Cani.

Privacy Policy

Last updated: June 6, 2026

Cani Africa operates the CANI Tontine application for the Nigerien community in Canada. We act as data controller within the meaning of PIPEDA and Quebec's Law 25.

For any question: [email protected].

1. Data we collect

Only strictly necessary data is collected:

  • ·Account identifiers: email, full name, phone (optional).
  • ·Profile photo: voluntarily uploaded.
  • ·Limited financial information: contribution amounts, P2P payment status, voluntary Interac references.
  • ·Anonymized user identifier.
  • ·Diagnostic data: crash reports, performance traces, product interactions.

2. Purposes

We use your data to:

  • ·Authenticate without password via magic link and biometrics.
  • ·Create and manage tontines between members.
  • ·Facilitate P2P introductions without involvement in the transaction.
  • ·Send transactional notifications.
  • ·Detect and prevent fraud.
  • ·Improve the app via anonymized analytics.

3. Legal basis

Processing is based on your explicit consent and contractual necessity. Consent can be withdrawn at any time.

4. Retention

  • ·Notifications: 3 rolling years.
  • ·Financial audit log: 7 years (Canadian accounting practice).
  • ·User account: retained while active, deleted within 30 days of request.
  • ·Anonymized technical logs: 90 days maximum.

5. Your rights

Under PIPEDA and Law 25, you have the following rights:

  • ·Access your personal data.
  • ·Rectify inaccurate data.
  • ·Erase (right to be forgotten) — dedicated button in profile.
  • ·Portability in a common structured format.
  • ·Withdraw consent at any time.
  • ·File a complaint with the Office of the Privacy Commissioner of Canada or the Commission d'accès à l'information du Québec.

6. Security

  • ·TLS 1.3 encryption for all network traffic.
  • ·Local biometric authentication (Face ID / Touch ID / Android fingerprint).
  • ·Strict database-level isolation: each user can only access their own data.
  • ·Session tokens stored in the OS secure enclave.
  • ·No personally identifying information in technical logs.
  • ·Automatic lock after 15 minutes of inactivity.

7. International transfers

Application data is hosted exclusively in Canada. No transfer outside Canada occurs for this data. Push notifications and transactional emails transit through infrastructures consistent with PIPEDA and Law 25.

8. Cookies and trackers

The mobile app uses no web cookies. Usage analytics rely on an anonymized identifier and can be disabled at any time in Settings → Privacy → Analytics.

9. Minors

The service is strictly reserved for users aged 18 or older. No data from minors is knowingly collected.

10. Changes

Material changes will be notified by email at least 30 days before taking effect.