Haystack Finds LogoHaystack Finds
130+ independent retailers in TorontoShop local, keep 6 times more money in our community
Back to home

Privacy Policy

Last updated: February 7, 2025

Summary

This Privacy Policy explains what personal information Haystack Finds ("we," "us," or "our") collects, how we use and share it, the choices you have, and how we secure your data. Our goal is to be transparent about our analytics (e.g. Google Analytics, Mixpanel), newsletter sign-ups, payment and subscription signup (including our use of Stripe), click and navigation tracking, and use of third-party services, while ensuring compliance with U.S. and Canadian privacy laws and best practices.

1. Who We Are and Where We Operate

We are Haystack Finds, Inc., "Haystack", operating the website www.haystackfinds.com (the Site) as a marketplace aggregating local Toronto businesses and their products.

We comply with the Personal Information Protection and Electronic Documents Act ("PIPEDA") for Canadian users and applicable U.S. laws for U.S. users.

2. Information We Collect

2.1 Information You Provide Voluntarily

  • Account & Profile Information: Name, email address, postal address, phone number, date of birth, and any profile details you choose to share when registering or subscribing to newsletters or creating accounts as part of your usage of the Site.
  • User-Generated Content: Photos, reviews, search queries, newsletter preferences, and messages you submit through the Site.
  • Communications: Records of your communications with us (e.g., support requests) and your responses to surveys or promotions.
  • Payment & Subscription Information: When you sign up for a paid subscription on the Site, we collect your name, email address, store or business name, and website URL. We do not collect, store, or have access to your full credit or debit card number, expiration date, or security code (CVC). Card details are entered into a secure payment form provided by our payment processor, Stripe, and are transmitted directly to Stripe. We only receive a payment method identifier from Stripe to charge your subscription.

2.2 Information We Collect Automatically

  • Usage Data: Pages viewed, search terms, clicks, navigation paths, access dates and times, and interaction with Site features (e.g., search filters).
  • Device & Technical Data: IP address, browser type and version, device identifiers, operating system, and crash or error reports.
  • Location Data: Approximate location inferred from IP address or device settings if enabled.
  • Cookies & Similar Technologies: We use cookies, web beacons, and local shared objects to remember preferences, measure Site usage, personalize content, and deliver targeted advertising.

2.3 Information from Third Parties

  • Third-Party Integrations: When you interact via Google, Facebook, or other log-in providers, we may receive profile and contacts data as permitted by you.
  • Service Providers: We work with analytics (Google Analytics, Mixpanel), hosting (Vercel), mapping (Google Maps), and other services who may collect and share data under contract to improve services and measure performance.
  • Payment Processor (Stripe): When you subscribe, our payment processor Stripe, Inc. collects and processes your payment card details and related transaction data. We receive from Stripe only non-sensitive billing information (e.g., that a payment succeeded, customer or subscription identifiers) as needed to manage your subscription. Stripe's collection and use of your data is described in their Privacy Policy: https://stripe.com/privacy.

3. How We Use Your Information

  • Provide & Improve the Marketplace: To operate the Site, fulfill search queries, process newsletter subscriptions, enable customer support, and enhance functionality.
  • Analytics & Research: To perform analytics, debug issues, conduct product research, understand usage patterns, and test new features.
  • Personalization: To tailor your experience, recommend local businesses or products, and display content based on your preferences and history.
  • Marketing & Advertising: To send promotional emails, newsletters, and push notifications; to measure and improve ad campaigns; and to administer referral or loyalty programs.
  • Security & Compliance: To prevent fraud, enforce our Terms of Service, comply with legal obligations, and protect the integrity of our community.
  • Payment & Subscription Management: To create and manage your subscription, process payments, send billing-related communications (e.g., receipts, renewal notices), prevent fraud, and comply with legal and financial obligations. Payment processing is carried out by Stripe on our behalf.

4. With Whom We Disclose Your Information

We share information with service providers and partners as needed to operate the Site and deliver services. In addition to the third parties described in Section 2.3, we disclose payment-related information as follows:

Stripe, Inc. — Our payment processor. We share with Stripe the billing information you provide (name, email, store name, website) and a payment method identifier so Stripe can process payments and manage your subscription. Your actual card details are disclosed by you directly to Stripe when you enter them into Stripe's secure payment form; we do not receive or store those details. For how Stripe collects, uses, and shares your information, see Stripe's Privacy Policy.

5. Security Practices

We do not store or transmit full card numbers or CVC. Card data is collected and processed by Stripe via their secure payment form and is subject to Stripe's PCI DSS–compliant environment. Our subscription and payment endpoints are protected with CSRF tokens, origin validation, and rate limiting, and we use HTTPS and standard security practices to protect the data we collect and store.

Contact Us

If you have questions or requests regarding this Privacy Policy or your personal data, please contact us:

Contact our Team