Deep Data

Trust Center

How we protect your data and maintain transparency

Last updated: April 21, 2026

Data Security

  • Passwords hashed with bcrypt
  • API keys stored as hashes
  • JWT tokens for authentication
  • All data transmitted over HTTPS (TLS 1.2+)
  • Rate limiting on all API endpoints

Infrastructure

  • PostgreSQL database with automatic backups
  • Data hosted in Canada
  • Monitoring and health checks
  • Separate prod/staging environments

Privacy & Compliance

  • PIPEDA compliant (federal privacy law)
  • Quebec Law 25 compliant
  • Minimal data collection — only what's needed
  • Cookie consent with granular settings (4 categories)
  • Right to delete your account and data
Read our Privacy Policy

Data Sources

  • All business data from public Canadian government open data, redistributed under source licences (OGL-Canada 2.0, CC BY 4.0, etc.) with attribution
  • Some records — sole proprietorships, partnership filings, director listings, charity T3010 returns — may contain personal information. We process removal requests under PIPEDA and Quebec Law 25 (see Privacy Policy §5)
  • AI-generated profiles include a disclaimer and must not be treated as verified fact

Third-Party Services

We use the following sub-processors to deliver our service:

ServicePurposeData Shared
StripePayments & subscriptionsEmail, payment details
Google OAuthSocial loginEmail, name
GitHub OAuthSocial loginEmail, username
Google GeminiCompany profile generationSelected company data is transmitted to Google for LLM processing when generating a company's profile summary. Search queries are parsed locally on our servers and are not sent to Google. If you are using Deep Data for confidential competitive intelligence or other sensitive work, treat generated company profiles as involving disclosure to Google.
ResendEmail notificationsEmail address

Incident Response

Our incident response process follows four stages:

1Detection
2Assessment
3Remediation
4Notification