Privacy Policy
Last Updated: May 18, 2026
1. Introduction
Soni Tek Solutions Inc. ("we", "us", "our") operates myCPD (https://mycpd.ca). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service. We are committed to protecting your privacy and handling your data transparently. This policy applies to all users of the myCPD web application.
2. Information We Collect
Account Information: - Full name - Email address - Password (stored as a secure hash — we never see your actual password) - Professional credential type (e.g., RBA, BCBA, SLP) - Certificate number (optional) - Issuing regulatory body - Province CPD Activity Data: - Activity titles, descriptions, dates, and hours - Categories and subcategories - Provider information - Evidence notes Documents (Pro users): - Files you upload as evidence (certificates, receipts, agendas) - File metadata (name, size, type) Subscription Information: - Billing plan (Free or Pro) - Stripe customer ID (payment processing handled entirely by Stripe — we do not store credit card numbers) Technical Information: - Browser type and version - Device type - IP address (used for security purposes only) - Pages visited and features used (anonymized analytics)
3. How We Use Your Information
We use your information to: - Provide and maintain the Service - Process your CPD activity tracking - Generate PDF and Excel exports of your records - Process subscription payments via Stripe - Send transactional emails (password resets, subscription confirmations) - Send CPD deadline reminder emails (Pro feature — you can opt out) - Improve the Service based on anonymized usage patterns - Respond to support requests
4. Data Storage and Location
All data is stored in Canada using: - Supabase (hosted on AWS ca-central-1, Montreal region) for database and authentication - Supabase Storage (AWS ca-central-1) for uploaded documents Your data does not leave Canada unless you choose to download and share it yourself.
5. Data Security
We implement the following security measures: - All data transmitted over HTTPS (TLS encryption in transit) - Data encrypted at rest in the database - Row-level security (RLS) ensuring you can only access your own data - Secure password hashing (bcrypt via Supabase Auth) - Stripe handles all payment processing (PCI DSS compliant) No system is 100% secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security.
6. Data Sharing
We do NOT sell your personal information to anyone. We share data only with: - Stripe: For payment processing (name, email, subscription details). See Stripe's privacy policy at https://stripe.com/privacy. - Supabase: As our infrastructure provider (data processor). See Supabase's privacy policy at https://supabase.com/privacy. - AWS: As the underlying cloud hosting provider for Supabase (ca-central-1 region). We may disclose your information if required by law, court order, or governmental request.
7. CPD Data Is Not Patient Health Information
myCPD tracks your professional development activities — NOT patient data. CPD records (courses attended, hours logged, certifications earned) are professional records about YOU, not about your clients. myCPD is therefore NOT subject to PHIPA (Personal Health Information Protection Act) requirements that apply to patient health records. However, we still apply strong security practices to protect your professional information.
8. Data Retention
- Active accounts: Data retained for as long as your account is active - Deleted accounts: Data permanently removed within 30 days of account deletion - Cancelled Pro subscriptions: Data retained (you keep Free access to your records) Reminder: CPBAO requires registrants to maintain CPD records for a minimum of 5 years. We recommend keeping your own copies.
9. Your Rights
You have the right to: - Access: View all your data through the myCPD dashboard and activity log - Export: Download your data as PDF or Excel (Pro feature) - Correction: Edit any of your records at any time - Deletion: Delete individual activities or your entire account - Portability: Export your data before deleting your account To exercise any of these rights, use the in-app features or contact us at support@soniteksolutions.ca.
10. Cookies and Analytics
myCPD uses: - Essential cookies: For authentication and session management (required for the Service to function) - We do NOT use third-party advertising cookies - We do NOT use tracking pixels from ad networks We may use anonymized, aggregated analytics to understand how the Service is used and improve it. This data cannot identify individual users.
11. Third-Party Links
Our website may contain links to external websites (e.g., CPBAO, BACB). We are not responsible for the privacy practices of other websites.
12. Children's Privacy
myCPD is designed for regulated healthcare professionals. The Service is not directed at children under 18. We do not knowingly collect information from anyone under 18.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users at least 14 days before taking effect. The "Last Updated" date at the top indicates the most recent revision.
14. Contact Us
For privacy-related questions or concerns: Soni Tek Solutions Inc. Email: support@soniteksolutions.ca Website: https://mycpd.ca If you believe your privacy rights have been violated, you may also contact the Office of the Information and Privacy Commissioner of Ontario at https://www.ipc.on.ca.