myaccount.google.com/security) and sign out of YepSavings from the menu.
Use of Google user data received via Sign-In or One Tap is subject to Google’s Limited Use requirements; we use this data only to authenticate you and to operate features you interact with.

17. Analytics and the User-ID feature

When you sign in to YepSavings, we associate your account’s internal numeric identifier with your activity in Google Analytics 4 so we can measure cross-device and cross-session behaviour. This identifier is not your email, name, or any personally identifying field — it is an internal surrogate key generated by our backend.

We do not share the user ID with advertising networks. To make this commitment operationally precise: our GA4 property is not linked to any Google Ads account; Google Signals and ads personalization features that would export user-identified data to Google’s advertising ecosystem are not enabled for this property; and the user ID is not transmitted to Ezoic, Meta, or any other downstream demand-side platform. The account-level “Google products & services” data-sharing toggle remains enabled at Google’s default, which allows Google to use aggregate Analytics data to improve Google’s own products; with no Google Ads link and Google Signals disabled, that toggle does not create a path from the user ID to any advertising surface or third-party advertiser.
We do not use the user ID for third-party ad targeting.
We do not sell the user ID.
You can opt out by signing out, by clicking Do Not Sell or Share My Info in the footer, or by installing the Google Analytics Opt-Out Browser Add-On (tools.google.com/dlpage/gaoptout).

For more information about Google Analytics, see Google Analytics Terms of Service.

18. Account deletion

You can request deletion of your account at any time using the Delete My Account option in the site menu. The request is processed immediately and is irreversible.

Account deletion, Premium cancellation, and Sale Alert unsubscription are three separate actions: unsubscribing from Sale Alerts does not cancel Premium, and cancelling Premium does not delete your account. If you have an active Premium subscription, cancel it before deleting your account. Payment records that we are required to keep are retained as described in Section 14.

When you delete your account, we permanently remove the following from our active production systems and (where applicable) from our email service provider (MailerLite):

Your account record (email, profile, login credentials);
Your shopping list, watching list, and saved preferences;
Your comments, likes, replies, and notifications;
Your newsletter subscription — deleted from both our database and from MailerLite via their privacy-erasure API;
Application activity records that contain a direct reference to your account identifier.

Carve-outs — data not removed at the moment of deletion, retained for clearly stated purposes:

Database backups — your data persists in the most recent rolling 30-day backup set and is overwritten on the normal cycle. Backups are used only for disaster recovery, never for business queries.
Web server access logs — pseudonymous logs (IP, user agent, request path) are retained for 90 days for security and abuse investigation, then deleted.
Google Analytics 4 events — events associated with your GA4 user-ID and underlying device cookies are retained by Google for up to 14 months and then automatically expired. On account deletion we delete the local mapping between your account and the GA4 user-ID, so the events in Google’s data are no longer linkable to you by us. If you wish the events themselves to be removed from Google’s data before automatic expiry, contact our Privacy Officer and we will submit a user-deletion request to Google Analytics for the corresponding user-ID. To expire the underlying device cookies on your end, clear cookies in your browser.
Deletion audit record — an HMAC-hashed identifier and the deletion timestamp are retained for 2 years to demonstrate compliance with PIPEDA accountability.
Banned-user records — if your account was banned for safety or terms violations, an enforcement record may be retained for up to 3 years.
Stripe payment records — if you ever made a purchase, Stripe retains transaction records under its own retention policy; we do not control Stripe’s retention.

The full retention schedule for each category is in Section 14.

If you do not have an account but have used the Service, you may still request deletion of personal information we hold about you (such as analytics events tied to your device identifier). Contact our Privacy Officer; we will verify the request to a reasonable degree of certainty and action it.

19. Email marketing and CASL

Our email program distinguishes three message types under Canada’s Anti-Spam Legislation (CASL, S.C. 2010, c. 23):

Service messages — account confirmation, password reset, deletion confirmation, security alerts, and other messages whose primary purpose is to facilitate, complete, or confirm a transaction or relationship you have initiated. These are not commercial electronic messages (“CEMs”) in the meaning of CASL s. 6(6) and do not require CASL consent. We send them on the basis of operating the Service.
CEMs sent under express consent — deal digests, newsletter, promotional messages. We send these only after you have provided express, informed, opt-in consent through an active sign-up. Pre-checked boxes and bundled consent are not used. You can withdraw consent at any time.
Sale Alert emails (Premium) — sent only when an item on your watch list goes on sale and you hold an active Premium subscription. By purchasing Premium and adding items to your watch list you expressly request and consent to these messages; we keep a record of that consent. Sale Alerts are delivered via Amazon SES (see Section 8). Every Sale Alert identifies us, includes our mailing address, and contains a one-click unsubscribe link that takes effect immediately. Unsubscribing from Sale Alerts is separate from the newsletter and does not cancel your Premium subscription.
CEMs sent under implied consent (limited and time-bound) — where CASL s. 10(9) permits implied consent based on an existing business relationship (e.g., a purchase within the preceding 24 months) or a conspicuous publication of your electronic address. We track the consent basis and expiry per recipient.

Every CEM we send identifies us, provides our contact information, and contains a working unsubscribe mechanism that takes effect within 10 business days, as required by CASL s. 6 and the Electronic Commerce Protection Regulations. You can also unsubscribe by replying with “unsubscribe” or by contacting our Privacy Officer.

20. Third-party links

The Service contains links to third-party websites (retailers, news outlets, brand pages, social media). We do not control those sites and are not responsible for their privacy practices. Review the privacy policies of any third-party sites you visit.

21. Changes to this policy

We may update this Policy from time to time. When we make changes, we update the “Last updated” date at the top. If a change is material — for example, expanding the categories of information we collect, adding a new processor or third party with access to identifying data, or adding a new purpose of processing — we will provide additional notice (a banner on the Service, an email to registered users, or both) and, where required by law, obtain renewed consent.

No retroactive reduction of rights. We will not apply a material change retroactively in a way that reduces rights you already have under this Policy or under applicable law without your consent or without the additional notice described above.

22. Contact and complaints

For questions about this Policy, to exercise a privacy right, or to file a complaint, contact our Privacy Officer:

Email: yepsavings@gmail.com (subject line: “Privacy Officer”)
Mail: Hisavings Internet Inc., #97 – 18843 8 Avenue, Surrey, BC V3Z 9R9, Canada.

If you are not satisfied with our response, you have the right to file a complaint with the relevant supervisory authority:

Canada: Office of the Privacy Commissioner of Canada.
British Columbia (for activities subject to BC PIPA): Office of the Information and Privacy Commissioner for British Columbia.
Quebec: Commission d’accès à l’information du Québec.
California: California Privacy Protection Agency or the California Attorney General.
EEA / UK: your local data protection supervisory authority.

Ezoic disclosure. Our website uses Ezoic to provide personalization, analytics, and ad management. Ezoic and its partners may use cookies and similar technologies to collect information about your visits, including browser type, operating system, pages viewed, time on site, and other traffic data, for analytics, content personalization, and targeted advertising. For more information see Ezoic’s privacy disclosure for yepsavings.com.