SIA — Privacy Policy
Effective date: 2026-05-22
SIA (the "App") is operated by Elspeth Heyworth Centre for Women ("EHCW") in partnership with ThiefDroppers Inc. ("ThiefDroppers").
We take your privacy seriously. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over it.
We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal privacy law, and the Personal Health Information Protection Act (PHIPA) where applicable in Ontario.
If anything here is unclear, contact our Privacy Officer at info@ehcw.ca.
1. Quick summary
- We collect only what is necessary to give you the App and to keep you safe.
- We store all of your personal information in Canada (Montreal data centre on Google Cloud).
- We do not sell your data, ever.
- We do not show advertising in the App.
- We do not track you across other websites.
- Your conversations are private — EHCW staff cannot read them without your explicit consent.
- If our AI detects you may be in serious danger, an alert is sent to EHCW staff to follow up — this is the safety feature of the App and you consent to it by using SIA.
- You can delete your account at any time. You can download your data at any time.
2. Who is responsible for your data
| Role | Organization | Contact |
|---|---|---|
| Data Controller | Elspeth Heyworth Centre for Women | info@ehcw.ca |
| Data Processor | ThiefDroppers Inc. | support@thiefdroppers.com |
| Privacy Officer | EHCW Privacy Officer | info@ehcw.ca |
If you believe your privacy has been violated, you have the right to
complain to the Office of the Privacy Commissioner of Canada at
priv.gc.ca.
3. What information we collect
3.1 Information you give us directly
- Account info: email address, name, optional profile photo.
- Invite code: the code EHCW gave you when you signed up.
- Profile preferences: language, theme, notification settings.
- Journal entries: things you write in the Reflections module.
- Conversation messages: things you say to SIA.
- Budget transactions: income, expense, category, date (in the Budget module).
- Tasks: to-do items you add.
- Fact-check claims: claims you submit for verification.
- Emergency contacts: if you choose to add any.
3.2 Information we collect automatically
- Login events: when you sign in, from what general location (city-level), and what browser/device.
- Usage events: which modules you open, when (aggregated).
- Error logs: technical errors only, with no message content.
3.3 Information we receive from third parties
- Google or Apple identity (if you sign in via OAuth): your email, Google/Apple account ID, profile photo if public.
- Weather data (from WeatherAPI.com): based on a city you select.
We do not receive data from advertising networks or analytics brokers.
4. How we use your information
| Purpose | Examples |
|---|---|
| Provide the App | Display your journal entries, run conversations, save tasks |
| Keep you safe | The AI safety classifier reads each message you send in Reflections to detect high-risk indicators. If detected, an alert is sent to EHCW caseworkers so a counsellor can reach out. This is the App's core safety feature. |
| Improve the App | Aggregate, de-identified usage stats (e.g., "X members opened Recipes this week") |
| Communicate with you | Operational emails: account changes, security alerts |
| Meet legal obligations | Audit logs we are required to keep by law |
We do not use your data for:
- Advertising
- Selling to third parties
- Building a marketing profile
- Training general-purpose AI models
5. AI safety classification — important
When you send a message in Reflections, two things happen in parallel:
- The AI companion (SIA Guardian) generates a response to you.
- A separate safety classifier reads your message to determine if you may be in serious danger.
The safety classifier runs in Canada (Toronto region on Google Cloud's Vertex AI). It looks for indicators of intimate partner violence, coercive control, threats to your life, or other serious harm.
If the classifier judges your message as HIGH risk with an
immediate threat indicator, two things happen automatically:
- A record is written to our database (
sos_alertscollection) containing a PII-scrubbed excerpt of your message, the indicators detected, and a timestamp. - An email is sent to EHCW staff (
info@ehcw.ca) and to ThiefDroppers support (support@thiefdroppers.com) so a counsellor can follow up.
The excerpt sent to EHCW has names, phone numbers, addresses, and other identifying information automatically removed by Google Cloud's Sensitive Data Protection service before storage.
You consent to this safety routing by using the App. It is the App's purpose. You cannot opt out of safety routing while continuing to use Reflections — but you can opt out by deleting your account or by not using the Reflections feature.
If you want to use SIA's other features without safety routing, you can avoid using Reflections. The other modules (Weather, Recipes, Budget, etc.) do not run safety classification.
6. Who we share your information with
| Recipient | What we share | Why |
|---|---|---|
| EHCW caseworkers | Account profile (always); journals + conversations (only if you grant explicit consent); SOS alerts (always, when triggered) | To provide care |
| ThiefDroppers technical team | Pseudonymous user IDs, error logs (no message content) | To operate the App |
| Google Cloud Platform | Encrypted storage; AI processing | Hosting |
| Apple / Google | OAuth identity if you sign in via them | Authentication |
| Government or law enforcement | Only when required by law (court order, lawful access request) | Legal obligation |
| Advertisers, data brokers, marketers | Never | We do not do this |
We do not share your data with anyone else.
7. Where your data is stored
| Data category | Region | Why |
|---|---|---|
| Account profile, journals, conversations, budgets, tasks | northamerica-northeast1 (Montreal, Canada) |
PIPEDA compliance — Canadian data residency |
| SOS alerts | northamerica-northeast1 (Montreal, Canada) |
PIPEDA compliance |
| AI safety classifier processing | northamerica-northeast1 (Montreal, Canada) |
PIPEDA compliance |
| AI input/output safety filter (Model Armor) | northamerica-northeast2 (Toronto, Canada) |
Closest available; still in Canada |
| Background knowledge corpus (Duluth model, CLEO public materials, EHCW programs, anonymized DV case studies) | europe-west1 (Belgium, EU) |
This is the only piece of infrastructure currently hosted outside Canada because that GCP service is not yet available in our Canadian region. No personal information about you is in this corpus. |
The cross-border background corpus contains no personal information. The European Union has data protection laws (GDPR) considered comparable to PIPEDA. We will migrate this corpus to a Canadian region as soon as the relevant Google Cloud service is available there.
8. How long we keep your information
| Data | Retention |
|---|---|
| Account profile (active) | As long as your account is active |
| Account profile (after deletion) | Anonymized within 30 days; some audit-required fields retained per law |
| Journals, conversations | As long as your account is active; deleted with your account |
| Budget, tasks | As long as your account is active; deleted with your account |
| SOS alerts | 6 years after creation (PHIPA requirement when EHCW staff acted on them) |
| Audit logs (admin actions) | 7 years after creation (regulatory) |
| Login events | 90 days rolling; oldest auto-deleted |
| Error logs | 30 days rolling; oldest auto-deleted |
Retention timers run automatically. There is no human cleanup step.
9. Your rights under PIPEDA
You have the right to:
Know what personal information we have about you.
- In-App: Profile → Export my data → receive a JSON file.
Correct inaccurate information.
- In-App: Profile → edit your display name and other fields.
- For things you can't edit yourself (login email, etc.): email
info@ehcw.ca.
Withdraw consent.
- You can switch off journal sharing or conversation sharing in Settings. Safety routing for HIGH-risk messages cannot be withdrawn while you continue using Reflections (see Section 5).
Delete your account and all your data.
- In-App: Profile → Delete my account → confirm.
- Some legally-required records (audit logs) are anonymized rather than deleted, as Canadian and Ontario law require us to retain them.
Restrict processing.
- You can stop using a feature at any time. To stop ALL processing, delete your account.
Complain.
- To us:
info@ehcw.ca. - To the Office of the Privacy Commissioner of Canada:
priv.gc.ca. - To the Information and Privacy Commissioner of Ontario:
ipc.on.ca.
- To us:
We respond to all requests within 30 days.
10. Security
We use the following measures to protect your information:
- Encryption in transit (HTTPS / TLS 1.3 on all connections).
- Encryption at rest (Google Cloud default keys, FIPS 140-2).
- Access controls (Firebase Auth, admin allowlist, role-based permissions).
- Audit logging (every admin action is logged with the actor's identity).
- AI input safety filtering (Model Armor blocks prompt injection attempts before they reach the AI).
- PII scrubbing (Cloud DLP removes sensitive identifiers before alerts are stored).
- Multi-factor authentication required for all EHCW staff accessing your records.
- No raw message content in logs — we log structural events only.
No system is perfectly secure. If we ever experience a security breach that affects you, we will notify you within 72 hours (or sooner, if the breach involves health information under PHIPA, within 7 days of confirmation).
11. Cookies and tracking
The App uses only essential cookies (Firebase Auth session cookies). We do not use:
- Advertising cookies
- Cross-site tracking
- Analytics that identify you (we use Firebase to aggregate counts, but not individual behaviour)
- Third-party trackers
12. Children's privacy
SIA is not directed at children under 13. We do not knowingly collect
information from children under 13. If you believe a child under 13
has used SIA, please contact info@ehcw.ca and we will delete the
account.
The App is intended for use by women age 17+ who are EHCW members.
13. Changes to this policy
If we change this Privacy Policy, we will:
- Post the new version at this URL.
- Update the "Effective date" at the top.
- Notify you in the App and by email at least 30 days before any change that materially affects how we use your personal information.
You can always view the current version at
app.sia.thiefdroppers.com/privacy.
14. Contact
EHCW Privacy Officer
- Email:
info@ehcw.ca - Postal: [EHCW mailing address — to be confirmed]
Office of the Privacy Commissioner of Canada
- Web:
priv.gc.ca - Phone: 1-800-282-1376
Information and Privacy Commissioner of Ontario
- Web:
ipc.on.ca - Phone: 1-800-387-0073
15. Glossary
- Personal information — information about an identifiable individual.
- De-identified information — information from which all personal identifiers have been removed.
- PIPEDA — Personal Information Protection and Electronic Documents Act, Canada's federal privacy law.
- PHIPA — Personal Health Information Protection Act, Ontario's health privacy law.
- GDPR — General Data Protection Regulation, the EU's privacy law; relevant because some background data is stored in the EU.
- SOS alert — automatic safety notification to EHCW staff when the AI detects high-risk indicators in your message.
- PII scrubbing — automatic removal of personally identifying information (names, phone numbers, addresses) from stored records.
This Privacy Policy was prepared with reference to PIPEDA's 10 Fair Information Principles, PHIPA's Ontario requirements, and Google Cloud's Customer Data Processing Addendum.