Privacy Policy

This Privacy Policy (“Policy”) describes how Cost Me (the “Service,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal information when you access or use the Cost Me mobile application, this website, and any related services or features (collectively, the “Service”). By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Policy.

This Policy applies to information collected through the Service and does not apply to information collected by third parties through other applications, websites, or services that may be linked to or from the Service. We are not responsible for the privacy practices of any third parties.

We may collect the following categories of information in connection with your use of the Service:

2.1 Information You Provide.

Information you voluntarily provide to us, including, without limitation, account registration information, profile information, financial inputs you elect to enter (such as income, transactions, subscriptions, and savings activity), messages or content you submit to in-app features (including, without limitation, chat interactions and uploaded documents), referral codes, and any other information you choose to provide.

2.2 Automatically Collected Information.

We may automatically collect certain information about your device, application usage, and interactions with the Service, including, without limitation, device identifiers, operating system version, application version, usage statistics, session duration, feature engagement, interaction patterns, and aggregated behavioural signals.

2.3 Information From Third Parties.

We may receive information about you from third parties, including, without limitation, identity providers (where you elect to use single sign-on services), payment processors, and other service providers we engage to deliver, maintain, improve, or operate the Service.

We may use the information we collect for purposes including, without limitation: (a) to provide, maintain, operate, and improve the Service; (b) to personalize content, features, and recommendations; (c) to communicate with you, including regarding service-related notices and product updates; (d) to process transactions and manage subscriptions; (e) to develop, train, evaluate, and improve product features (including artificial-intelligence-assisted features); (f) to detect, investigate, and prevent fraudulent, unauthorized, or illegal activity; (g) to comply with applicable law, regulation, legal process, or governmental request; and (h) for any other purpose disclosed to you at the time of collection or to which you have otherwise consented.

We may share information as follows or as otherwise described in this Policy:

4.1 Service Providers.

We may share information with third-party service providers that perform services on our behalf, including, without limitation, hosting, infrastructure, analytics, communications, identity verification, payment processing, customer support, and similar services. Such service providers are subject to contractual obligations regarding their use of information.

4.2 Legal Requirements.

We may disclose information where required by applicable law, regulation, legal process, or governmental request, or where we believe in good faith that disclosure is necessary to (a) comply with legal obligations, (b) protect our rights, property, or safety or those of our users or the public, or (c) detect, prevent, or address fraud, security, or technical issues.

4.3 Business Transfers.

In the event of a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of assets, or transition of service to another provider, information may be transferred as part of such transaction, subject to applicable law.

4.4 With Your Consent.

We may share information with third parties when you direct us to do so or otherwise consent to such sharing.

4.5 No Sale of Personal Information.

We do not sell personal information to third parties for monetary consideration. We do not engage in cross-context behavioural advertising in the manner contemplated by applicable privacy legislation.

We retain personal information for as long as necessary to fulfil the purposes described in this Policy, to comply with our legal obligations, to resolve disputes, and to enforce our agreements, unless a longer retention period is required or permitted by law.

We maintain reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. No method of transmission over the internet or method of electronic storage is fully secure, however, and we cannot guarantee absolute security.

Depending on the jurisdiction in which you reside, you may have certain rights with respect to the personal information we process about you. These rights are not absolute and are subject to exceptions, limitations, and exemptions provided under applicable law. The rights described below apply only to the extent recognized by the law applicable to your residence and may differ materially from those described herein. We may decline to act on any request, in whole or in part, where permitted by applicable law, including where the request is manifestly unfounded, repetitive, excessive, would prejudice the rights of others, or where we are unable to verify your identity to a reasonable degree of certainty.

7.1 Access and Portability.

Subject to applicable law and verification of your identity, you may request confirmation of whether we process personal information about you, access to such information, and a copy of such information in a structured, commonly used, machine-readable format. We may charge a reasonable fee or decline the request where requests are manifestly unfounded or excessive, particularly where they are repetitive.

7.2 Correction.

You may request that we correct inaccurate or incomplete personal information we hold about you. We may take steps to verify the accuracy of the information you provide before implementing any correction.

7.3 Deletion.

You may request that we delete personal information we hold about you. Notwithstanding the foregoing, we may retain information where retention is necessary or permitted under applicable law, including, without limitation, to (a) complete a transaction or provide a service you have requested, (b) detect, prevent, or address security incidents or fraudulent, illegal, or deceptive activity, (c) comply with a legal obligation, (d) establish, exercise, or defend legal claims, (e) protect the rights of another person, or (f) for compelling legitimate business purposes that are compatible with the context in which the information was provided. Deletion of information from active systems does not entail removal from backup or archival systems, which information may persist in such systems until those systems are routinely overwritten in the ordinary course.

7.4 Restriction and Objection.

Where applicable law provides such rights, you may request that we restrict the processing of your personal information or object to processing carried out on the basis of our legitimate interests, including, without limitation, processing for direct-marketing or profiling purposes. We will continue to process the information where we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where the processing is necessary for the establishment, exercise, or defence of legal claims.

7.5 Withdrawal of Consent.

Where we process personal information on the basis of your consent, you may withdraw such consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal, and may impair our ability to provide certain features of the Service to you.

7.6 Right to Lodge a Complaint.

You may have the right to lodge a complaint with a supervisory authority in your jurisdiction. In Canada, complaints may be directed to the Office of the Privacy Commissioner of Canada or the applicable provincial privacy regulator (including, without limitation, the Commission d'accès à l'information du Québec, the Office of the Information and Privacy Commissioner of Alberta, or the Office of the Information and Privacy Commissioner for British Columbia). In the European Economic Area and the United Kingdom, you may contact your local data-protection authority. In the United States, residents of certain states (including, without limitation, California, Colorado, Connecticut, Virginia, and Utah) may have additional rights under state-level privacy legislation.

7.7 Verification and Authorized Agents.

We will take reasonable steps to verify your identity prior to responding to a rights request. Verification may require you to provide additional information sufficient to confirm your identity to a reasonable degree of certainty commensurate with the sensitivity of the personal information and the risk of harm from improper disclosure. Where permitted by applicable law, you may use an authorized agent to submit a request on your behalf, provided that you have given the agent signed written permission and you verify your own identity directly with us.

7.8 Response Timeframes.

We endeavour to respond to verifiable rights requests within the time required by applicable law. Where applicable law does not prescribe a specific timeframe, we will respond within a reasonable period, typically not to exceed thirty (30) days from receipt of a verifiable request, subject to extension where permitted.

7.9 No Discrimination.

We will not discriminate against you for exercising any right described in this Section 7, except as permitted by applicable law. We may offer financial incentives that result in differences in price, level, or quality of service, where permitted by applicable law and disclosed in accordance therewith.

7.10 How to Submit a Request.

To exercise any of the rights described above, contact us at the address provided in Section 13 of this Policy. Please include sufficient information to identify yourself and the nature of your request. We may follow up to verify your identity or to clarify the request before responding.

The Service is intended for users aged 18 years and older. We do not knowingly collect personal information from children under the age of 13. If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete such information.

The Service is operated from Canada. Information we collect may be processed and stored in Canada, the United States, and other jurisdictions where we or our service providers maintain facilities. By using the Service, you consent to the transfer of your information to jurisdictions that may have different data protection laws than your country of residence.

The Service may contain links to or integrations with third-party websites, applications, or services. This Policy does not apply to such third-party services, and we are not responsible for the privacy practices or content of any third party. We encourage you to review the privacy policies of any third-party services you access.

The Service may use cookies, web beacons, pixels, software development kits, and similar technologies. By using the Service, you consent to our use of such technologies in accordance with this Policy and applicable law.

We may update this Policy from time to time. We will post the updated Policy on the Service and update the “Last Updated” date above. Your continued use of the Service following the posting of changes constitutes your acceptance of such changes. We encourage you to review this Policy periodically.

For questions regarding this Policy or to exercise any applicable rights, you may contact us at CostMeSupport@marcymail.com.