Effective: January 1, 2025·Last updated: May 21, 2026

Privacy Policy

Nikmani Inc. · Toronto, Ontario, Canada

The short version: Your financial data belongs to you. We encrypt it, we never sell it, and you can export or delete it whenever you want. Everything below explains the full details.

Who we are

Nikmani Inc. is a company incorporated in Ontario, Canada. We operate the Nikmani Locus platform — an AI-powered accounting and financial management service for Canadian small businesses, accessible at nikmani.com and app.nikmani.com.

For the purposes of Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, Nikmani Inc. is the organization responsible for the personal information it collects, uses, and discloses.

Questions about this policy can be directed to our Privacy Officer at contact@nikmani.com.

Information we collect

We collect information in three ways: what you give us directly, what we receive from services you connect, and what we collect automatically.

Information you give us directly

Account registration details — name, email address, and password (stored as a one-way hash)
Business information such as business name, type, and province
Billing information processed by our payment provider — we never store your full card number
Financial data you enter manually including transactions, invoices, assets, loans, and capital entries
Documents you upload such as receipts and bank statements
Communications you send us through support channels or email
Waitlist and contact form submissions

Information from connected services

Bank transaction data when you connect Canadian bank accounts through our banking integration partner (Plaid)
Transaction metadata including merchant names, amounts, dates, and categories
Account balance information used to power cash flow features

Information collected automatically

Log data including IP addresses, browser type, pages visited, and timestamps
Device information such as operating system and browser version
Usage patterns — which features you use and how frequently
Cookies and similar technologies (see Section 09)

We do not collect your Social Insurance Number, government-issued ID, or any information not necessary to provide the Nikmani service.

How we use your information

To provide the service

Creating and managing your account
Processing and categorizing your financial transactions
Generating financial reports, forecasts, and insights
Powering AI Consultant responses based on your actual data
Sending alerts about cash flow, overdue invoices, and tax estimates

To improve the service

Analyzing aggregated, anonymized usage patterns to understand how features are used
Improving AI categorization accuracy using anonymized transaction data (see Section 07)
Diagnosing and fixing technical issues

To communicate with you

Sending product updates and platform notices
Responding to your support requests
Sending legally required notices

We do not use your personal financial data for advertising, marketing to third parties, or any purpose beyond what is listed above.

Data storage and residency

Your account information and financial data is stored using Supabase, our database provider. We have configured our Supabase project to use infrastructure in Canada (ca-central-1, Montreal, Quebec) where available. Some platform components — including our AI model provider (Anthropic) and application hosting (Vercel) — may process requests on servers outside Canada.

When data is processed outside Canada, we ensure appropriate safeguards are in place, including data processing agreements and standard contractual clauses, consistent with Canadian privacy law.

We retain your data for as long as your account is active. If you close your account, we will delete your personal data within 90 days, except where we are legally required to retain certain records longer (for example, payment transaction records).

You can export all of your financial data at any time from within the platform's Settings.

Security

All data encrypted in transit using TLS 1.3
All data encrypted at rest by our infrastructure provider
Passwords stored as one-way hashes — we cannot read your password
Role-based access controls so team members see only what they need
Authentication managed through Supabase Auth with support for secure session tokens
All AI feature endpoints require an authenticated session — they cannot be called anonymously
Per-user data isolation in client storage — data is keyed to your account and cleared on sign-out

If a security breach occurs that poses a real risk of significant harm to you, we will notify you and, where required, the Office of the Privacy Commissioner of Canada within 72 hours of becoming aware of the breach.

If you believe there is a security vulnerability in the Nikmani platform, please report it responsibly to contact@nikmani.com.

AI and your financial data

What the AI does

Reads your financial data to generate answers to your questions in the AI Consultant
Analyzes transaction descriptions to suggest spending categories
Reviews spending patterns to identify unusual charges (anomaly detection)
Uses your financial context to generate monthly summary narratives

What the AI does not do

It does not make decisions on your behalf without your approval
It does not provide official tax or legal advice
It does not share your financial data with other Nikmani users
It does not permanently store your financial data server-side beyond your active session

AI processing and Anthropic

When you use AI features, your financial context is sent to Anthropic's API to generate a response. Anthropic does not use API-submitted data to train their models, per their usage policies. We do not store your AI conversation history on our servers beyond your session.

Model improvement

We may use anonymized, aggregated data to improve Nikmani's categorization accuracy over time. This process strips all personally identifiable information and all data that could be linked back to you or your business. If you do not want your anonymized data used for this purpose, contact us at contact@nikmani.com to opt out.

Your rights under PIPEDA

Right to access

Request a copy of the personal information we hold about you. We will respond within 30 days.

Right to correction

If information we hold is inaccurate, you can request a correction. Most can be updated directly in the platform.

Right to withdraw consent

Where we rely on consent, you can withdraw it at any time. This may affect your ability to use certain features.

Right to data portability

Export all your financial data at any time from Settings in standard formats. We will not hold your data hostage.

Right to deletion

Request deletion of your account and data. We will complete this within 90 days, subject to legal obligations.

Right to file a complaint

You may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

To exercise any of these rights, email contact@nikmani.com or use the account settings within the platform.

Quebec residents: You also have rights under Law 25 (Act respecting the protection of personal information in the private sector). Contact us at contact@nikmani.com with any questions about your rights under provincial law.

Cookies and tracking

Essential cookies

Required for the platform to function — keeping you signed in and protecting against security threats. You cannot opt out of essential cookies without losing access to the service.

Analytics

We do not use Google Analytics or similar invasive tracking. Any usage analytics we collect are aggregated and configured to minimize personal data collection.

No advertising cookies

We do not use advertising cookies. We do not allow third-party advertisers on our platform. We do not track you across other websites.

Children's privacy

The Nikmani platform is intended for adults operating businesses. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected personal information from a minor, we will delete it promptly.

Changes to this policy

When we make material changes, we will notify you by email at least 30 days before the changes take effect and update the date at the top of this page. Your continued use of the platform after the effective date constitutes your acceptance of the updated policy.

Third-party service providers

Each provider is bound by a data processing agreement limiting use of your data to delivering the service.

Provider	Purpose	Privacy policy
Supabase	Database, authentication, file storage	View →
Vercel	Application hosting and CDN	View →
Anthropic	AI features (AI Consultant, categorization, insights)	View →
Stripe	Payment processing	View →
Plaid	Bank feed integration (when connected)	View →

Contact us

For privacy-related questions, access requests, or to exercise any of your rights:

Nikmani Inc. — Privacy Officer

Toronto, Ontario, Canada

Email: contact@nikmani.com

We respond to all privacy-related inquiries within 10 business days. For formal access requests under PIPEDA, we respond within 30 days as required by law.

If you are unsatisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada.