Privacy Policy

17737734 Canada Inc., operating as Pluto ("we", "us", "our"), is a company federally incorporated in Canada. We operate the Pluto mobile app and web dashboard at plutosuite.com, providing bookkeeping, expense tracking, invoicing, mileage tracking, and team management tools for small businesses.

We are subject to Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. If you are located in the European Economic Area or United Kingdom, you may also have rights under GDPR — see Section 8.

For questions about this policy, contact us at privacy@plutosuite.com.

We collect information in three ways: information you provide directly, information generated by your use of the Service, and information from third-party integrations.

Account & Identity

• Name, email address, phone number
• Business name, address, business number (BN/ABN/EIN), website
• Profile and business logo images
• Authentication credentials (managed securely by Firebase Authentication — we never store your password)

Financial Data

• Receipts — images, PDFs, and the data extracted from them (merchant, amount, date, GST/tax)
• Transactions — amounts, descriptions, categories, dates
• Invoices — customer names, line items, amounts, payment status
• Bank account data synced via Plaid (see Section 5)
• Expense categories, labels, and tags you create

Location & Trip Data

• GPS coordinates recorded during active trip tracking sessions
• Trip start/end points, route, distance (km/miles), and duration
• Trip purpose, categories, and notes you add
• Location is only collected while you have an active trip recording — we do not track you in the background

Team & Labour Data

• Team member names, email addresses, and roles
• Shift times, durations, break periods, and notes
• Hourly wage rates (stored encrypted)
• Clock-in and clock-out timestamps

Usage & Device Data

• App and feature usage patterns (used only to improve the product)
• Device type, OS version, and app version
• Crash reports and error logs via Sentry
• IP address and general geographic region

We use the information we collect solely to operate and improve Pluto. Specifically:

• Provide, maintain, and improve the Pluto service
• Process and categorise your receipts, transactions, and invoices
• Generate financial reports, summaries, and GST/tax estimates
• Track mileage and calculate reimbursable distances
• Sync your bank transactions via Plaid
• Send invoices to your customers on your behalf
• Manage your team's schedules and payroll estimates
• Send you transactional notifications (shift reminders, payment confirmations, account alerts)
• Process your subscription payments via Stripe
• Detect and prevent fraud or unauthorised access
• Comply with legal obligations under PIPEDA and other applicable laws

We do not use your financial data to train AI models, sell to data brokers, or serve advertising. Your data is yours.

We do not sell your personal information. We share data only in the following limited circumstances:

Service Providers (Subprocessors)

We work with a small number of trusted third-party providers to operate the service. Each is bound by data processing agreements and may only use your data as directed by us:

• Firebase (Google) — authentication, push notifications, and crash reporting. Firebase processes your email address and device identifiers. Firebase is SOC 2 Type II certified.
• Plaid — bank account connectivity. Plaid connects directly to your financial institution; we receive read-only transaction data but never your banking credentials. Plaid is PCI DSS and SOC 2 Type II certified.
• Google Cloud Vision — OCR processing of receipt images. Images are sent to Google's Vision API for text extraction and are not retained by Google beyond the duration of the API call.
• Amazon Web Services (AWS) — cloud infrastructure and file storage for receipt images, logos, and export files. AWS is ISO 27001 and SOC 2 certified.
• Cloudflare — CDN, DDoS protection, and TLS termination for our API and web app.
• Stripe — subscription billing and payment processing. When you subscribe to Pluto Pro, your payment details are handled exclusively by Stripe. Pluto receives only a non-sensitive billing token — we never store raw card numbers. Stripe is PCI DSS Level 1 certified. Stripe's use of your data is governed by Stripe's Privacy Policy.
• SendGrid (Twilio) — transactional email delivery for invoice emails, notifications, and account communications. We provide only the recipient address and message content required to send each email.
• Sentry — error monitoring and crash reporting. Sentry receives anonymised crash data including stack traces and device context. It does not receive financial data.

Within Your Business

If you use Pluto in a team, other members of your business can see the data you've shared within your account, subject to role-based access controls. Owners and Admins have full access; Managers can see all team data; Accountants have read access to financial data; Employees can only access data relevant to their own work.

Business Transfers

If 17737734 Canada Inc. is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or in-app notification before your data is transferred and becomes subject to a different privacy policy.

Legal Requirements

We may disclose information if required to do so by law, court order, or a government authority, or where we have a good-faith belief that disclosure is necessary to protect the rights, property, or safety of Pluto, our users, or the public.

When you connect a bank account, Plaid acts as the intermediary between Pluto and your financial institution. Pluto receives read-only transaction data — we never store your bank login credentials. You can revoke bank access at any time from the Finance Settings screen in the app, which calls Plaid's item removal API and immediately stops further syncing.

Plaid's use of your data is governed by Plaid's End User Privacy Policy.

Pluto records GPS coordinates only when you explicitly start a trip recording session. We use device location services in "always on" mode during an active trip to capture the route accurately, but this stops the moment you end the trip. We do not collect background location data outside of active trips.

Trip GPS coordinates are stored on our servers to generate your route map and calculate distance. You can delete individual trips at any time from the app, which permanently removes the associated GPS data from our servers.

Pluto Suite Inc. is based in Canada. However, some of the third-party service providers we use — including AWS, Google (Firebase and Cloud Vision), Stripe, and SendGrid — are headquartered in the United States and may process your data on servers located in the US or other countries outside Canada.

When your data is transferred outside Canada, we rely on data processing agreements and appropriate safeguards (such as Standard Contractual Clauses where applicable) to ensure it continues to receive a level of protection consistent with PIPEDA. If you are in the EU or UK, these transfers are subject to the safeguards required under GDPR.

By using Pluto, you acknowledge that your data may be processed in the United States and other jurisdictions that may have different data protection laws than your country of residence.

Depending on your jurisdiction, you may have the following rights regarding your personal information. These rights apply under PIPEDA (Canada), GDPR (EU/UK), CCPA (California), and equivalent laws:

• Access: Request a copy of the personal data we hold about you.
• Correction: Ask us to correct inaccurate or incomplete data.
• Deletion: Request that we delete your personal data. You can delete your account directly from the app settings, or contact us.
• Portability: Request an export of your data in a machine-readable format (CSV export is available in-app for receipts, trips, and transactions).
• Restriction / Objection: Object to or request restriction of certain types of processing, including any direct marketing (we do not currently send marketing emails, but you have the right regardless).
• Withdrawal of consent: Where processing is based on consent (e.g. push notifications), you can withdraw consent at any time via your device or app settings.
• Lodge a complaint: Canadian residents may lodge a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca). EU/UK residents may complain to their local supervisory authority.

To exercise any of these rights, contact us at privacy@plutosuite.com. We will respond within 30 days (or within the timeframe required by applicable law).

• Active accounts: We retain your data for as long as your account is active and for a reasonable period afterward to allow you to recover it.
• Deleted items: When you delete a receipt, trip, invoice, or transaction, it is soft-deleted and excluded from views immediately. It is permanently purged from our databases within 30 days.
• Account deletion: When you close your account, your personal data is deleted within 30 days. We may retain anonymised aggregate data (e.g. total transaction counts) that cannot be linked back to you.
• Billing records: Records of subscription charges may be retained for up to 7 years to comply with tax and accounting obligations.
• Legal hold: In certain cases (e.g. ongoing legal disputes or regulatory investigations), we may be required to retain data for longer periods.

The Pluto web dashboard uses a small number of cookies and local storage entries strictly necessary to operate the service:

• Session authentication: Firebase Authentication stores a session token in browser local storage to keep you signed in. This is essential for the app to function and cannot be disabled while using Pluto.
• Two-factor authentication: A 2FA session token is stored in local storage for 30 days after you verify your identity, so you are not prompted on every login from a trusted device.
• UI preferences: Local storage may be used to remember display preferences (e.g. selected date range, last viewed section). This data never leaves your device.

We do not use advertising cookies, third-party tracking pixels, or cross-site tracking. We do not use Google Analytics or similar behavioural analytics on authenticated app pages. Our public marketing website (plutosuite.com) may use first-party analytics to understand aggregate traffic patterns — this data does not identify individual users.

You can clear cookies and local storage at any time via your browser settings. Doing so will sign you out of Pluto.

We implement industry-standard technical and organisational measures to protect your data, including TLS 1.2+ encryption in transit, AES-256 encryption at rest, role-based access controls, multi-factor authentication for internal systems, and continuous monitoring. For a full overview, see our Security page.

No method of transmission over the internet or electronic storage is 100% secure. While we work hard to protect your data, we cannot guarantee absolute security. If you discover a potential security issue, please report it to security@plutosuite.com.

Pluto is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us at privacy@plutosuite.com and we will delete it promptly.

We may update this Privacy Policy from time to time as we add new features, onboard new service providers, or respond to legal or regulatory changes. When we make material changes, we will notify you via email and/or an in-app notification at least 14 days before the changes take effect. The updated policy will be posted at plutosuite.com/privacy with a revised "last updated" date. Continued use of Pluto after the effective date constitutes acceptance of the updated policy.

For privacy-related questions, rights requests, or concerns: