FANYA Privacy Policy
Operating entity: Hubb Harvest Inc., a corporation incorporated in Alberta in 2021 (Business Corporations Act of Alberta) and registered as a federal extra-provincial corporation in Canada, operating under the trade name FANYA
Address: 1162 Gyrfalcon Crescent NW, Edmonton, AB, T5S 0S1, Canada
Website: www.fanyablack.com
Data Controller: Mina Teufack
Version 3.0 | Updated: March 1, 2026 | Official Document
1. Introduction and Scope
1.1 Purpose of the Policy
This Privacy Policy (hereinafter "the Policy") describes how Hubb Harvest Inc., operating under the trade name FANYA (hereinafter "FANYA", "we", "our"), collects, uses, retains, protects, and shares your personal data when you use our digital matchmaking platform available at www.fanyablack.com and associated mobile applications (hereinafter "the Platform").
FANYA is committed to protecting your privacy and handling your personal data with the utmost care, in compliance with applicable Canadian and Quebec privacy laws.
1.2 Scope of Application
This Policy applies to:
- All persons who visit or use the FANYA Platform (www.fanyablack.com);
- All registered Users, whether they are Clients or Service Providers (Talans);
- All interactions with our services, our client support, and our marketing communications.
Additional Documents
This Policy forms an integral part of FANYA's contractual ecosystem and must be read in conjunction with:
- The Terms and Conditions of Use
- The Dispute Management and Mediation Policy
- The Cancellation and Refund Policy
1.3 Acceptance
By creating an account or using the Platform, you acknowledge that you have read, understood, and accepted this Policy. If you do not accept these terms, you must not use the Platform.
2. Definitions
In this Policy, the following terms have the meanings assigned to them below:
| Term | Definition |
|---|---|
| Personal data | Any information that directly or indirectly identifies a natural person (name, email, IP address, etc.). |
| Processing | Any operation performed on personal data: collection, recording, storage, use, disclosure, or deletion. |
| Data Controller | Hubb Harvest Inc. (FANYA), which determines the purposes and means of processing personal data. |
| User | Any natural or legal person who uses the FANYA Platform, as a Client or Service Provider (Talan). |
| Consent | A free, specific, informed, and unambiguous manifestation of will by which the User accepts the processing of their data. |
| Third Party | Any natural or legal person, other than the User and FANYA, to whom personal data may be disclosed. |
| Data Breach | Any security incident that accidentally or unlawfully results in the destruction, loss, alteration, or disclosure of personal data. |
| DPO | Data Protection Officer: Mina Teufack, designated officer within FANYA. |
3. Data Controller and Contact Details
3.1 Identity of the Controller
| Legal entity | Hubb Harvest Inc. (corporation, Business Corporations Act — Alberta, 2021; federally registered as extra-provincial) |
| Trade name | FANYA |
| Registered office | 1162 Gyrfalcon Crescent NW, Edmonton, AB, T5S 0S1, Canada |
| Website | www.fanyablack.com |
| Designated Officer (DPO) | Mina Teufack |
| Data protection email | privacy@fanyablack.com |
| General support email | support@fanyablack.com |
3.2 How to Contact Us
For any questions regarding this Policy or the exercise of your rights, you may contact our Data Protection Officer by the following means:
- Email: privacy@fanyablack.com (response within 10 business days)
- Postal mail: Hubb Harvest Inc. — Attention: Mina Teufack (DPO), 1162 Gyrfalcon Crescent NW, Edmonton, AB, T5S 0S1, Canada
- Via the "Privacy" form available at www.fanyablack.com/privacy
4. Legal Framework and Legal Bases
4.1 Applicable Laws
FANYA is a corporation incorporated in Alberta (2021) and operating nationally as a federally registered extra-provincial corporation. It is committed to complying with all applicable privacy laws, including:
| Law | Scope |
|---|---|
| PIPEDA — Personal Information Protection and Electronic Documents Act | Canadian federal law applying to private sector organizations that collect, use, or disclose personal information in the course of commercial activities. |
| Law 25 (Quebec) — An Act to Modernize Legislative Provisions as Regards the Protection of Personal Information | Modernization of the Quebec framework applicable to organizations that collect data from Quebec residents. Strengthens requirements for consent, transparency, and incident notification. |
| CASL — Canada's Anti-Spam Legislation | Governs commercial electronic communications and the installation of software on computer devices. |
| Personal Information Protection Act — PIPA (Alberta) | Alberta provincial law on the protection of personal information in the private sector, applicable to Hubb Harvest Inc. as a corporation incorporated in Alberta. |
4.2 Legal Bases for Processing
FANYA bases each processing of personal data on one of the following legal bases:
- Consent: you have given your explicit agreement for the processing (e.g., marketing communications).
- Performance of contract: the processing is necessary for the performance of the requested service (e.g., payment processing).
- Legal obligation: the processing is required to comply with a legal obligation (e.g., retention of tax data).
- Legitimate interest: the processing is necessary for FANYA's legitimate interests (e.g., Platform security, fraud prevention), provided these interests do not override your rights and freedoms.
5. Personal Data Collected
FANYA collects different types of personal data depending on your use of the Platform and your status (Service Provider or Client).
5.1 Data Collected for All Users
Identification information:
- First and last name
- Email address
- Phone number
- Profile photo (optional)
Connection and technical data:
- IP address
- Device type (computer, smartphone, tablet)
- Operating system
- Web browser type and version
- Navigation language
- Login date and time
Platform usage data:
- Pages visited and visit duration
- Clicks and interactions with features
- Searches performed
- Account preferences and settings
- Frequency and duration of use
5.2 Data Specific to Service Providers (Talans)
Professional information:
- Skills and areas of expertise
- Professional experience and background
- Portfolio (completed projects, work samples)
- Rates and availability
- Spoken and written languages
- Professional biography
Identity verification documents:
- Valid official photo ID (driver's license, passport, identity card)
- Recent proof of address (utility bill, bank statement) dated within the last 3 months
Confidentiality of identity documents: These documents are treated with strict confidentiality. They are used solely to verify your identity and are deleted after validation or securely retained in accordance with legal requirements. FANYA never shares these documents with third parties without your explicit consent.
Banking and payment information:
- Bank account information to receive payments (securely managed via Stripe Connect)
- Billing details
Banking data security: FANYA does not have access to complete bank account numbers. This information is processed directly by our secure payment partner Stripe Connect, in accordance with the strictest PCI-DSS standards.
Transaction data:
- History of services rendered
- Amounts billed and received
- Platform commissions and fees
- Ratings and reviews received
- Satisfaction rates and performance statistics
5.3 Data Specific to Clients
Payment information:
- Credit or debit card information (tokenized and secured by Stripe)
- Billing address
Payment data protection: FANYA never stores complete card numbers. Payment information is tokenized and processed by Stripe in accordance with the strictest PCI-DSS standards.
Transaction data:
- Order and purchased services history
- Amounts spent
- Ratings and reviews given
- Favourite Service Providers and wishlists
Location data (for tax obligations):
- Client's province or territory of residence (collected at registration and verified at each transaction)
- This information is used exclusively for the calculation and collection of applicable GST/HST and provincial taxes (QST in Quebec, PST in British Columbia, RST in Manitoba) in compliance with Canadian federal and provincial tax obligations.
Preferences and behaviours:
- Types of services sought
- Search criteria and filters used
- Browsing history and profile clicks
5.4 Communications Between Users
When you use FANYA's integrated messaging, we collect and retain:
- Content of messages exchanged between Service Providers and Clients
- Files and attachments shared
- Date and time messages were sent
- Message read status
Purpose: this data enables us to facilitate communication, resolve disputes, prevent fraud, and ensure Platform security.
5.5 Data We Do NOT Collect
What FANYA never collects:
- Social Insurance Number (SIN)
- Medical or health information
- Sexual orientation or intimate preferences
- Political or religious opinions
- Biometric data (fingerprints, facial recognition)
- Information about minors (the Platform is prohibited for those under 18)
6. Purposes and Legal Bases for Collection
FANYA collects and uses your personal data only for legitimate, transparent, and defined purposes. The table below provides a detailed overview:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Create and manage your account | Name, email, phone, password | Performance of contract |
| Facilitate connections | Profile, skills, portfolio, preferences | Performance of contract + Legitimate interest |
| Process payments | Banking information (via Stripe), transaction history | Performance of contract + Legal obligation |
| Verify Service Provider identity | ID document, proof of address | Legitimate interest + Legal obligation |
| Improve and personalize the experience | Usage data, preferences, behaviours | Consent + Legitimate interest |
| Communicate with you | Email, phone, communication preferences | Consent (newsletters) + Performance of contract (transactional notifications) |
| Prevent fraud and ensure security | IP address, connection data, suspicious behaviours | Legitimate interest + Legal obligation |
| Comply with our legal obligations | Tax data, financial transactions, identity | Legal obligation |
Data Minimization Principle: FANYA is committed to collecting only the data strictly necessary for the purposes described above. We do not collect data "just in case" or for undefined future purposes.
7. Data Sharing and Disclosure
7.1 General Principles
FANYA does not sell, rent, or transfer your personal data to third parties for commercial purposes. We share your data only in the following cases and within strictly necessary limits:
7.2 Service Partners (Sub-processors)
| Partner | Data Shared | Purpose |
|---|---|---|
| Stripe Inc. (USA) | Tokenized payment data | Secure payment processing — PCI-DSS compliant |
| o2switch SAS (France — EU) Siret: 510 909 807 00032 RCS Clermont-Ferrand |
Platform data (website, database, user files) | Hosting of the fanyablack.com Platform — 100% France servers, GDPR compliant |
| Analytics service (e.g. Google Analytics — anonymized) | Anonymized usage data | Platform improvement and user experience |
| Transactional email service | Email address, name | Sending notifications and communications |
All our sub-processors are bound by data processing agreements compliant with applicable laws and may only use your data for the purposes for which it was disclosed to them.
7.3 Sharing Between Users
In the normal course of Platform operation, certain profile information is visible to other Users:
- Service Provider public profile: name, profile photo, biography, skills, portfolio, rates, ratings
- Clients see Service Providers' professional information
- Service Providers see the name and basic contact information of Clients for ongoing projects
7.4 Legal Obligations
FANYA may disclose your personal data if required by law, including in response to:
- A court order or judicial authority
- A legal request from a governmental or regulatory authority
- The protection of the rights, property, or safety of FANYA, its users, or the public
7.5 International Transfers
FANYA uses two sub-processors involving transfers of personal data outside Canada:
| Sub-processor | Country | Data Transferred | Safeguards |
|---|---|---|---|
| o2switch SAS (Platform host) | France (EU) | All Platform data (profiles, messages, transactions) | 100% France servers, GDPR compliant (EU Regulation 2016/679). France is recognized by Canada as providing adequate protection. |
| Stripe Inc. | United States | Tokenized payment data only | Standard Contractual Clauses. PCI-DSS Level 1 certification. PIPEDA-compliant processing agreement. |
Important note on o2switch: Although France is an EU member state and not Canada, the level of protection offered by the European GDPR is recognized as substantially equivalent to Canadian requirements (PIPEDA). A Data Processing Agreement (DPA) compliant with PIPEDA and GDPR has been concluded with o2switch SAS.
8. Data Retention Periods
8.1 General Principle
FANYA retains your personal data only for as long as necessary for the purposes for which it was collected, or as long as required by applicable legal obligations. Upon expiration of these periods, data is securely deleted or anonymized.
8.2 Retention Schedule
| Data Type | Retention Period | Justification |
|---|---|---|
| Active account data | Account duration + 12 months | Allow for possible account reactivation |
| Transaction data and invoices | 7 years | Legal fiscal and accounting obligation in Canada |
| Identity documents (Service Provider verification) | Deleted after validation or max. 3 years | Identity verification — legal requirements |
| Communications and messaging | Project duration + 2 years | Resolution of potential disputes |
| Browsing data (cookies) | Maximum 13 months | Usage analysis and Platform improvement |
| Dispute data | 5 years after closure | Legal requirement for potential recourse |
| Ratings and reviews | Account duration + anonymization after closure | Maintaining Platform integrity |
| Rejected application data (Service Provider) | 6 months | Right to challenge and review |
| Client province/territory (tax data) | 7 years after transaction | Legal fiscal obligation — CRA and provincial authorities |
| Security logs | 12 months | Security incident detection |
8.3 Deletion and Anonymization
Upon expiration of retention periods:
- Data is securely and irreversibly deleted; or
- Data is anonymized (all identifying information is removed) for use for statistical purposes.
Exception to retention periods: If your data is subject to legal proceedings, an ongoing investigation, or a specific legal obligation, FANYA may be required to retain it beyond the periods indicated above, until the resolution of the relevant proceedings.
9. Your Personal Data Rights
9.1 Recognized Rights
In accordance with applicable Canadian and Quebec laws (PIPEDA and Law 25), you have the following rights regarding your personal data:
| Right | Description | How to Exercise |
|---|---|---|
| Right of access | Obtain confirmation of the processing of your data and access a copy thereof. | Email: privacy@fanyablack.com |
| Right of rectification | Correct inaccurate or incomplete data concerning you. | Via your account settings or by email |
| Right to erasure | Request the deletion of your data, subject to legal retention obligations. | Email: privacy@fanyablack.com |
| Right to portability | Receive your data in a structured, commonly used, machine-readable format. | Request by email — deadline: 30 days |
| Right to object | Object to the processing of your data based on legitimate interest, particularly for prospecting purposes. | Via your communication preferences or by email |
| Right to restriction | Request the suspension of processing of your data in certain circumstances (contestation of accuracy, etc.). | Email: privacy@fanyablack.com |
| Withdrawal of consent | Withdraw your consent at any time, without affecting the lawfulness of prior processing. | Via account settings or by email |
| Right to file a complaint | Contact the Office of the Privacy Commissioner of Canada or the Commission d'accès à l'information du Québec. | www.priv.gc.ca or www.cai.gouv.qc.ca |
9.2 Response Timelines
FANYA is committed to responding to any rights exercise request within a maximum of 30 calendar days from receipt of the request. In the case of a complex or numerous request, this deadline may be extended by an additional 30 days, with prior notification.
9.3 Identity Verification
To protect your data against unauthorized access, FANYA may ask you to verify your identity before processing your request. This verification may include providing proof of identity.
9.4 Limits on the Exercise of Rights
Certain rights may be limited in the following cases:
- Legal retention obligation (e.g., tax data retained for 7 years)
- Ongoing judicial proceedings requiring data retention
- Protection of the rights and freedoms of others
- Public interest or national security
10. Cookies and Tracking Technologies
10.1 What is a Cookie?
A cookie is a small text file placed on your device when you visit our Platform. Cookies allow FANYA to recognize your browser, remember your preferences, and improve your experience.
10.2 Types of Cookies Used
| Type | Description | Legal Basis |
|---|---|---|
| Strictly necessary cookies | Essential for Platform operation (authentication, security, payment cart). Cannot be disabled. | Legitimate interest (technical operation) |
| Performance cookies | Collect anonymized usage data to improve the Platform (e.g., most visited pages, errors). | Consent |
| Functionality cookies | Remember your preferences (language, region, settings) to personalize your experience. | Consent |
| Marketing cookies | Allow us to offer you relevant advertisements and measure the effectiveness of our campaigns. Not used by default. | Explicit consent |
10.3 Cookie Management
You may manage your cookie preferences at any time via:
- The cookie management panel accessible on our Platform: www.fanyablack.com/cookies
- Your browser settings (deletion, blocking, or restriction of cookies)
Please note: disabling certain cookies may affect the functioning of the Platform and your user experience.
11. Data Security
11.1 Technical Security Measures
FANYA implements appropriate technical and organizational security measures to protect your personal data against unauthorized access, loss, alteration, or disclosure:
- SSL/TLS encryption for all communications between your browser and our Platform
- Encryption of sensitive data stored in the database
- Two-factor authentication available for User accounts
- Strict access control — only authorized personnel access data
- Regular security audits and penetration testing
- Data backup on geographically separate servers
- Hosting on o2switch infrastructure (France, EU): automatic daily backups, Arbor Networks Anti-DDoS, WAF application firewalls, 24/7 monitoring
- SSL/TLS certificates included and managed by o2switch host (Let's Encrypt)
- Automatic snapshots enabling data restoration in the event of an incident
- Access and modification logs retained for auditing
11.2 Organizational Measures
- Mandatory staff training on data protection
- Confidentiality agreements signed by all FANYA employees and contractors
- Documented and tested incident management procedures
- Designated Data Protection Officer: Mina Teufack
No security is absolute: Although FANYA makes every effort to protect your data, no security system is infallible. In the event of an incident, FANYA undertakes to notify you in accordance with the legal obligations described in Section 12.
12. Incident Management and Data Breaches
12.1 Definition of an Incident
A privacy incident (or data breach) is any event that accidentally or unlawfully results in the destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to personal data processed by FANYA.
12.2 Internal Incident Response Procedure
| Phase | Actions | Timeline |
|---|---|---|
| 1. Detection | Identification and qualification of the incident by the security team | Immediate |
| 2. Containment | Isolation of affected systems, suspension of compromised access | Within 2 hours |
| 3. Assessment | Analysis of the scope, type of data affected, and risk to Users | Within 24 hours |
| 4. Regulatory notification | Notification to the Office of the Privacy Commissioner of Canada if the incident presents a real risk of serious harm | As soon as possible (Law 25 / PIPEDA) |
| 5. Notification to individuals | Informing affected Users if the incident is likely to cause them serious harm | Without undue delay |
| 6. Remediation | Correction of vulnerabilities, strengthening of security measures | Within 30 days |
| 7. Documentation | Complete incident report retained in FANYA's internal register | Permanent |
12.3 Content of User Notification
In the event of an incident affecting you, FANYA will notify you by email and/or Platform notification, indicating:
- The nature of the incident and the personal data concerned
- The likely consequences of the incident
- The measures taken or planned by FANYA to address it
- The measures you can take to protect yourself
- The contact details of the Data Protection Officer: Mina Teufack — privacy@fanyablack.com
13. Protection of Minors
The FANYA Platform is strictly reserved for persons aged 18 and over. FANYA does not knowingly collect personal data concerning minors (persons under the age of 18).
If you believe that a minor has created an account on our Platform or that we have collected personal data of a minor, please contact us immediately at privacy@fanyablack.com. We will take the necessary steps to delete this data as soon as possible.
14. Policy Amendments
14.1 Right to Amend
FANYA reserves the right to amend this Policy at any time to reflect changes in our practices, services offered, legal requirements, or recommendations from data protection authorities. The date of the most recent update is always indicated at the top of the document.
14.2 Notification of Amendments
In the event of a material amendment, FANYA will inform you by:
- Email sent to the registered address (minimum 30 days' notice)
- A visible banner on the Platform upon login
- Notification in your dashboard
14.3 Acceptance of Amendments
Your continued use of the Platform after the effective date of the amendments constitutes acceptance of the new version of the Policy. If you do not accept the amendments, you must stop using the Platform and terminate your account.
15. Contact Details and Recourse
15.1 Contacting FANYA
| Contact | Details |
|---|---|
| Data protection (DPO) | privacy@fanyablack.com |
| General client support | support@fanyablack.com |
| Legal inquiries | legal@fanyablack.com |
| Disputes and mediation | litiges@fanyablack.com |
| Postal address | Hubb Harvest Inc. — Attention: Mina Teufack, 1162 Gyrfalcon Crescent NW, Edmonton, AB, T5S 0S1, Canada |
| Website | www.fanyablack.com |
15.2 Data Protection Authorities
If you believe that FANYA has not respected your personal data rights, you may file a complaint with the competent authorities:
| Authority | Details |
|---|---|
| Office of the Privacy Commissioner of Canada | www.priv.gc.ca — 1-800-282-1376 |
| Commission d'accès à l'information du Québec (CAI) | www.cai.gouv.qc.ca — 1-888-528-7741 |
FANYA — Privacy Policy — Version 3.0 | March 1, 2026
© 2026 Hubb Harvest Inc. All rights reserved. | 1162 Gyrfalcon Crescent NW, Edmonton, AB, T5S 0S1, Canada