Tailio

Privacy Policy

Effective date: May 13, 2026  ·  Last updated: May 13, 2026

Tailio ("Tailio", "we", "us", or "our") is a pet-care management platform operated as a sole proprietorship by Pranav Shirole, based in Ontario, Canada. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information ("Personal Information") when you visit tailio.ca or use the Tailio web application (together, the "Service").

We comply with the Personal Information Protection and Electronic Documents Act ("PIPEDA"), Quebec's Act respecting the protection of personal information in the private sector, as amended by Law 25 ("Law 25"), Canada's Anti-Spam Legislation ("CASL"), and substantially similar provincial privacy legislation in British Columbia, Alberta, and elsewhere as applicable.

1. About this Policy & our role

Tailio is sold to pet-care businesses (the "Subscriber") who use the Service to manage their own customers ("End Clients") and the pets in their care.

  • For information about the Subscriber's account holders, billing, and Tailio website visitors, Tailio acts as the controller of Personal Information.
  • For information about End Clients and their pets that a Subscriber uploads to or generates within the Service, Tailio acts as a service provider on behalf of the Subscriber. The Subscriber is the controller of that information and is primarily responsible for the lawful basis of its collection, including obtaining any required consents from End Clients. End Clients with questions about that information should contact their pet-care business directly. If you contact us, we will route the request to the appropriate Subscriber.

2. Personal Information we collect

2.1 Information you provide directly

  • Account & profile data — name, email, password (stored hashed), profile photo, business name, organization role.
  • Business data — civic address, phone number, GST/HST registration number, banking details (provided directly to Stripe, never to Tailio).
  • End Client and pet records uploaded by a Subscriber — names, contact details, home access instructions, emergency contacts, veterinarian information, medications, and similar pet-care notes.
  • Visit content — report-card narratives, photographs (EXIF location data is stripped on upload), check-in/check-out times, and GPS coordinates when staff explicitly use the GPS check-in feature.
  • Communications — messages you send through in-app chat, email, or SMS via the Service, including attachments.
  • Support correspondence — anything you send to contact@tailio.ca.

2.2 Information collected automatically

  • Usage data — pages visited, features used, timestamps, referring URLs, and similar telemetry.
  • Device data — IP address, browser type, operating system, language preference.
  • Cookies and similar technologies — see section 11 below.
  • Error and performance data via Sentry (stack traces with limited contextual data).

2.3 Information from third parties

  • Stripe — confirmation of payment status and the last four digits of a payment method. Tailio does not see or store full card numbers.
  • Google — if you connect Google Calendar, we receive your calendar identifiers and event metadata scoped to your authorization.
  • Twilio — delivery receipts and inbound SMS sent to your dedicated business number.

3. Why we use Personal Information (purposes)

We use Personal Information only for the following identified purposes:

  • To create and administer your account and authenticate users.
  • To provide, maintain, and improve the Service, including scheduling, invoicing, tax calculation, communications, and reporting.
  • To process payments and remit applicable Canadian sales taxes.
  • To send transactional notifications (invoices, receipts, booking confirmations, password resets, security alerts) — these messages fall under CASL's transactional exemption and do not require express consent.
  • To provide customer support and respond to inquiries.
  • To detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Use.
  • To comply with legal obligations, including CRA invoicing and record-retention rules.
  • With your consent, to send marketing communications, product announcements, and survey requests.
  • To produce AI-generated content where you have enabled AI features (see section 10).

We will not use Personal Information for any new purpose materially different from those listed above without notifying you and, where required, obtaining your consent.

4. Legal basis & consent

We rely on your express consent for marketing communications and any sensitive Personal Information. For all other processing, we rely on implied consent reasonably necessary to provide the Service you have requested, on contractual necessity, or on compliance with legal obligations.

You may withdraw consent at any time, subject to legal and contractual restrictions and reasonable notice, by emailing contact@tailio.ca. Withdrawing consent for essential processing may mean we can no longer provide some or all of the Service.

5. Who we share Personal Information with

We do not sell Personal Information. We share it only as follows:

  • Service providers (sub-processors) who help us operate the Service — payment processing, hosting, file storage, SMS, email delivery, error monitoring, and AI generation. A current list is published at tailio.ca/legal/subprocessors.
  • Within your organization — information you create in the Service is visible to other members of your organization according to the permissions you grant them.
  • With the relevant Subscriber — if you are an End Client, information about you and your pet is accessible to the Subscriber providing your care.
  • To comply with law — including in response to subpoenas, court orders, or other valid legal process from Canadian authorities.
  • In a business transfer — in connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality obligations and notice where required.
  • With your direction or consent — for example, when you connect a third-party integration.

6. International transfers & data residency

We aim to host the production database and customer files in Canadian regions. However, several sub-processors operate from, or have access to data from, jurisdictions outside Canada, including the United States and the European Economic Area. When Personal Information is transferred outside Canada, it may be subject to lawful access requests from foreign authorities under the laws of that jurisdiction.

Before transferring Personal Information outside Quebec or Canada, we assess the protections in place and rely on contractual safeguards (such as data-processing addenda and standard contractual clauses). Quebec residents may contact us for additional information on cross-border transfers and the privacy-impact assessments we have conducted.

7. How long we keep Personal Information

  • Account & transaction records — for the duration of the subscription and for six (6) years thereafter, as required by Canada Revenue Agency record-keeping rules.
  • End Client and pet records — for as long as the Subscriber maintains them in the Service. On Subscriber termination, data is retained for ninety (90) days to allow export, then deleted (subject to legal retention obligations).
  • Marketing consent records — for the period the CASL consent is in effect plus three (3) years after withdrawal, to evidence compliance.
  • Server logs and security telemetry — up to twelve (12) months.

8. How we protect Personal Information

We use administrative, technical, and physical safeguards proportionate to the sensitivity of the information, including TLS 1.2+ encryption in transit, encryption at rest for databases and file storage, hashed passwords, role-based access controls, MFA for administrative accounts, audit logging on financial records, automated backups, and Sentry-based error monitoring. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

If a confidentiality incident creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada and/or the Commission d'accès à l'information as required by PIPEDA and Law 25, and maintain a register of confidentiality incidents.

9. Your privacy rights

Subject to legal exceptions, you have the right to:

  • Access the Personal Information we hold about you.
  • Correct Personal Information that is inaccurate, incomplete, or out of date.
  • Withdraw consent to processing where consent is the lawful basis.
  • Portability — receive a copy of computerized Personal Information you have provided in a structured, commonly used technological format (Law 25 s.27 and the forthcoming PIPEDA equivalent).
  • Deletion / de-indexation — request that we cease disseminating, or de-index, Personal Information in certain circumstances (Law 25 s.28.1).
  • Object to processing for direct marketing.
  • Lodge a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or, for Quebec residents, the Commission d'accès à l'information du Québec (cai.gouv.qc.ca).

To exercise any of these rights, email contact@tailio.ca. We will respond within thirty (30) days. We may need to verify your identity before acting on a request.

10. Automated decision-making & AI features

Tailio uses third-party large-language models (OpenAI and Mistral) to generate optional report-card narratives, invoice notes, marketing copy, and similar text on your prompt. These features:

  • do not make decisions that produce legal or similarly significant effects about you;
  • are not used to evaluate End Clients for credit, hiring, insurance, or other consequential outcomes;
  • are subject to human review by you before any AI-generated content is sent to a client.

We have contracted with our AI providers to not train their foundation models on your inputs or outputs. If we introduce automated decision-making that uses Personal Information to render a decision based exclusively on automated processing (Law 25 s.12.1), we will inform you at the time of the decision and provide an opportunity to make submissions.

11. Cookies and similar technologies

We use a small number of cookies and equivalent technologies, all strictly limited to operating the Service:

  • Session cookie — keeps you signed in.
  • CSRF token cookie — protects against cross-site request forgery on forms.
  • Theme preference — stored in your browser's localStorage to remember light/dark mode.

We do not use third-party advertising cookies or cross-site tracking. We do not load fingerprinting scripts. You may disable cookies in your browser, but the Service will not function without the session and CSRF cookies.

12. Children

The Service is intended for businesses and is not directed to individuals under the age of sixteen (16). We do not knowingly collect Personal Information from anyone under 16 (or, for Quebec, under 14 without parental consent). If you believe a child has provided us with Personal Information, contact us and we will delete it.

13. Quebec residents — additional Law 25 disclosures

If you are located in Quebec, the following applies in addition to the rest of this Policy:

  • Person in charge of the protection of personal information. Our Privacy Officer is the responsible person under Law 25 s.3.1. Contact: contact@tailio.ca.
  • Means of collection. We collect Personal Information directly from you when you create an account, use the Service, contact support, or subscribe to communications; from cookies and server logs as described above; from third-party service providers integrated at your request; and, where you are an End Client, from the Subscriber providing your pet-care services.
  • Communication outside Quebec. Personal Information may be communicated outside Quebec to the sub-processors listed at tailio.ca/legal/subprocessors. We conduct a privacy-impact assessment before any such transfer and rely on contractual protections.
  • Right to be informed of automated decisions — see section 10.
  • Right of access, rectification, portability, withdrawal of consent, and de-indexation / cessation — see section 9 above. We will respond within thirty (30) days. If we refuse a request, we will tell you why and how to appeal to the Commission d'accès à l'information.
  • Confidentiality incident register. We maintain a register of confidentiality incidents and will notify the CAI and affected individuals where required.

A French-language version of this Policy is available on request and will be made available in-product as part of our Bill 96 / Charter of the French Language compliance roll-out.

14. CASL — commercial electronic messages

Marketing emails and SMS from Tailio identify the sender, include a working unsubscribe mechanism, and are sent only with express or implied consent (CASL s.10). We record the date, source, and form of consent. You may unsubscribe from marketing at any time without affecting transactional messages such as invoices, receipts, and security notifications.

15. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify Subscribers by email and post a notice in the Service at least thirty (30) days before the change takes effect, unless a shorter period is required by law. The "Last updated" date at the top reflects the most recent revision.

16. How to contact us

Privacy questions, requests, and complaints can be sent to our Privacy Officer at contact@tailio.ca. Please put "Privacy" in the subject line so we can route your message appropriately.