GrabOn
Legal · GrabOn

Privacy Policy

Canada Cyber Tech Development Group Inc. ("CCTD", "we", "us", "our") operates the GrabOn platform from British Columbia, Canada. We respect your privacy and are committed to handling your personal information in accordance with the federal Personal Information Protection and Electronic Documents Act ("PIPEDA"), British Columbia's Personal Information Protection Act ("BC PIPA"), Quebec's Act respecting the protection of personal information in the private sector (as amended by Law 25), Canada's Anti-Spam Legislation ("CASL"), and, where applicable, the EU/UK General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA/CPRA"). This Privacy Policy explains what information we collect, why we collect it, how we use and share it, and the rights and choices you have.

Effective date: January 1, 2026 · Last updated: 2026-06-05

At a glance. We collect what we need to deliver the GrabOn services, prevent fraud, comply with the law and improve your experience. We do not sell your personal information. You can access, correct, export or delete most of your data from your account or by contacting legal@pitech.ca. Our Privacy Officer responds to all requests in writing within 30 days as required by PIPEDA and BC PIPA.

1. Who is the data controller

Canada Cyber Tech Development Group Inc. is the controller (or, under PIPEDA, the "organization") responsible for personal information processed through the Platform. Our registered office is 1814 Marine Dr, West Vancouver, BC V7V 1J6, Canada. Our Privacy Officer can be reached at legal@pitech.ca or by mail at the address above (Attention: Privacy Officer).

2. Personal information we collect

Information you provide

  • Account: name, email, phone number, password (stored only as a salted hash), date of birth (where required), city and preferred language.
  • Profile and content: avatar, display name, reviews, photos, ratings, applications (tasker, creator, realtor, merchant), business listings, listing photos and descriptions.
  • Transactions: purchase history, vouchers and gift cards, bookings, reservations, subscriptions, redemption codes, support tickets and correspondence.
  • Identity and KYC: where required for taskers, realtors, payouts, age-restricted offers, or compliance with anti-money-laundering laws, we (or our verification partners) may collect government ID, selfie, address and tax information.
  • Payment information: card brand, last four digits, expiry, billing postal/ZIP code and a tokenized reference. Full card numbers and CVV are handled directly by our PCI-DSS Level 1 payment processors (e.g. Stripe) and are never stored on our servers.

Information collected automatically

  • Device and connection: IP address, device type, operating system, browser, app version, language, time zone, crash logs and diagnostic data.
  • Usage: pages viewed, searches, clicks, scroll depth, referrer, deal interactions, redemption events, session identifiers and timestamps.
  • Location: with your permission, approximate or precise location to surface nearby deals, partner locations, fulfilment options and fraud signals. You can disable location at any time from your device settings.
  • Cookies and similar technologies: see our Cookies Notice.

Information from third parties

  • Social sign-in (Google, Apple, etc.): basic profile data and verified email, as you authorize on the consent screen.
  • Merchants and partners: redemption confirmations, booking statuses, fulfilment data, dispute information.
  • Payment processors, fraud-prevention vendors and identity-verification providers: risk scores, verification outcomes, sanctions/PEP screening results.
  • Analytics and advertising platforms: aggregated audience and attribution data.

3. Why we use your personal information (purposes and legal bases)

PurposeCategories usedLegal basis (PIPEDA/BC PIPA · GDPR equivalent)
Create and operate your account, deliver the Platform, process Orders, vouchers, gift cards, bookings and rewards.Account, transactions, payment, device, location.Consent on sign-up · Performance of contract.
Process payments, payouts, refunds and chargebacks, and prevent payment fraud.Transactions, payment, IP, device, KYC.Performance of contract · Legitimate interest · Legal obligation.
Verify identity for taskers, realtors, merchants, payouts and age-restricted offers.KYC, identity documents, selfie, sanctions screening.Legal obligation · Legitimate interest · Express consent.
Personalize content, recommendations and AI-powered picks; rank and surface deals.Usage, location, profile, transactions.Legitimate interest with opt-out · Consent where required.
Send transactional messages (receipts, booking updates, security alerts, refunds).Account, transactions, contact.Performance of contract · CASL transactional exemption.
Send marketing communications, promotions, surveys.Account, usage, preferences.Express or implied consent under CASL with unsubscribe link in every message.
Prevent, detect and investigate fraud, abuse, security incidents and breaches of our Terms.All categories.Legitimate interest · Legal obligation.
Comply with law, respond to lawful requests, enforce our rights.All categories.Legal obligation · Legitimate interest.
Improve the Platform, perform analytics and train internal machine-learning models (using de-identified or aggregated data where feasible).Usage, content, transactions.Legitimate interest with opt-out where required.

4. Cookies, analytics and advertising

We use first- and third-party cookies, SDKs, local storage and pixels to operate the Platform, remember preferences, measure performance and run marketing. You can manage cookies through your browser settings and through the cookie banner where available. For more detail, see our Cookies Notice. We honour Global Privacy Control ("GPC") signals where required by law as a request to opt out of targeted advertising.

5. How we share personal information

  • Merchants and partners you transact with, to fulfil your Order, booking or redemption (e.g. restaurant, hotel, event organizer, tasker, realtor, retailer, creator).
  • Service providers ("processors") acting on our written instructions: cloud hosting and CDN, payment processing (Stripe and others), email and SMS delivery, push notifications, customer support tools, mapping, identity verification, fraud screening, analytics and AI providers. They are bound by confidentiality and data-protection obligations and may use personal information only for the services they provide to us.
  • Corporate transactions: in connection with a merger, acquisition, financing, reorganization, sale of assets or insolvency.
  • Legal and safety: when required by law, court order, valid Canadian or foreign legal process, regulator request, or to protect rights, property, safety, or to prevent or investigate fraud.
  • With your consent for any other disclosure.

We do not sell your personal information for monetary consideration. Where the CCPA/CPRA defines certain advertising-related disclosures as "sharing" or "selling", you may opt out using the Do Not Sell or Share My Personal Information link or by sending a request to legal@pitech.ca.

6. International transfers and storage

CCTD is based in Canada. Your personal information is primarily stored and processed in Canada. Certain service providers may process personal information in the United States, the European Union, the United Kingdom or other countries. When personal information is transferred outside its country of origin, including outside Canada, it may be subject to access by the courts, law-enforcement and national-security authorities of that jurisdiction in accordance with the laws of that country. We use appropriate safeguards (such as Standard Contractual Clauses, the EU-U.S. Data Privacy Framework where applicable, and contractual data-protection terms) to protect your personal information.

7. How long we keep your information

We keep personal information only as long as necessary for the purposes set out in this Policy and to comply with our legal, accounting, tax and dispute-resolution obligations. Typical retention periods:

  • Account and profile data: while your account is active and up to 24 months after closure.
  • Transaction and tax records: at least 6 years (as required by the Income Tax Act (Canada) and the Excise Tax Act).
  • KYC and AML records: 5 years after the end of the business relationship, where applicable.
  • Marketing consent and unsubscribe lists: as required under CASL.
  • Security logs, fraud-prevention records and dispute records: up to 7 years.

De-identified and aggregated data may be retained indefinitely.

8. Your rights and choices

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you and how it has been used and disclosed (PIPEDA Principle 9; BC PIPA s. 23).
  • Correct personal information that is inaccurate or incomplete.
  • Withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawing consent may limit our ability to provide certain services.
  • Delete your account and request deletion of personal information, subject to retention obligations described above.
  • Port your data in a structured, commonly used format (where the right applies).
  • Object to processing based on legitimate interests or for direct marketing.
  • Opt out of marketing communications by clicking "unsubscribe" in any email or contacting us.
  • Not be subject to automated decision-making that produces legal or similarly significant effects without a human review (Quebec Law 25 and GDPR Art. 22). Where we use automated profiling for fraud-prevention, risk scoring, AI ranking or eligibility, we provide meaningful information about the logic involved on request.

To exercise any of these rights, email legal@pitech.ca. We will verify your identity before responding and reply within the time required by law (typically 30 days). If you are not satisfied with our response, you may contact:

  • Office of the Privacy Commissioner of Canadapriv.gc.ca.
  • Office of the Information and Privacy Commissioner for British Columbiaoipc.bc.ca.
  • The privacy authority of your province or country, including the Commission d'accès à l'information du Québec for Quebec residents.

9. Children

The Platform is not directed to children under the age of 16, and we do not knowingly collect personal information from them without verifiable parental consent. If you believe a child has provided personal information to us, please contact legal@pitech.ca and we will take appropriate steps to delete it.

10. Security

We implement administrative, physical and technical safeguards designed to protect personal information from unauthorized access, use, disclosure, loss or alteration. These include encryption in transit (TLS) and at rest where supported, role-based access controls, principle-of-least-privilege, audit logging, vendor due diligence, vulnerability scanning, secure software-development practices, and Row-Level Security on our database. No system is perfectly secure; we cannot guarantee absolute security. In the event of a privacy breach involving real risk of significant harm, we will notify affected individuals and the appropriate regulators as required by PIPEDA's mandatory breach-notification regime and BC PIPA.

11. Marketing and CASL

We send commercial electronic messages only with your express or implied consent under CASL. Every message identifies us, includes a valid mailing address and contact, and provides a working unsubscribe mechanism that takes effect within 10 business days. Transactional messages (receipts, booking updates, security alerts) are sent regardless of marketing preferences.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified by posting the revised Policy on the Platform and updating the "Effective date" above, or by additional notice (such as email or in-app banner) where required. Your continued use of the Platform after the effective date constitutes acceptance of the revised Policy.

13. Contact us

To contact our Privacy Officer:
Privacy Officer, Canada Cyber Tech Development Group Inc.
1814 Marine Dr, West Vancouver, BC V7V 1J6, Canada
Email: legal@pitech.ca · Phone: +1 (888) 808-8869