Privacy Policy
Effective date: May 20, 2026 · Last updated: May 20, 2026
UFill ("UFill", "we", "us", "our") helps people organize and autofill Canadian immigration forms (study permits, work permits, visitor visas, PR and related applications). We take the privacy of your personal information seriously and this policy explains what we collect, why we collect it, how we store it, and the rights you have over it.
This policy is written to comply with:
- Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
- The European Union's General Data Protection Regulation (GDPR)
- The California Consumer Privacy Act (CCPA / CPRA)
- Applicable rules of Immigration, Refugees and Citizenship Canada (IRCC) and the College of Immigration and Citizenship Consultants (CICC) where licensed consultants use the platform on behalf of clients.
1. Who is the controller of your data
UFill acts as the data controller for the personal information you provide directly to the platform. When a licensed immigration consultant or law firm ("Agent") invites you to share information with them through UFill, that Agent becomes a joint controller for the information you choose to share with them.
Privacy questions or requests can be sent to our Privacy Officer:
Email: privacy@ufill.app
2. Information we collect
2.1 Information you provide
- Account information: name, email address, password (hashed), language preference.
- Immigration profile: personal identity (full name, date of birth, gender, country of birth), passport details, contact and address history, family members, travel history, employment and education history, Canadian identifiers (UCI, IRCC application numbers) — only the fields you choose to fill in.
- Documents you upload: passports, PALs, proof of funds, letters of acceptance, medicals, biometrics receipts and any other files you add to your Document Vault.
- Application data: checklists, deadlines, tracker entries, notes and answers used to populate IRCC forms.
- Billing information: plan and subscription status. Card details are processed directly by Stripe and are never stored on our servers.
- Communications: support emails and messages you send us.
2.2 Information collected automatically
- Usage data: pages visited, features used, error reports, approximate location derived from IP address.
- Device data: browser type, operating system, device identifiers.
- Analytics and advertising: Google Analytics and Google Ads cookies (only with your consent where required).
2.3 Sensitive information
Passport numbers, government identifiers, biometric receipts and medical exam receipts are treated as sensitive personal information. We apply additional safeguards (encryption in transit and at rest, restricted access, audit logging) and we never use these fields for marketing, profiling or advertising.
3. Why we collect it (purposes and legal basis)
| Purpose | Legal basis (GDPR) |
|---|---|
| Create and operate your account | Performance of a contract |
| Organize your immigration profile and autofill IRCC forms | Performance of a contract |
| Send service emails (deadlines, expiries, password reset) | Performance of a contract |
| Share your profile with an Agent you explicitly authorize | Your consent |
| Process payments and prevent fraud | Performance of a contract / legal obligation |
| Improve the product, fix bugs, prevent abuse | Legitimate interests |
| Marketing communications | Your consent (opt-in, withdrawable any time) |
| Comply with Canadian law, court orders or IRCC requirements | Legal obligation |
4. How long we keep it
- Active accounts: we keep your information for as long as your account is open.
- Closed accounts: we delete your immigration profile and documents within 30 days of account deletion, except where retention is legally required.
- Files shared with a licensed Agent: the Agent's professional obligations under CICC require client file retention for up to 10 years after the file is closed. During that period your file may remain accessible to the Agent.
- Billing records: retained for 7 years for tax and accounting purposes.
- Backups: deleted data persists in encrypted backups for up to 30 additional days before being purged.
5. Who we share it with
We do not sell your personal information. We share it only with:
- Agents you explicitly invite or accept — only the fields you authorize.
- Service providers (processors) bound by data processing agreements:
- Lovable Cloud / Supabase — database, authentication, file storage (hosted on AWS, primary region: North America).
- Stripe — payment processing.
- Lovable AI / OpenAI / Google — AI-assisted writing (drafts only, no document storage by the provider).
- Resend / email provider — transactional emails.
- Google Analytics & Google Ads — anonymized usage statistics (consent-gated).
- Legal authorities when required by Canadian law, valid court order, or to protect the safety of users.
- A successor entity in case of merger, acquisition or sale — you will be notified in advance.
6. Where your data is stored (international transfers)
Your information is primarily stored on servers in Canada and the United States. When we transfer data outside your country of residence (for example for EU users whose data is processed in North America), we rely on the European Commission's Standard Contractual Clauses and equivalent safeguards required by PIPEDA, GDPR and other applicable laws.
7. How we protect it
- Encryption in transit — all traffic uses TLS 1.2+.
- Encryption at rest — AES-256 on disk for database and file storage.
- Row-Level Security — every database query is scoped to your user ID; no user can read another user's records.
- Private document storage — your uploaded files require an authenticated, signed URL to be retrieved.
- Access controls — only authorized staff with a documented need can access production systems, with audit logging.
- Breach notification — if a breach creates a real risk of significant harm to you, we will notify you and the Office of the Privacy Commissioner of Canada (under PIPEDA) and the relevant EU supervisory authority within 72 hours (under GDPR).
8. Your rights
Under PIPEDA, GDPR, CCPA/CPRA and other applicable laws, you have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your account and personal information ("right to be forgotten").
- Export your data in a machine-readable format (data portability).
- Restrict or object to certain processing, including marketing.
- Withdraw consent at any time where processing is based on consent.
- Not be discriminated against for exercising your privacy rights.
- Lodge a complaint with a supervisory authority (see Section 13).
To exercise any of these rights, email privacy@ufill.app. We respond within 30 days (PIPEDA) or 45 days (CCPA), and may ask you to verify your identity before acting on the request.
9. California residents (CCPA / CPRA)
In the past 12 months we have collected the categories of personal information listed in Section 2. We do not sell or share your personal information for cross-context behavioural advertising. California residents have the right to:
- Know what personal information we collect, use and disclose.
- Delete personal information we have collected.
- Correct inaccurate personal information.
- Limit the use of sensitive personal information (such as your passport number).
- Opt out of any sale or sharing — although we do not engage in such activities.
To exercise these rights email privacy@ufill.appor use our Do Not Sell or Share My Personal Information link in the footer.
10. Cookies and tracking
We use a minimal set of cookies for authentication, session management, and (with consent where required) analytics and advertising performance through Google Analytics and Google Ads. You can decline non-essential cookies and still use the service. You can also disable cookies in your browser settings at any time.
11. Children
UFill is intended for users 18 years and older. Family members under 18 may be listed in your immigration profile as part of an application, but only the account holder may create an account. We do not knowingly collect personal information directly from children.
12. Important disclaimers
UFill is not a law firm, is not a licensed immigration consultancy, and is not affiliated with IRCC or the Government of Canada. UFill is a software tool that helps you organize and prepare information. We do not provide legal advice. For legal advice about your immigration matter, consult a lawyer or a consultant in good standing with the College of Immigration and Citizenship Consultants (CICC).
13. How to file a complaint
You can always contact us first at privacy@ufill.app. You may also contact:
- Canada: Office of the Privacy Commissioner of Canada — priv.gc.ca
- European Union: Your national Data Protection Authority — edpb.europa.eu
- United Kingdom: Information Commissioner's Office — ico.org.uk
- California: California Privacy Protection Agency — cppa.ca.gov
14. Changes to this policy
We may update this policy from time to time. We will post the updated version on this page and update the "Last updated" date. If the changes are material we will notify active users by email at least 14 days before they take effect.
15. Contact
UFill — Privacy Officer
Email: privacy@ufill.app
Website: ufill.app