1who we are
Substrat Innovations Inc. ("substrat", "we") builds accounting infrastructure — a headless accounting kernel and the hosted services around it. We are based in Victoria, British Columbia, Canada, and our services are hosted on AWS in Canada. For anything in this policy: hello@thesubstrat.com.
2scope
This policy covers (a) this website, (b) our demo and sandbox programs (including the design-partner real-import sandbox, where offered), and (c) inquiries you send us. It does not cover production customer tenants — those are governed by the customer agreement and data-processing addendum signed with each customer, which take precedence for that data.
3what we collect
On this website: standard request data and campaign/referrer parameters (UTM). If we run analytics, we use privacy-focused, cookie-light tooling (first-party or equivalent) — no cross-site tracking, no fingerprinting, no advertising pixels. Country-level location may be inferred from your IP at request time for routing and is not retained.
If you start a demo or sandbox (explicitly, with your consent at the point of entry):
- your email and, if you provide it, your company URL and answers you type into the demo chat or forms;
- public information about your company — your public website and your company's public LinkedIn page. Company-level only: we never collect employee profiles or employee names;
- engagement data in your sandbox (features used, navigation) and your chat history;
- a consent record (timestamp, policy version, IP, user-agent) — kept as the audit trail of your agreement.
If you join the design-partner program and connect QuickBooks Online or Xero, we import your accounting data read-only into an isolated sandbox tenant — see section 10.
4what we don't collect
- Nothing behind a login wall — no LinkedIn employee profiles, no Glassdoor, no paid people-databases.
- No purchased contact or enrichment data (no ZoomInfo/Apollo-class sources).
- No employee names, even from public pages — company-level information only.
- No customer or vendor lists of your company, and no scraping of your real financial figures for the demo — demo datasets are synthetic, generated to mirror your company's likely shape, not its actual records.
- No tracking pixels beyond UTM/referrer, no fingerprinting, no cross-site tracking.
5how we use it
To run the demo you asked for, to operate and improve the product, to respond to you, and to keep aggregate (non-identifying) statistics about how the demo performs. What we will never do:
- Sell, share, or trade your data with third parties. Period.
- Use information inferred about your company to target other companies.
- Quote your chat answers in marketing without asking you first.
- Make automated decisions about you with legal or similarly significant effects.
6AI & your data
We do not train AI models on your data. Inference in substrat is bring-your-own-key and model-agnostic by architecture: model calls run against provider APIs under keys and terms that do not grant training rights, and substrat itself trains nothing on customer or lead data. Agent actions in the product are logged with attribution and reasoning records that belong to the tenant — you can see what an agent did and why.
7retention
| data | kept for | then |
|---|---|---|
| consent record | indefinitely | — (audit trail of your agreement) |
| sandbox tenant (incl. any imported data) | 30 days (extendable on request) | destroyed; a recovery copy is kept 7 days for "regenerate my sandbox" requests, then deleted |
| chat history, engagement logs, extraction provenance, your contact record | 12 months | deleted |
| aggregate, anonymized statistics | indefinitely | — (contain no personal information) |
| raw pages fetched during signal extraction; IP-derived location | not retained beyond the immediate session/request | — |
8deletion
Ask any time — the email footer link, the demo chat ("delete my data"), or hello@thesubstrat.com. We verify it's you (email confirmation), and within 7 days we delete your personal information and destroy your sandbox, then confirm by email. Anonymized aggregates, which contain no personal information, are unaffected. If you later become a customer, you start fresh — old demo data does not transfer.
9where your data lives
Hosting is on AWS in Canada (ca-central-1). Each tenant is pinned to its region, and we don't move tenant data across regions in normal operation; additional regional homes (including a US region) are on the roadmap and will be reflected here when live. Data is encrypted at rest (AWS-managed keys via AWS KMS) and encrypted in transit (TLS). Each tenant — including each sandbox — lives in its own isolated database schema with database-role-scoped access, designed so a query that lacks your tenant's scope errors rather than leaks. A dedicated cluster with a dedicated encryption key is available as a paid tier for customers who need it.
10accounting imports (QuickBooks Online / Xero)
What we import. When you connect QuickBooks Online or Xero, we import: your chart of accounts; journal entries and transactions; invoices and bills; customer and vendor records (business contact records — names and business contact details); account balances; and document attachments associated with those transactions.
Why. Solely to (a) populate your own evaluation sandbox with your real books, (b) produce reconciliation reports tying imported balances back to the source system, and (c) preview a migration. Imported data is not used for any other purpose — not for marketing, not for profiling, and never for AI training (section 6).
- Read-only during evaluation. We request read scopes only; substrat never writes to your accounting system during evaluation. Any future sync-out capability writes only summarized entries you explicitly authorize.
- Isolated & encrypted. Imported data lands in your own isolated sandbox tenant (section 9) and nowhere else, encrypted at rest and in transit.
- Temporary. Sandbox lifetime is 30 days unless extended; on deprovision the tenant is destroyed and OAuth tokens are revoked (retention table, section 7).
- Yours — deletable and exportable per tenant. The isolation model makes export and deletion clean single-tenant operations: disconnect, export a copy, or request deletion at any time (section 8).
- Never sold, never shared, never trained on. Sections 5 and 6 apply in full to imported accounting data.
11security
Our security architecture is part of the product, not a policy layer: the ledger is a cryptographically verifiable audit trail — every write is hash-chained and signed, with chain heads anchored to write-once (WORM) storage; tenant isolation is verified by automated checks on every code change; changes ship through mandatory independent review gates; data is encrypted at rest and in transit (section 9). Our security architecture is documented, and NDA and DPA are available on request.
12subprocessors
| provider | purpose | note |
|---|---|---|
| Amazon Web Services | hosting, storage, key management | Canada region (ca-central-1), per section 9 |
| Anthropic | model inference | bring-your-own-key / API terms; no training on your data (section 6) |
| Google Workspace | correspondence with you | |
| Name.com | domain registration | no personal data of yours |
| 1Password | secrets management | our credentials, not your data |
This list is updated as vendors change.
13your rights
Depending on where you live, you may have rights of access, correction, deletion, portability, and objection — under PIPEDA (Canada), the CCPA/CPRA (California) and other US state privacy laws, and similar regimes. We honor these on request via hello@thesubstrat.com, regardless of jurisdiction where we reasonably can. We do not sell or share personal information as those terms are defined in the CCPA.
EU/UK visitors: the demo and sandbox programs are not currently offered in the EU/UK. If you contact us from there, we'll handle your inquiry under GDPR-equivalent care, but the programs themselves are waitlist-only in those regions for now.
14changes & contact
We'll post changes here with a new effective date and version; material changes to how we handle demo or sandbox data are notified to affected participants by email. Questions, requests, complaints: hello@thesubstrat.com.