mypoaBack to Home

Privacy Policy

Last updated: February 24, 2026

This Privacy Policy explains how primarylaw.ai Ltd ("Company," "we," "us," or "our"), operating the mypoa.ai website and services (the "Service"), collects, uses, discloses, retains, and protects your personal information. This policy applies to all users of the Service, regardless of location.

By using the Service, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: When you create an account, we collect your email address, and any additional profile information you voluntarily provide.
  • Document Data: Information you enter when generating power of attorney documents, including but not limited to your name, address, date of birth, designated agent information (names, addresses, relationships), successor agent details, financial powers and limitations, healthcare directives and preferences, medical treatment preferences, and other terms related to your power of attorney documents.
  • Payment Information: Payment details are collected and processed exclusively by our third-party payment processor, Stripe. We receive limited transaction information (e.g., last four digits, payment status) but do not store your full credit card number, CVC, or banking details on our servers.
  • Communications: Information you provide when contacting us for support, feedback, or inquiries, including your email address and the content of your messages.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on the Service, click patterns, and interaction data.
  • Device Information: Browser type and version, operating system, device type, screen resolution, and language preferences.
  • Log Data: IP address, access times, referring URLs, and error logs.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to maintain your session and remember your preferences. See Section 7 (Cookies and Tracking Technologies) for details.

1.3 Information from Third Parties

If you sign in using a third-party authentication provider (e.g., Google OAuth), we may receive your name, email address, and profile picture from that provider, in accordance with the permissions you grant during the authentication process.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, operate, and improve the Service
  • Document Generation: To generate customized power of attorney documents based on your inputs using AI
  • Payment Processing: To process payments and send transaction confirmations
  • Communication: To send you service-related notices, updates, security alerts, and support messages
  • Support: To respond to your requests, comments, and questions
  • Analytics: To monitor and analyze usage trends, improve user experience, and optimize the Service
  • Security: To detect, prevent, and address fraud, abuse, security incidents, and technical issues
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Contractual Necessity: Processing necessary to fulfill our contract with you (providing the Service)
  • Consent: Where you have given consent for specific processing activities
  • Legitimate Interests: Processing necessary for our legitimate interests (e.g., fraud prevention, service improvement), provided these interests do not override your rights
  • Legal Obligation: Processing necessary to comply with legal requirements

4. Third-Party Services and Data Sharing

We share your information with the following categories of third-party service providers, solely for the purposes described:

  • Stripe (Payment Processing): Processes your payment information. Subject to Stripe's Privacy Policy.
  • Supabase (Authentication & Database): Stores your account data and document information. Subject to Supabase's Privacy Policy.
  • Anthropic (AI Document Generation): Your document inputs are transmitted to Anthropic's API to generate power of attorney documents. Anthropic does not use API inputs to train their models. Subject to Anthropic's Privacy Policy.
  • Vercel (Hosting): Hosts the Service infrastructure. Subject to Vercel's Privacy Policy.
  • Resend (Email): Sends transactional emails on our behalf, such as purchase confirmations and account notifications. Subject to Resend's Privacy Policy.
  • Upstash (Rate Limiting): Provides rate limiting functionality to protect the Service from abuse. Processes limited request metadata. Subject to Upstash's Privacy Policy.
  • Sentry (Error Monitoring): Collects error and performance data to help us identify and fix issues. May receive anonymized usage data and error context. Subject to Sentry's Privacy Policy.
  • Cloudflare Turnstile (Bot Protection): Verifies that interactions with the Service are from legitimate users. Processes limited browser and interaction data. Subject to Cloudflare's Privacy Policy.
  • Google Analytics (Analytics): Collects anonymized usage and interaction data to help us understand how visitors use the Service. Only activated with your consent. Subject to Google's Privacy Policy.
  • LogRocket (Session Replay): Records anonymized session replays to help us improve user experience and diagnose issues. Only activated with your consent. Subject to LogRocket's Privacy Policy.

We do not sell your personal information to third parties. We do not share your personal information with third parties for their direct marketing purposes.

We may also disclose your information if required to do so by law, in response to a valid legal process (e.g., subpoena, court order), to protect our rights or property, to enforce our Terms of Service, or to protect the safety of our users or the public.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law:

  • Account Data: Retained for the duration of your active account. Deleted within 30 days of account deletion request.
  • Document Data: Retained for as long as your account is active so you can access your generated documents. Deleted upon account deletion.
  • Payment Records: Retained for a minimum of 7 years as required by Canadian tax and accounting regulations.
  • Log Data: Retained for up to 90 days for security and debugging purposes.
  • Support Communications: Retained for up to 2 years after the last interaction to provide continuity of support.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit using TLS/SSL
  • Encryption of data at rest
  • Row-level security policies on database tables
  • Access controls and authentication requirements
  • Regular security assessments and monitoring

Given the sensitive nature of power of attorney documents, we take additional care to protect your document data. However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

7.1 Essential Cookies

These cookies are strictly necessary for the Service to function and cannot be disabled. They include session cookies for authentication, CSRF protection tokens, and cookie consent preferences.

7.2 Analytics Cookies

We use analytics cookies (including Google Analytics and LogRocket) to help us understand how visitors interact with the Service by collecting usage data. These cookies are only activated with your consent via the cookie consent banner.

7.3 Managing Your Cookie Preferences

You can manage your cookie preferences through the cookie consent banner displayed when you first visit the Service, or at any time through your browser settings.

Disabling optional cookies will not affect the core functionality of the Service.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Rectification: Request correction of inaccurate or incomplete personal information.
  • Erasure: Request deletion of your personal information, subject to legal retention requirements.
  • Restriction: Request that we restrict the processing of your personal information in certain circumstances.
  • Portability: Request a copy of your data in a structured, commonly used, and machine-readable format.
  • Objection: Object to certain types of processing, including processing based on legitimate interests.
  • Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@mypoa.ai. We will respond to your request within 30 days. We may require you to verify your identity before processing your request.

9. Canadian Privacy Law Compliance

As a Manitoba-based company, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. Under PIPEDA, you have the right to:

  • Know what personal information we hold about you
  • Challenge the accuracy and completeness of your information
  • Request that your information be amended or deleted
  • Withdraw consent for the collection, use, or disclosure of your personal information (subject to legal or contractual restrictions)

If you are unsatisfied with our response to a privacy concern, you may file a complaint with the Office of the Privacy Commissioner of Canada.

10. International Data Transfers

Your information may be transferred to and processed in countries other than Canada, including the United States, where our third-party service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. By using the Service, you consent to such transfers. We take steps to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take reasonable steps to delete such information promptly. If you believe we have collected information from a child, please contact us at support@mypoa.ai.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. If changes are significant, we may also notify you via email or a prominent notice on the Service. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes acceptance of the changes.

13. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:

Email: support@mypoa.ai
Company: primarylaw.ai Ltd

For privacy-related inquiries, we will acknowledge receipt within 5 business days and provide a substantive response within 30 days.