TiffinGrab

TiffinGrab

TiffinGrab · Ontario, Canada

Privacy policy

Effective: April 6, 2026 Last updated: April 6, 2026 PIPEDA aligned
Commitment: TiffinGrab protects personal information in line with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Ontario law. This policy explains what we collect, how we use it, and your rights.

§ 1 Information we collect

1.1 You provide

  • Identity: name, phone, email;
  • Delivery: address, unit, access notes;
  • Orders: plan, preferences, order history, optional dietary notes; and
  • Messages: email, WhatsApp, contact form.

1.2 Payments

Card data is processed by our PCI-DSS compliant processor (e.g. Stripe). We do not store full card numbers, CVV, or banking credentials on our servers.

1.3 Technical data

We may collect IP address, browser, device, pages viewed, and timing via cookies and server logs.

§ 2 How we use information

We use personal data to:

  • Process, fulfil, and deliver orders;
  • Manage subscriptions and accounts;
  • Send operational updates (delivery, schedule changes);
  • Respond to support requests;
  • Meet legal obligations in Ontario and Canada;
  • Detect fraud, chargebacks, and abuse; and
  • Improve our service using aggregated or anonymized analytics.
Marketing: Promotional messages only if you opt in. Unsubscribe anytime (link or reply instructions). We do not send unsolicited marketing without consent.

§ 3 We do not sell your data

Explicit commitment: TiffinGrab does not sell, rent, trade, or transfer your personal information to third parties for their marketing or advertising.

§ 4 Limited sharing

We share data only as needed:

  • Delivery: name, address, instructions to complete delivery;
  • Payments: transaction data with the processor;
  • Legal: when required by law or valid legal process; and
  • Business transfers: a successor must honour similar protections.

Processors and partners are bound to confidentiality and purpose limitation.

§ 5 Security

We use reasonable technical and organizational measures, including TLS in transit, access controls on a need-to-know basis, and PCI-compliant payment infrastructure. No online system is perfectly secure; we will notify you of breaches as required by law.

§ 6 Retention

We keep data while your account is active and up to three years after your last transaction where needed for accounting, tax, and disputes. Communications tied to complaints may be kept up to five years. After that, data is deleted or anonymized where permitted.

§ 7 Your rights (PIPEDA)

You may request access, correction, deletion (subject to legal holds), and withdrawal of consent for non-essential uses. You may complain to the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Email info@tiffingrab.ca with subject “Privacy Request”. We aim to respond within 30 days.

§ 8 Cookies & tracking

We use essential cookies for site operation, and may use analytics cookies in line with our configuration. You can control cookies in your browser; disabling some may affect functionality.

§ 9 Children’s privacy

Our services are not directed to children under 18. If you believe a minor submitted personal data, contact us and we will delete it promptly where appropriate.

info@tiffingrab.ca