Privacy Policy

Onist Technologies Inc. and its affiliates (collectively, "Onist", or "we") pride ourselves on our privacy practices. We are committed to being transparent about the personal information we collect, the manner in which such personal information is used by us and the limited circumstances in which some personal information may be disclosed. To help us meet this commitment to you, we have created this privacy policy (this “Privacy Policy”) and have appointed a Privacy Officer to ensure that any personal information you provide to us through our websites and our online platforms (collectively, the "Platforms") will only be collected, used and disclosed in accordance with this Privacy Policy. This Privacy Policy describes our personal information practices and other relevant considerations to ensure that the decisions you make regarding the personal information you populate into the Platform are as informed as possible.

References to “user”, “you” and “your” throughout this Privacy Policy are to you as a registered user of the Platforms.

1. Your Consent

This Privacy Policy governs your use of the Platforms. By registering a user account on the Platforms or otherwise accessing or using the Platforms you agree with the terms of this Privacy Policy as it may be modified from time to time and consent to the collection, use and disclosure of personal information in accordance with the terms of this Privacy Policy.

2. Adults Only

Due to the nature and sensitivity of the personal information that can be populated on the Platform, we do not permit minors to register for the Platform as a user. If you are a minor, you may only use the Platforms on behalf of a registered user who has attained the age of majority and only under such person’s supervision.

If you are under the age of 13 you may not provide any personal information about yourself. Onist does not knowingly collect, disclose or store personal information from children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with personal information, please contact us using our contact information provided in the “How to Contact Us” section below and provide us with as much information as reasonably necessary for us to locate and delete such personal information. In the event we become aware of a child under the age of 13 sending us personal information, we will delete such personal information as soon as possible.

3. What is Personal Information?

Personal information means information about an identifiable individual. If information can be traced back to an individual, either through a name, address or a combination of other data elements such as job, postal code and type of car, that information is considered personal information.

4. How do We Collect Your Personal Information?

The personal information residing on the Platforms is determined entirely by you and the other users. You decide what information to provide us with, either directly or indirectly. You directly provide us with your personal information by populating such information directly into the Platforms. You can indirectly provide us with your personal information in one of two ways:

  1. By permitting another user, such as your spouse or your accountant (see our discussion on Connections below), to populate information into the Platforms on your behalf; or
  2. By providing login IDs, associated passwords and instructions for the Platforms to retrieve your information from third party accounts.

When you register an account with Onist, you provide us with your account information which will include your name and email (together with any other information you provide at registration, your “Account Information”). You choose whether your Account Information will include additional types of information and when and how such additional information is provided. All personal information you enter into a Platform or which is entered into a Platform on your behalf (including your Account Information, data, passwords, materials and other content) is collectively referred to in this Privacy Policy as “Content”.

5. What Personal Information Do We Collect?

The personal information you populate will depend on how you wish to use the Platforms. For example, if you choose to use the Platforms to organize and communicate your financial data with your financial advisors, you and your advisors may populate various financial information about you and members of your family members including your/their bank account information, insurance policies, shareholdings, trading history and mortgage statements. By populating financial information and adding your financial advisor as a Connection, your advisor can have access to all relevant financial information to suggest products and activities that would benefit you, such as further diversifying your portfolio or reducing exposure to certain industries. The Service (as defined below) separates your Content into the following four modules (each a “Module”): (1) family module, which consists of personal information of you and your family, information about business entities you or your family own or are involved with, and your professional contact list, (2) net worth module, which consists of information about your financial accounts, including your assets and liabilities, (3) transaction activity module, which consists of information about your financial transactions, and (4) vault module, which consists of documents you, or other users you have granted permission to, upload onto the Platforms. You represent and warrant to us that you have obtained all required consents and are fully authorized to disclose all information populated into the Platforms including without limitation personal information of your family members and clients, as applicable. You further agree to indemnify and hold Onist, its affiliates, subsidiaries, partners, service providers, suppliers and contractors and each of their respective officers, directors, agents, and employees, harmless for any loss, cost, complaint, damage, claim or liability whatsoever arising from or in connection with your disclosure of such information in connection with your use of the Platforms.

6. Who are Connections?

As part of the functionality of the Platforms, you may provide other registered users with access to one or more Modules and/or certain individual resources (such as uploaded documents) through the Services (each such user is referred to as a “Connection”). You control who your Connections are and the level of access each Connection will have. For example, you may provide your broker or your financial advisor with access to your net worth Module and you may provide your spouse with access to your family Module. In addition, you may choose to provide a Connection with limited access (i.e. “read-only” access) or full access (i.e. “read and write” access, which includes the ability to add/edit/delete information) to a Module or an individual resource. If you provide a Connection full access to a Module or an individual resource, such Connection will be able to see all other Connections to whom you have provided access to such Module or individual resource.

The functionality of the Platforms allows you to provide Connections the ability to unilaterally share Modules or certain individual resources with third parties. You can provide a Connection such ability at such time as you provide such Connection access to the applicable Module or individual resource. For example, you may provide a Connection the ability to unilaterally share your net worth Module, but not your transaction activity Module. If you do not expressly provide a Connection the ability to unilaterally share a Module or an individual resource, such Connection may request to share their access to such Module or individual resource with third parties through the Platforms. In such an event, you will receive a notification advising of such access and, upon receiving the notification, you must expressly authorize or decline such third party’s access.

Please be cautious in providing Connection access and allowing a Connection to share your Content with third parties. While you can change a Connection’s access rights at any time, once you have provided a Connection or a third party with access to your Content, Onist has no control over the use and disclosure of the accessed Content by such Connection and/or third party. Please ensure that you are comfortable with the information practices of your Connections before providing them with access to your Content.

7. How Do We Use and Disclose Your Personal Information?

A. Provide You with the Services

Onist uses your personal information to provide you with the services rendered through the Platforms (collectively, the “Services”) including disclosing your personal information to its service providers as described below. This includes storing your personal information, using your third party account access information to retrieve your data from the relevant accounts in accordance with your instructions, making your personal information available to your Connections and allowing you and your Connections (provided you have provided them full access) to modify and update your personal information. We may also use your personal information to improve and customize the Services. Onist requests your first name and last name when you register. Onist also allows you to upload your profile picture. Your first name, last name and profile picture (if uploaded) will be shown to any registered user who requests to appoint you as a Connection. Onist will notify you about such a request and will ask for your approval. Your first name, last name and profile picture (if uploaded) will also be shown to any registered user who has full access to any Module or individual resource that is also shared with you.

B. Contact You

Onist uses your personal information to contact you in order to provide product information, newsletters, service updates, and notifications about the Service.

C. Allow You to Review Activity in Your Account

Onist automatically collects session information whenever you log onto and out of the Platforms. This information includes your browser’s type and version, your operating system’s type and version, your IP address, the time you logged in and the time you logged out. We collect this information as an additional security measure, to give you full visibility to your active sessions and your login history, to allow you to identify suspicious activity in your account, and, if needed, to delete an unrecognized session. Onist does not share this information with anyone but you, and you cannot share this information with your Connections.

D. Assist You with Technical Issues

Many technical issues can be resolved without looking into your personal information. Nevertheless certain technical issues might require Onist to access your personal information in order to analyze and fix them.

E. As Required By Law

Onist may use and disclose your personal information as required or permitted by law including, without limitation, in order to assist with a law enforcement investigation or comply with any subpoena, warrant or any judicial, administrative orders or demands.

F. Aggregated Data

If you elect to have the Platforms access information from third party accounts by providing the access information to such third party account, Onist’s service provider, Envestnet Yodlee, Inc. (“Yodlee”), will access such third party accounts for the purposes of retrieving the relevant information and making it available on the Platform. Except for such access information, Onist does not provide Yodlee any other information about you.

Yodlee creates anonymous information derived generally from your Content (“Aggregated Data”) and combines this Aggregated Data with other anonymous information in Yodlee’s possession (“Yodlee Data”). The Yodlee Data is an amalgam of anonymous information obtained from such sources. Yodlee uses Yodlee Data to improve Yodlee’s services, perform fraud screening, verify identities and verify the information contained in Yodlee accounts for use across the Yodlee network. Where permitted under applicable law, Yodlee may also separately sell, license, reproduce, distribute and disclose the aggregated, anonymous Yodlee Data. Even though the Yodlee Data does not contain your personal information, nor does it allow you to be attributed to any data, we wanted to make you aware of Yodlee’s anonymous data practices. You acknowledge that Onist has no control over the collection, use or distribution of Aggregated Data by Yodlee. When you close your Account with Onist, the anonymized data that was derived from your Content and combined into Yodlee Data will not be removed from Yodlee Data. Please do not provide access information to any third party account if you are not comfortable with Yodlee’s practices described in this paragraph.

8. The Protection and Security of Your Personal Information:

We implement and require our service providers to implement industry best practices appropriate to the sensitivity of your Content. We use and require our service providers to use administrative, technical, and physical safeguards to protect your Content against loss, theft, and unauthorized access, use, disclosure, copying, modification, disposal, or destruction in accordance with applicable legal requirements and industry best practices. These safeguards include, but are not limited to, token-based authentication, server hardening, running services in a virtual private cloud, encryption of data in transit and at rest, client side encryption, and audit trails. We train our employees to follow privacy and security practices specific to the Services. We also undertake security assessments to ensure that we maintain strong security controls.

Onist makes further distinction between your financial data, your uploaded documents and the rest of your personal information in an effort to ensure that no person, not even our employees, will be able to gain access to your financial data or to the content of the documents you store with Onist. Your financial data, your uploaded documents and the rest of your personal information are stored separately on two different sub-systems. Your financial data is fully anonymized when it is stored on our servers. The content of your documents is encrypted on your computer before it is uploaded to storage. Getting the full picture of your finances requires gaining access to both sub-systems. Such access is only given to your browser or the browser of your Connection(s) once you/they are logged onto the Platforms. Exceptional situations that require Onist to access your data, for example in order to fix certain technical issues, require our employees to follow a protocol that is fully audited and must involve more than one person.

9. Storage of your Personal Information

Your third party account access information is collected by Onist and transmitted through Onist’s systems to Yodlee for storage. Onist will not access your third party account access information. All other personal information will be stored by Onist on a collection of servers many of which are located outside of Canada, including the United States. As a result, your personal information will be used, stored and/or accessed in countries outside of Canada, including the United States. However, all such information will be protected in accordance with this Privacy Policy. Please note that when your personal information is located outside of Canada it will be subject to the laws of the country in which it is situated. Onist and Yodlee do not store any of your personal information on your device, although Onist may store session tokens in your browser’s local storage. Your personal information is encrypted during electronic transmission and when at rest.

10. Use of Session Tokens and Cookies

When you log onto the Platforms, a session token is created and stored on your device (in your HTML5 Local Storage). The token is valid for 24 hours. The token is not automatically sent to the server on every request like session cookies. Rather the token is only sent if the server has to authenticate you again. This happens if you actively refresh the page or try to open the page on a different browser tab or simply log out. You can disable the use of HTML5 Local Storage in your browser preferences, which will not affect the functionality of Onist, except for asking you to login again when the server has to authenticate you in the cases described above. Tokens stored in HTML5 Local Storage can only be accessed by pages from Onist. Your session with Onist will automatically log itself out after an inactive period of about 15 minutes. Onist also uses cookies in to track your activity on the Platforms. The cookies help Onist collect non-personally-identifying information, such as the browser type, language preference, referring site, and the date and time of each request. The information is fed to our web analytics tools and is used in order to learn about the usage of our product and improve our services. The cookies are deleted as soon as your web browser is closed. You can disable the use of cookies in your browser preferences. Your third party account access information is collected by an iframe, a popup window, that communicates directly with Yodlee. Yodlee uses cookies on this iframe (under Yodlee’s domain) to track the session of collecting your account access information. These cookies are deleted once the iframe is closed.

11. Retaining Your Personal Information

Onist will only retain your personal information as long as is necessary for the fulfillment of the purposes for which it was collected or as required by law. Your personal information is securely stored as described in this Privacy Policy until you close your account, after which it is destroyed, rendering it unable to identify you.

12. How you can update or remove your Personal Information

Depending on the relevant personal information, updates may happen automatically. For example, if you have enabled direct access to your bank account, your banking information will be updated each time it is accessed in accordance with your directions. If you wish to update your Account Information or other Content, you can do so directly through the Platforms. If you have any questions, please contact us using our contact information provided in the “How to Contact Us” section below. You can remove all of your personal information from the Platforms by closing your account as described in the Terms of Use.

13. Accessing Your Information and Addressing Your Privacy Concerns

You have the right to access personal information we hold about you and to have any concerns you may have over our policies and practices addressed. In addition, you have the right to obtain information regarding our policies and practices with respect to our use of service providers outside Canada, including Amazon. To access your information, discuss your concerns or learn more about our policies and practices please contact us using our contact information provided in the “How to Contact Us” section below.

14. Modifications

We reserve the right to modify this Privacy Policy at any time and, depending on the change, will notify you by posting a modified Privacy Policy on the Website or through the Platforms.

15. How to Contact Us

Any comments or questions regarding your personal information or our policies and practices with respect to your personal information may be directed to contact@onist.com.

Onist Technologies
192 Spadina #405
Toronto, ON
M5T 2C2