AnyImmi
Template notice. This policy is a working draft. It must be reviewed by Canadian privacy counsel before launch and before it applies to real customer relationships. Do not rely on it as legal advice.

Legal

Privacy Policy

Last updated: April 18, 2026

1. Who we are

AnyImmi Inc. (“AnyImmi”, “we”, “our”) provides case management, trust accounting, IRCC forms, and AI drafting software to Canadian Regulated Immigration Consultants (“RCICs”) and their firms. Our customers are the firms; their clients' data is processed on their behalf as a service provider under Canadian privacy law.

2. What we collect

We collect information you give us directly, data your firm inputs into AnyImmi, and limited operational telemetry. In particular:

  • Account data — name, email, firm, CICC licence number, role, billing contact.
  • Client case data — applicant profiles, documents, IRCC forms, communications, trust ledger entries. Owned by the firm; we are a processor.
  • Usage telemetry — pages visited, features used, error traces. Used to operate and improve the service.
  • Payment data — handled by Stripe. We do not store full card numbers.

3. Where your data lives

All customer data is stored in AWS's ca-central-1 region (Montreal). Backups stay in Canada. Our default AI routing calls Canadian-region models. Cross-border AI processing requires explicit firm-level opt-in and is recorded in the audit log.

4. How we use data

  • To deliver the product your firm is paying for.
  • To secure the service and investigate abuse.
  • To meet our legal obligations and respond to regulators.
  • To improve AnyImmi — always on de-identified or aggregate data. We do not train models on customer content.

5. Who we share with

We share data only with vetted sub-processors listed on our security page. A Data Processing Addendum (DPA) is available to every paying firm on request.

6. Your rights

Under PIPEDA, Quebec Law 25, and applicable provincial laws, you may request access to, correction of, or deletion of your personal information. For client data, requests should be directed to the firm that uses AnyImmi — we will support that firm in responding.

7. Security

We operate with JWT-scoped row-level security, append-only audit logs, AES-256 encryption at rest, TLS 1.3 in transit, and a 21-field PII scrubber on any AI call that may leave Canada. See our security posture for specifics.

8. Retention

We retain customer data for the life of the subscription and for the retention window required by CICC Bylaw 6.3 — 7 years for case records, 10 years for trust accounting records. On firm termination we export the firm's data and schedule deletion after the regulatory window.

9. Contact

Questions about this policy or your data? Email legal@anyimmi.ca. Our privacy officer will respond within 10 business days.

10. Changes

We will post material changes to this page and, where required, notify firms in-app at least 30 days before they take effect.