legal

privacy policy.

effective 2026-07-01 · version 1.0 · Substrat Innovations Inc.
1 who we are2 scope3 what we collect4 what we don't collect5 how we use it6 AI & your data7 retention8 deletion9 where your data lives10 accounting imports11 security12 subprocessors13 your rights14 changes & contact

1who we are

Substrat Innovations Inc. ("substrat", "we") builds accounting infrastructure — a headless accounting kernel and the hosted services around it. We are based in Victoria, British Columbia, Canada, and our services are hosted on AWS in Canada. For anything in this policy: hello@thesubstrat.com.

2scope

This policy covers (a) this website, (b) our demo and sandbox programs (including the design-partner real-import sandbox, where offered), and (c) inquiries you send us. It does not cover production customer tenants — those are governed by the customer agreement and data-processing addendum signed with each customer, which take precedence for that data.

3what we collect

On this website: standard request data and campaign/referrer parameters (UTM). If we run analytics, we use privacy-focused, cookie-light tooling (first-party or equivalent) — no cross-site tracking, no fingerprinting, no advertising pixels. Country-level location may be inferred from your IP at request time for routing and is not retained.

If you start a demo or sandbox (explicitly, with your consent at the point of entry):

If you join the design-partner program and connect QuickBooks Online or Xero, we import your accounting data read-only into an isolated sandbox tenant — see section 10.

4what we don't collect

5how we use it

To run the demo you asked for, to operate and improve the product, to respond to you, and to keep aggregate (non-identifying) statistics about how the demo performs. What we will never do:

6AI & your data

We do not train AI models on your data. Inference in substrat is bring-your-own-key and model-agnostic by architecture: model calls run against provider APIs under keys and terms that do not grant training rights, and substrat itself trains nothing on customer or lead data. Agent actions in the product are logged with attribution and reasoning records that belong to the tenant — you can see what an agent did and why.

7retention

datakept forthen
consent recordindefinitely— (audit trail of your agreement)
sandbox tenant (incl. any imported data)30 days (extendable on request)destroyed; a recovery copy is kept 7 days for "regenerate my sandbox" requests, then deleted
chat history, engagement logs, extraction provenance, your contact record12 monthsdeleted
aggregate, anonymized statisticsindefinitely— (contain no personal information)
raw pages fetched during signal extraction; IP-derived locationnot retained beyond the immediate session/request

8deletion

Ask any time — the email footer link, the demo chat ("delete my data"), or hello@thesubstrat.com. We verify it's you (email confirmation), and within 7 days we delete your personal information and destroy your sandbox, then confirm by email. Anonymized aggregates, which contain no personal information, are unaffected. If you later become a customer, you start fresh — old demo data does not transfer.

9where your data lives

Hosting is on AWS in Canada (ca-central-1). Each tenant is pinned to its region, and we don't move tenant data across regions in normal operation; additional regional homes (including a US region) are on the roadmap and will be reflected here when live. Data is encrypted at rest (AWS-managed keys via AWS KMS) and encrypted in transit (TLS). Each tenant — including each sandbox — lives in its own isolated database schema with database-role-scoped access, designed so a query that lacks your tenant's scope errors rather than leaks. A dedicated cluster with a dedicated encryption key is available as a paid tier for customers who need it.

10accounting imports (QuickBooks Online / Xero)

What we import. When you connect QuickBooks Online or Xero, we import: your chart of accounts; journal entries and transactions; invoices and bills; customer and vendor records (business contact records — names and business contact details); account balances; and document attachments associated with those transactions.

Why. Solely to (a) populate your own evaluation sandbox with your real books, (b) produce reconciliation reports tying imported balances back to the source system, and (c) preview a migration. Imported data is not used for any other purpose — not for marketing, not for profiling, and never for AI training (section 6).

11security

Our security architecture is part of the product, not a policy layer: the ledger is a cryptographically verifiable audit trail — every write is hash-chained and signed, with chain heads anchored to write-once (WORM) storage; tenant isolation is verified by automated checks on every code change; changes ship through mandatory independent review gates; data is encrypted at rest and in transit (section 9). Our security architecture is documented, and NDA and DPA are available on request.

12subprocessors

providerpurposenote
Amazon Web Serviceshosting, storage, key managementCanada region (ca-central-1), per section 9
Anthropicmodel inferencebring-your-own-key / API terms; no training on your data (section 6)
Google Workspaceemailcorrespondence with you
Name.comdomain registrationno personal data of yours
1Passwordsecrets managementour credentials, not your data

This list is updated as vendors change.

13your rights

Depending on where you live, you may have rights of access, correction, deletion, portability, and objection — under PIPEDA (Canada), the CCPA/CPRA (California) and other US state privacy laws, and similar regimes. We honor these on request via hello@thesubstrat.com, regardless of jurisdiction where we reasonably can. We do not sell or share personal information as those terms are defined in the CCPA.

EU/UK visitors: the demo and sandbox programs are not currently offered in the EU/UK. If you contact us from there, we'll handle your inquiry under GDPR-equivalent care, but the programs themselves are waitlist-only in those regions for now.

14changes & contact

We'll post changes here with a new effective date and version; material changes to how we handle demo or sandbox data are notified to affected participants by email. Questions, requests, complaints: hello@thesubstrat.com.