Legal Information

Everything you need to know about our policies and terms.

NAVIGATION
SECTIONS

Privacy Policy

Last updated: July 1, 2026

This Privacy Policy explains how Helpero Ltd. collects, uses, shares, retains, and protects personal information from everyone who interacts with the Helpero Platform — including Customers, Service Providers (Specialists), website visitors, app users, and business partners.

1.1 Who We Are

Helpero Ltd. ("Helpero", "we", "us", or "our") is a technology marketplace company incorporated in Ontario, Canada (Corporation No. 1001518296), with its principal office at 542 Keele Street, Suite 1021, Toronto, Ontario M6N 3E2. Helpero operates a mobile and web application platform ("Platform") that connects Customers with independent Service Providers who offer home services, trade work, cleaning, assembly, plumbing, mounting, and related services in the Greater Toronto Area and Ontario.

Helpero is a technology marketplace operator and platform facilitator. Helpero does not itself perform the services delivered through the Platform. The actual services are performed by independent, self-employed Service Providers operating their own businesses. This distinction is important for understanding how personal information flows through our Platform.

1.2 What This Policy Covers

This Privacy Policy applies to all personal information Helpero collects, uses, stores, and shares in connection with:

  • Customers — individuals who create Accounts and use the Platform to request and book services;
  • Service Providers (also referred to as Specialists or Pros) — independent contractors who register on the Platform to offer and perform services;
  • Website Visitors — anyone who visits helpero.ca without necessarily creating an Account;
  • App Users — anyone who downloads or uses the Helpero mobile application;
  • Commercial Clients — businesses or property managers who use the Platform on behalf of their properties or operations;
  • Business Partners — companies and individuals with whom Helpero has commercial or referral relationships.

1.3 Legal Framework

Helpero is committed to protecting personal information in accordance with:

  • the Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5, and the regulations made under it, including the Breach of Security Safeguards Regulations;
  • applicable Ontario privacy standards and guidelines;
  • applicable sector-specific requirements including financial services, identity verification, and background screening norms.

PIPEDA governs how private-sector organizations collect, use, and disclose personal information in the course of commercial activities. Helpero is a commercial platform and all of our privacy practices are designed to meet or exceed PIPEDA's requirements.

1.4 Your Consent

By creating an Account, submitting a Service Request, registering as a Service Provider, or otherwise using the Platform, you acknowledge that you have read this Policy and consent to the collection, use, and disclosure of your personal information as described herein. Where applicable law requires express consent for specific processing activities (such as marketing communications), we obtain that consent separately.

THE PLATFORM MODEL

Helpero is a marketplace, not an employer or contractor. When you book a service through Helpero, the person performing your service is an independent professional, not a Helpero employee. Some personal information must be shared between Customers and Service Providers to complete bookings safely and effectively — this is explained in detail in Section 6.

2. The Information We Collect

2.1 Information Collected from Customers

When you register as a Customer and use the Platform, we collect:

Category

Specific Information

Account Registration

Full legal name; email address; phone number; account password (stored in encrypted form); preferred language; date of account creation.

Booking and Service Request Data

Service type and description; requested service date and time; Booking status and history; scope changes; Booking reference numbers; cancellation or rescheduling records; service notes or special instructions submitted through the App.

Service Address and Location

The full address of the property where service is to be performed; access instructions or entry codes (stored securely); approximate geographic location where you enable location services on your mobile device; postal code used for service availability checks.

Payment and Transaction Information

Billing name and address; last four digits of payment card and card type (for reference only); payment processor transaction identifiers; payment status and history; refund and credit records; chargeback and dispute records. Full card numbers are handled exclusively by our payment processor and are not stored on Helpero systems.

Communications

Messages sent through the Platform's in-app messaging system; support enquiries submitted to our customer service team; complaint and dispute correspondence; feedback, ratings, and written reviews; survey responses.

User Content

Photographs, videos, or documents uploaded in connection with a Booking, complaint, or review; written reviews of Service Providers; ratings submitted following a completed service.

Device and Technical Data

IP address; mobile device type, model, and operating system version; App version; unique device identifiers; operating system and browser type (for web access); mobile network information; diagnostic and crash logs; App performance metrics.

Usage Data

Pages and screens accessed within the App and website; service categories browsed; booking flow interactions; search terms; clicks, taps, and feature usage patterns; session duration and frequency.

2.2 Information Collected from Service Providers (Specialists)

Service Providers are subject to additional onboarding and verification requirements. We collect:

Category

Specific Information

Identity and Registration

Full legal name; date of birth (for verification); government-issued identification number type and expiry (verified through third-party identity verification services — we do not store full ID document numbers); profile photograph; emergency contact information.

Business Information

Business or operating name; business address; HST/GST registration number (where applicable); business registration number; service categories offered; operating regions.

Licensing and Certifications

Trade licence type and number; issuing authority; expiry date; copies of certifications, training credentials, or trade qualifications as required for the relevant service category.

Insurance Information

Insurance provider name; policy number; coverage type and amounts; policy effective and expiry dates; named insured details; copies of certificates of insurance.

Background Screening

Consent records for background screening; screening request identifiers; screening outcome records (pass/fail) from our background-check provider. Helpero receives screening outcome records, not detailed screening reports. Detailed reports are held by the screening provider under their own privacy policy.

Banking and Payment Disbursement

Bank account details required for service payout processing (collected and stored securely through our payment disbursement provider); payout history; tax form data (T4A information where applicable).

Performance and Activity Data

Booking acceptance and completion rates; customer ratings and reviews received; response times; cancellation records; complaint records; deactivation history where applicable.

Communications and Support

Messages through the Platform's in-app messaging; support and dispute correspondence; communications with Helpero's partner team; onboarding documents and agreements.

2.3 Information Collected from All Users (Technical and Passive Data)

For all users — Customers, Service Providers, and website visitors — we automatically collect the following when you use the Platform:

  • IP address and approximate geographic location derived from IP;
  • Device identifiers, operating system, and App version;
  • Browser type and settings for web-based access;
  • Cookies and similar tracking technology data (see Section 9);
  • Log data, error reports, and diagnostic information;
  • Referral source (how you arrived at our website or App);
  • Analytics data from third-party analytics providers (see Section 9).

2.4 Information We Do Not Collect

Helpero does not intentionally collect the following categories of sensitive personal information and asks that you do not provide them through the Platform:

  • Social Insurance Numbers (SIN) or government-issued identification numbers (beyond the verification process managed by our identity verification provider);
  • Health or medical information;
  • Racial or ethnic origin, religious beliefs, or political views;
  • Sexual orientation or gender identity, unless voluntarily disclosed;
  • Biometric data.

If you inadvertently provide sensitive information, please contact privacy@helpero.ca and we will take steps to delete it from our systems promptly.

3. How We Collect Personal Information

3.1 Directly from You

Most of the personal information we hold is provided directly by you when you:

  • create a Customer or Service Provider Account;
  • submit a Service Request or accept a booking;
  • provide payment information for a transaction;
  • upload documents, photographs, or certifications during onboarding or in connection with a booking or complaint;
  • contact our customer support team by email, phone, or in-app chat;
  • submit a review, rating, or feedback;
  • participate in a survey, promotion, or referral program;
  • communicate through the Platform's messaging system.

3.2 Automatically Through Technology

When you use the App or visit the Platform, we automatically collect technical and usage data through:

  • server logs that record your IP address, browser type, pages accessed, and timestamps;
  • cookies and similar tracking technologies placed on your device (described in Section 9);
  • mobile SDKs integrated into the App that collect device performance and usage metrics;
  • analytics tools that track how users interact with the App and website (see Section 9);
  • crash reporting and diagnostic tools that capture error logs when the App does not function as expected.

3.3 From Third Parties

We may receive personal information about you from third parties in the following circumstances:

  • Identity verification providers — who confirm identity documents and return a verification outcome on our behalf;
  • Background screening companies — who conduct background checks on Service Providers and return screening outcomes;
  • Payment processors (such as Stripe) — who share limited transaction confirmation data and fraud signals with us;
  • Analytics and marketing platforms — that provide aggregated or anonymized data about user behaviour and ad performance;
  • Referral partners — who may share basic contact information where a person has been referred to the Platform;

Publicly available sources — such as business registries or licensing databases, where relevant to verifying a Service Provider's credentials.

4. How We Use Personal Information

Helpero uses personal information only for the purposes described in this Policy or as otherwise permitted by applicable law. We process personal information on the following legal bases:

Purpose

How We Use It

Legal Basis

Platform Operations

Creating and managing Accounts; processing Service Requests and Bookings; matching Customers with available Service Providers; sending Booking Confirmations and updates; processing payments and disbursements.

Contract performance; legitimate interests

Service Facilitation

Sharing necessary booking details (including Service Address) with matched Service Providers to enable service delivery; communicating booking changes, cancellations, or updates.

Contract performance

Service Provider Onboarding

Verifying identity, licences, and insurance; conducting background screening; assessing eligibility to offer services on the Platform; onboarding and training.

Contract performance; legal obligation

Payments and Financial Records

Processing Customer payments; disbursing Service Provider earnings; managing refunds, credits, and adjustments; preparing tax records and financial reports.

Contract performance; legal obligation

Safety and Security

Preventing, detecting, and investigating fraud, abuse, and unauthorized Platform access; verifying user identity; managing chargeback and dispute investigations; detecting and preventing harm to any user.

Legitimate interests; legal obligation

Quality Assurance

Monitoring Service Provider performance through ratings, reviews, and complaint records; enforcing Platform service standards; responding to service quality complaints.

Legitimate interests; contract performance

Customer Support

Responding to enquiries, complaints, and requests from Customers and Service Providers; investigating disputes; facilitating complaint resolution; coordinating with insurers or legal counsel where required.

Contract performance; legitimate interests

Legal Compliance

Complying with applicable law, regulations, court orders, and requests from Canadian government authorities and law enforcement agencies; establishing, exercising, or defending legal claims.

Legal obligation; legitimate interests

Platform Improvement

Analysing usage patterns, performance metrics, and user feedback to improve Platform features, user experience, and matching algorithms; conducting internal research and analytics.

Legitimate interests

Communications

Sending transactional messages (Booking confirmations, receipts, reminders, account notices); sending promotional and marketing communications where you have consented.

Contract performance; consent

Personalisation

Remembering your preferences; recommending services or providers based on your history; displaying region-specific content.

Legitimate interests; consent

Business Operations

Internal record-keeping; financial reporting; audit and compliance functions; strategic planning and investment activities.

Legitimate interests; legal obligation

WE DO NOT SELL YOUR PERSONAL INFORMATION

Helpero does not sell, rent, or trade your personal information to third parties for their own marketing or commercial purposes. We share information only as described in this Policy and only to operate and improve the Platform.

5. How We Share Personal Information

5.1 Overview

Helpero does not share personal information with third parties except in the circumstances described in this Section 5 and in Section 6 (Sharing Between Customers and Service Providers) and Section 7 (Third-Party Service Providers). We share only the minimum information necessary for the stated purpose.

5.2 Disclosure Categories and Recipients

Recipient

What We Share

Why

Matched Service Providers

Customer first name, Service Address, service description, Booking date and time, access instructions. See Section 6 for full details.

To enable the Service Provider to perform the booked service.

Customers (post-booking)

Service Provider first name, profile photo, professional rating, service category, and ETA or arrival updates through the App.

To help Customers identify and track their assigned Service Provider.

Payment Processors

Encrypted payment card data (processed directly by the processor, not stored by Helpero); billing name and address; transaction amounts; refund instructions.

To process Customer payments and Service Provider disbursements securely.

Background Screening Providers

Service Provider name, date of birth, and consent authorization.

To conduct background checks during onboarding.

Identity Verification Providers

Service Provider identity document type and verification data, as provided during onboarding.

To verify Service Provider identity as part of onboarding.

Cloud Hosting and Infrastructure Providers

All Platform data, stored on secure cloud servers.

To host and operate the Platform infrastructure.

Analytics Providers

Anonymized or aggregated usage and behavioural data; device and session identifiers.

To analyse Platform usage and improve features.

Insurance and Legal Advisors

Relevant booking records, communications, and claim-related information, where a dispute or claim arises.

To facilitate insurance claims and legal proceedings.

Regulatory and Law Enforcement Authorities

Information required by law, court order, or regulatory demand.

Legal obligation; protection of rights and safety.

Corporate Successors

All Platform data, in connection with a business transfer. See Section 17.

To facilitate a corporate merger, acquisition, or asset sale.

5.3 Aggregated and De-Identified Data

Helpero may share aggregated, anonymized data — data from which individual users cannot reasonably be identified — with partners, advertisers, investors, or the public for research, market analysis, or business development purposes. This data does not constitute personal information sharing.

5.4 With Your Consent

We may share your personal information with parties not described in this Policy where you have given explicit prior consent to a specific disclosure. You may withdraw your consent at any time by contacting privacy@helpero.ca, subject to legal or contractual restrictions.

6. Information Shared Between Customers and Service Providers

6.1 Why Sharing Is Necessary

The Helpero marketplace exists to connect Customers who need services with Service Providers who perform them. Completing a booking safely and effectively requires a controlled and purposeful exchange of personal information between both parties. Helpero manages this exchange carefully to share only what is necessary for service delivery, while protecting each party's privacy.

6.2 Information Shared with the Service Provider

When a Booking is confirmed, Helpero shares the following Customer information with the matched Service Provider:

Information

Purpose

Timing

Customer first name

So the Service Provider can greet the Customer by name on arrival.

At Booking Confirmation

Service Address (full)

So the Service Provider can travel to and access the property where the service is to be performed.

At Booking Confirmation

Access instructions or entry codes (if provided)

So the Service Provider can access the property at the scheduled time where the Customer is not present.

At Booking Confirmation

Service description and scope

So the Service Provider knows what work is required and can prepare appropriately.

At Booking Confirmation

Booking date, time, and estimated duration

So the Service Provider can schedule and plan their appointment.

At Booking Confirmation

Special instructions, hazard disclosures, or property notes submitted by the Customer

So the Service Provider can attend safely and prepared.

At Booking Confirmation

Customer rating and review history (aggregated) [To Confirm if implemented]

To allow Service Providers to assess Booking acceptance decisions.

At Booking stage

Helpero does not share your full legal name, email address, full phone number, or payment card information with Service Providers through the Platform workflow. Service Providers who receive Customer information are bound by confidentiality obligations under the Service Provider Agreement and may not use that information for any purpose other than completing the booked service.

6.3 Information Shared with the Customer

When a Booking is confirmed, Helpero shares the following Service Provider information with the Customer:

  • Service Provider first name and profile photograph — so Customers can identify and recognize the person arriving at their property;
  • Professional service rating and number of completed bookings — to help Customers understand the Service Provider's experience level;
  • Service category and offered services — to confirm the Service Provider is qualified for the booked work;
  • Real-time status updates and approximate ETA through the App (where this feature is available);
  • Post-service: confirmation of work completed and any scope change documentation.

Helpero does not share a Service Provider's home address, personal phone number, personal email address, financial information, or background screening details with Customers.

6.4 In-App Messaging

Helpero's in-app messaging system enables Customers and Service Providers to communicate about a Booking without sharing direct personal contact information. Messages sent through the Platform are stored by Helpero for dispute resolution, safety monitoring, and quality assurance purposes. Helpero may review the content of Platform messages in connection with a complaint investigation or safety concern. Users are discouraged from sharing personal contact information (phone numbers, personal email addresses) through the messaging system in order to maintain the privacy protections the Platform provides.

6.5 Information Retention After Service Completion

After a service is completed, Helpero retains Booking records, communications, and service notes in accordance with the data retention schedule in Section 13. This information may be used to support future disputes, quality reviews, or legal proceedings. Service Providers' access to Customer information is limited to active and recent Bookings; historical Customer data is not made available to Service Providers after the relevant booking period closes.

7. Third-Party Service Providers and Business Partners

7.1 Our Use of Third-Party Processors

Helpero engages carefully selected third-party companies and individuals ("Processors") to perform functions on our behalf that require access to personal information. These include:

Processor Category

Function

Information Involved

Payment Processors (e.g., Stripe)

Secure payment card processing; Customer payment collection; Service Provider earnings disbursement; refund processing.

Encrypted payment data; transaction amounts; billing details.

Cloud Infrastructure Providers

Hosting and storing Platform data on secure cloud servers; database management; content delivery.

All Platform data stored on cloud infrastructure.

Identity Verification Services

Verifying Service Provider identity documents during onboarding; returning verification outcomes.

Service Provider identity document details.

Background Screening Companies

Conducting criminal and background checks on Service Providers.

Service Provider name, date of birth, consent records.

Analytics Providers

Analysing Platform usage patterns; measuring feature performance; generating aggregated usage reports.

Anonymized or pseudonymized usage and device data.

Customer Support Software

Hosting support ticket systems; managing customer service workflows; storing support correspondence.

Customer and Service Provider support communications.

Email and SMS Communication Providers

Delivering transactional messages (booking confirmations, receipts, notifications) and marketing communications.

Email addresses; phone numbers; message content.

Push Notification Services

Delivering in-app and mobile push notifications to App users.

Device tokens; notification content.

Fraud Detection and Security Services

Monitoring for fraudulent activity, abuse, and unauthorized access.

IP addresses; device identifiers; transaction patterns.

Legal and Professional Advisors

Providing legal, accounting, and professional advice in connection with Helpero's operations.

Relevant personal information disclosed under privilege or confidentiality agreements.

7.2 Processor Obligations

All third-party Processors who handle personal information on Helpero's behalf are required by contract to:

  • process personal information only for the specific purpose for which it was shared and on Helpero's documented instructions;
  • maintain appropriate technical and organizational security measures;
  • not disclose personal information to any sub-processors without Helpero's prior authorization;
  • comply with applicable Canadian privacy law and, where applicable, international privacy standards;
  • assist Helpero in responding to user rights requests;
  • promptly notify Helpero of any personal information security breach.

7.3 Third-Party Links and External Services

The Platform may contain links to third-party websites, social media platforms, or services not operated by Helpero. When you click on such links and leave the Platform, you are subject to the privacy policy of the destination, not this Policy. Helpero is not responsible for the privacy practices of external services. We encourage you to review the privacy policy of every website or service you visit.

8. Safety, Fraud Prevention, Investigations, and Legal Compliance

8.1 Safety and Harm Prevention

Helpero takes the safety of both Customers and Service Providers seriously. We may use, process, and where necessary share personal information to:

  • investigate reports of unsafe conduct, harassment, discrimination, or threats on the Platform;
  • respond to emergency situations reported through the Platform or by a user;
  • take action to protect any person from imminent physical harm;
  • investigate complaints involving alleged property damage, personal injury, or improper conduct during a service;
  • deactivate or restrict user accounts where there is a credible safety concern.

In genuine emergency situations involving risk to life, Helpero may disclose relevant personal information to emergency services or law enforcement without prior notice, where required to prevent harm.

8.2 Fraud Detection and Prevention

Helpero uses automated and manual processes to detect, investigate, and prevent fraudulent activity, including:

  • fraudulent account creation or identity misrepresentation;
  • payment fraud, including unauthorized transactions and fraudulent chargebacks;
  • fake or incentivized reviews;
  • coordinated abuse of the Platform including multi-account creation;
  • attempts to circumvent Platform policies or gain unauthorized access.

Our fraud detection systems may process your IP address, device identifiers, transaction patterns, and behavioural signals to identify anomalies. Where fraud is detected, we may restrict or close the relevant Account, retain evidence for legal proceedings, and in serious cases, refer the matter to law enforcement or appropriate authorities.

8.3 Dispute and Chargeback Investigations

Where a Customer initiates a complaint, refund request, chargeback, or legal claim, or where a Service Provider disputes a deactivation, Helpero may:

  • review and retain all relevant Booking records, payment records, and App communications;
  • share relevant evidence with payment processors in connection with a chargeback investigation;
  • share relevant records with legal counsel, insurers, or mediators involved in resolving the dispute;
  • retain records relating to the dispute for as long as necessary to resolve it fully and meet any legal hold obligations.

8.4 Legal Compliance and Regulatory Disclosure

Helpero may disclose personal information where required to do so by applicable law, regulation, court order, or the demand of a Canadian government authority or law enforcement agency. Where Helpero is permitted to do so and it would not compromise an investigation, we will notify affected individuals of a legal demand before disclosing their information. Helpero will not disclose personal information in response to a legal demand that it believes is unlawful.

8.5 Establishing and Defending Legal Claims

Helpero may use personal information as necessary to establish, exercise, or defend legal claims — whether in litigation, arbitration, mediation, or administrative proceedings. This includes retaining relevant records beyond our standard retention periods where a legal hold is in place.

9. Cookies, Tracking Technologies, and Analytics

9.1 What Are Cookies?

Cookies are small text files placed on your device when you visit the Helpero website or interact with our web-based Platform. Similar tracking technologies include web beacons (pixel tags), local storage, session tokens, and mobile SDK analytics identifiers. Together, these tools help us operate the Platform, remember your preferences, and understand how users interact with our services.

9.2 Categories of Cookies We Use

Category

Consent Required?

Purpose

Essential / Strictly Necessary

No — required for Platform function

Enabling login sessions and authentication; maintaining your session state through a booking flow; security and fraud prevention tokens; shopping cart and booking state management. These cannot be disabled without preventing core Platform functionality.

Functional / Preference

Yes — can be disabled

Remembering your language preference; saving your address defaults; storing notification preferences; remembering your login for future visits.

Analytics / Performance

Yes — can be disabled

Counting page visits and sessions; measuring how users navigate the Platform; identifying error-prone screens; measuring App performance and load times. Analytics data is aggregated or pseudonymized and does not directly identify you. We use analytics tools such as Google Analytics [To Confirm: list all analytics tools used].

Marketing / Advertising

Yes — can be disabled

Tracking interactions with Helpero content and advertisements on third-party platforms; enabling retargeted advertising to users who have visited the Platform; measuring marketing campaign performance. [To Confirm: include only if Helpero runs paid retargeting/advertising campaigns.]

9.3 Mobile App Analytics

The Helpero App uses mobile analytics SDKs to collect information about how users interact with the App, including screen views, feature usage, session lengths, and error events. This data is used to improve the App and is processed by our analytics providers in aggregated or pseudonymized form. You can limit data collection in the App by adjusting your device privacy settings or resetting your Advertising ID through your device settings.

9.4 Third-Party Cookies

Some cookies are placed by third-party services integrated with the Platform, including payment processors, analytics platforms, and customer support tools. Helpero does not control the cookies placed by third parties. Please review the privacy policies of any third-party services you interact with through the Platform. Key third-party cookies you may encounter include those placed by our payment processor (for checkout session security) and analytics providers.

9.5 Your Cookie Choices

You can manage cookies in the following ways:

Cookie Consent Banner: When you first visit helpero.ca, you are presented with a cookie consent notice allowing you to accept or decline non-essential cookies. You may change your preferences at any time through the Cookie Settings link in the website footer.

Browser Settings: Most web browsers allow you to manage, block, or delete cookies through browser preferences. Disabling all cookies may prevent the Platform from functioning correctly.

Google Analytics Opt-Out: If we use Google Analytics, you may opt out using the Google Analytics Opt-Out add-on at tools.google.com/dlpage/gaoptout.

Mobile Device Settings: You may limit app tracking through iOS or Android device privacy settings, such as Limit Ad Tracking or Opt out of Ads Personalisation.

A full description of the cookies we use, including the specific cookies deployed, their purpose, duration, and provider, is available in our separate Cookie Policy at helpero.ca/cookie.

10. Marketing Communications and Your Choices

10.1 Transactional vs. Marketing Communications

Helpero sends two types of communications:

Type

Description and Opt-Out

Transactional Communications

Messages required to provide the Platform services — including Booking Confirmations, payment receipts, booking reminders, cancellation notices, account security alerts, and policy updates. These are sent to all registered users and cannot be opted out of while your Account is active. They are not marketing messages.

Marketing and Promotional Communications

Promotional emails, App push notifications, SMS messages, and in-app messages promoting Helpero services, offers, and features. These are sent only where you have provided consent. You may withdraw consent at any time.

10.2 How to Opt Out of Marketing

You may opt out of marketing and promotional communications at any time using any of the following methods:

  • click the unsubscribe link at the bottom of any marketing email we send you;
  • adjust your notification and communication preferences in your Account Settings within the App;
  • reply STOP to any promotional SMS message;
  • contact us at support@helpero.ca with your request to opt out.

We will honour your opt-out request promptly. Please note that even after opting out of marketing communications, you will continue to receive transactional communications necessary for your Account and Bookings. Opting out of marketing does not delete your Account or personal information.

10.3 Canada's Anti-Spam Legislation (CASL)

Helpero's marketing and commercial electronic messaging practices comply with Canada's Anti-Spam Legislation (CASL), S.C. 2010, c. 23. We send commercial electronic messages only where we have obtained express or implied consent as defined by CASL. Every commercial electronic message we send includes our identification information and a functioning unsubscribe mechanism. We maintain records of consent as required by CASL.

11. Your Privacy Rights and How to Exercise Them

11.1 Your Rights Under PIPEDA

Under PIPEDA, you have the following rights in respect of your personal information held by Helpero:

Right

What It Means

Right of Access

You may request a copy of the personal information we hold about you. We will provide a description of the information, the purposes for which it is held, any third parties with whom it has been shared, and the source of the information, within 30 days of your request.

Right to Correction

You may request that we correct inaccurate, incomplete, or outdated personal information. Where we are unable to make the correction, you may request that a note of the dispute be attached to the relevant information.

Right to Withdraw Consent

Where our processing is based on your consent, you may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing before the withdrawal, and may affect our ability to continue providing the Platform services.

Right to Complaint

You have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) if you believe Helpero has violated your privacy rights. We encourage you to first contact our Privacy Officer to attempt to resolve any concern directly.

Right to Account Deletion

You may request deletion of your Account and associated personal information. See Section 12 for the full account deletion process and the limitations that apply due to legal retention requirements.

11.2 How to Submit a Privacy Request

To exercise any of the rights above, submit a written request to Helpero's Privacy Officer:

Email: privacy@helpero.ca (subject: "Privacy Request — [Your Name]")

Mail: Privacy Officer, Helpero Ltd., 542 Keele Street, Suite 1021, Toronto, Ontario M6N 3E2

To protect your privacy, we may require you to verify your identity before processing any request. We will respond to all access and correction requests within 30 calendar days, as required by PIPEDA. If additional time is required (maximum 30 additional days), we will notify you in writing with an explanation.

11.3 Privacy Commissioner of Canada

If you are not satisfied with Helpero's response to a privacy concern, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada:

Website: www.priv.gc.ca

Toll-free: 1-800-282-1376

Address: 30 Victoria Street, Gatineau, Quebec K1A 1H3

12. Account Deletion and Data Removal

12.1 How to Request Account Deletion

You may request deletion of your Account and associated personal information at any time using one of the following methods:

  • In the App: Navigate to Profile → Settings → Privacy → "Delete My Account" and follow the confirmation steps;

By Email: Send an email to privacy@helpero.ca from your registered email address with subject line "Account Deletion Request".

Upon receiving a valid deletion request, we will acknowledge it within 5 business days and complete the deletion process within 30 days, subject to the retention obligations described below.

12.2 What We Delete

Following an Account deletion request, Helpero will:

  • permanently delete your Account profile, including your name, contact information, profile photograph, and account preferences;
  • remove your saved payment methods (through our payment processor — Helpero does not store full card numbers);
  • delete your Service Request and Booking history from active production systems (subject to anonymization or legal retention requirements);
  • remove your personal information from marketing distribution lists;
  • anonymize or delete reviews you submitted, in accordance with our review management practices.

12.3 What We Retain After Deletion

Notwithstanding a deletion request, Helpero is required or permitted to retain certain information after Account closure:

Data Type

Reason for Retention

Retention Period

Transaction records, invoices, and payment history

Canadian financial regulations (Income Tax Act; HST/GST compliance)

7 years

Complaint, dispute, and chargeback records

Legal proceedings; regulatory obligations; insurance claims

5 years from resolution

Fraud, safety, and ban records

Prevention of re-registration by banned users; platform integrity

Duration of ban / indefinite for serious conduct

Legal hold records

Active or anticipated legal proceedings

Duration of legal hold

Anonymized aggregate data

Research, analytics, and platform improvement; cannot identify individuals

Indefinite

Retained data is strictly limited to legal compliance purposes and is not used for marketing, profiling, or Platform operations unrelated to the stated retention purpose.

13. Data Retention

13.1 Retention Principles

Helpero retains personal information only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, regulatory, or contractual requirements. When personal information is no longer required, we securely delete, destroy, or anonymize it.

13.2 Retention Schedule

Data Category

Purpose of Retention

Retention Period

Account registration data

Account management; identity verification; ongoing service relationship

Duration of active Account + 7 years from closure

Booking and service request records

Service delivery; dispute resolution; quality assurance; tax compliance

7 years from booking date

Payment transaction records

Financial compliance; tax reporting; dispute and chargeback records

7 years (Income Tax Act requirements)

Service Provider onboarding data (identity, licences, insurance, screening)

Verification; regulatory compliance; legal proceedings

Duration of active registration + 7 years

Communications (in-app messaging, support emails)

Customer support; dispute resolution; quality assurance

3 years from last interaction

Complaint, dispute, and investigation records

Legal proceedings; insurance claims; regulatory compliance

5 years from resolution

Reviews and ratings

Platform integrity; public marketplace record

Duration of Account existence; anonymized or deleted on account deletion

Marketing consent records

CASL compliance; proof of consent

Until consent withdrawn + 2 years

Analytics and usage logs

Platform improvement; security monitoring

90 days to 24 months depending on log type

Security and fraud logs

Fraud detection; incident response; legal proceedings

12 months for standard logs; 7 years for fraud records

Device and technical data

Support and troubleshooting; security

90 days

14. Security Safeguards

14.1 Our Security Measures

Helpero implements appropriate technical and organizational security measures to protect personal information against unauthorized access, use, disclosure, alteration, or destruction. Our security practices include:

  • Transport Layer Security (TLS/SSL) encryption for all data transmitted between users and the Platform;
  • Encryption at rest for sensitive data stored on Platform servers;
  • Strict access controls limiting employee access to personal information on a need-to-know basis;
  • Multi-factor authentication for administrative Platform access;
  • Regular security reviews, vulnerability assessments, and penetration testing;
  • Employee privacy and data security training;
  • Contractual security obligations imposed on all third-party processors;
  • Incident response and breach notification procedures.

14.2 Your Security Responsibilities

While Helpero takes reasonable steps to protect your personal information, no security system is perfectly impenetrable. You are responsible for:

  • keeping your Account password confidential and not sharing it with others;
  • using a strong and unique password for your Helpero Account;
  • logging out of the App when using shared or public devices;
  • notifying Helpero immediately at privacy@helpero.ca if you become aware of any unauthorized use of your Account or suspected breach of your credentials.

14.3 Security Breach Notification

In the event of a security breach affecting your personal information that creates a real risk of significant harm to you, Helpero will comply with its obligations under PIPEDA's Breach of Security Safeguards Regulations, including:

  • notifying the Office of the Privacy Commissioner of Canada as soon as feasible after determining a reportable breach has occurred;
  • notifying all affected individuals as soon as feasible, in direct form where possible, with a description of the breach, the information involved, the steps Helpero has taken, the steps you can take to protect yourself, and our contact information;
  • maintaining a record of all security breaches for a minimum of 24 months as required by the Regulations.

BREACH NOTIFICATION

If you believe that your Helpero Account has been accessed without your authorization, or that your personal information held by Helpero may have been compromised, contact our Privacy Officer immediately at privacy@helpero.ca or by phone. We take all security reports seriously and will investigate promptly.

15. Cross-Border Data Processing and Cloud Hosting

15.1 Where Your Information Is Processed

Helpero is a Canadian company and operates primarily within Canada. However, some of the third-party service providers we use to operate the Platform — including cloud hosting providers, payment processors, analytics providers, and communication tools — may process or store personal information on servers located outside of Canada, including in the United States and other countries.

15.2 Your Consent to Cross-Border Transfer

By using the Platform and providing personal information, you consent to the transfer, storage, and processing of your personal information in jurisdictions outside of Canada where our service providers operate. We recognize that these jurisdictions may have different privacy laws than Canada, and that personal information transferred internationally may be subject to the laws of the destination country, including laws permitting access by foreign government authorities.

15.3 Safeguards for Cross-Border Transfers

Where personal information is transferred outside of Canada, Helpero takes the following steps to protect it:

  • we require all international processors to comply with our data protection requirements by contract;
  • we select service providers that operate under recognized privacy frameworks or have implemented appropriate safeguards;
  • we limit the types and volumes of personal information transferred internationally to what is strictly necessary for the purpose;
  • we conduct due diligence on international processors' security practices as part of our vendor management process.

PIPEDA AND INTERNATIONAL TRANSFERS

Under PIPEDA, when personal information is transferred to a third party (including across borders) for processing, Helpero remains accountable for the protection of that information and must use contractual or other means to ensure comparable protection. Helpero's contracts with international processors reflect this accountability standard.

16. Children's Privacy

The Helpero Platform is intended for use by adults who are at least 18 years of age. Helpero does not knowingly collect personal information from individuals under the age of 18. Account registration requires confirmation that the registrant is at least 18 years old, and Bookings may not be placed by persons under 18.

If you believe a child under 18 has provided personal information to Helpero without appropriate consent, or that a minor has registered an Account, please contact us immediately at privacy@helpero.ca. Upon receiving such a report, we will take prompt steps to verify the report and, where confirmed, to delete the relevant personal information and close the Account.

Where a minor may be present at the Service Address during a service, Customers are required by the Customer Terms and Conditions to ensure a responsible adult (aged 18 or older) is present throughout. Helpero does not collect or process any personal information directly from or about minors in the course of service delivery.

17. Business Transfers, Mergers, and Acquisitions

Helpero is a growing company and may in the future pursue mergers, acquisitions, corporate restructurings, financings, or the sale of all or a substantial portion of its business or assets. In connection with any such transaction:

  • personal information held by Helpero may be disclosed to prospective purchasers or investors as part of due diligence, subject to appropriate confidentiality obligations;
  • personal information may be transferred to a successor entity as part of the completion of a transaction;
  • Helpero will take reasonable steps to ensure that any personal information transferred to a successor receives protection equivalent to the standards described in this Policy;
  • if personal information is to be used in a materially different manner by a successor, affected individuals will be notified as required by applicable law and given the opportunity to withdraw consent where required.

In the event of Helpero's insolvency or bankruptcy, personal information may be treated as a business asset subject to applicable insolvency law. Helpero will comply with applicable legal requirements in such circumstances.

18. Changes to This Policy

Helpero reviews and updates this Privacy Policy periodically to reflect changes in our privacy practices, the law, or our Platform's features and operations. When we make changes:

  • the updated Policy will be posted on the Platform with a revised effective date;
  • for material changes — changes that meaningfully affect how we collect or use your personal information we will notify you by email or through the Platform before the changes take effect.

19. Privacy Officer and Contact Information

19.1 Our Privacy Officer

Helpero has designated a Privacy Officer who is responsible for Helpero's compliance with this Policy and applicable Canadian privacy law. The Privacy Officer oversees the handling of personal information, responds to access and correction requests, investigates privacy complaints, and ensures that Helpero's privacy practices remain aligned with PIPEDA and other applicable requirements.

19.2 How to Reach Us

Contact Details
Privacy Officer Helpero Ltd.
Mailing Address 542 Keele Street, Suite 1021, Toronto, Ontario M6N 3E2, Canada
Privacy Inquiries privacy@helpero.ca
General Support support@helpero.ca
Legal Notices legal@helpero.ca
Website helpero.ca/privacy

19.3 How We Handle Privacy Complaints

If you have a concern about how Helpero has handled your personal information, please contact our Privacy Officer using the details above. Your complaint will be:

  • acknowledged within 5 business days;
  • investigated by the Privacy Officer or a designated staff member with appropriate privacy expertise;
  • responded to in writing with our findings within 30 days, or within a longer period as agreed or required by law;
  • escalated to senior leadership if the Privacy Officer determines the matter warrants further review.

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or by calling 1-800-282-1376 (toll-free).

19.4 Privacy Commissioner of Canada

The Office of the Privacy Commissioner of Canada is the independent federal authority responsible for overseeing compliance with PIPEDA. You may contact them at:

Website: www.priv.gc.ca

Toll-Free: 1-800-282-1376

Address: 30 Victoria Street, Gatineau, Quebec K1A 1H3

20. Dedicated Specialist (Service Provider) Privacy

20.1 Why Specialist Data Requires Special Attention

Service Providers (Specialists) provide Helpero with significantly more personal information than Customers. This is necessary to verify identity, confirm professional qualifications, ensure insurance coverage, and maintain the safety and trust of the Platform. This Section explains specifically how Specialist information is collected, used, stored, and disclosed, supplementing the general provisions in Sections 2, 4, 5, and 13.

20.2 Categories of Specialist Information

The following categories of personal information are collected from Service Providers during onboarding and throughout their active engagement on the Platform:

Category Details
Identity Documents Government-issued photo identification verified through a third-party identity verification provider. Helpero receives a verification outcome and retains document type and expiry metadata. Full document images are held by the verification provider under their own privacy policy.
Background Screening Records Consent records and screening outcome results (pass/fail) from Helpero’s background-check provider. Detailed screening reports are retained by the provider, not Helpero.
Insurance Documents Certificates of insurance including policy number, provider name, coverage type and amounts, effective and expiry dates, and named insured details.
Trade Licences and Certifications Licence type, issuing authority, licence number, expiry date, and copies of trade qualifications and training credentials as required by service category.
Ratings and Reviews Customer ratings and written reviews received following completed Bookings. These form part of the Specialist’s public profile on the Platform.
Service History and Performance Data Booking acceptance and completion rates, response times, cancellation records, complaint records, and deactivation history where applicable.

20.3 Permitted Uses of Specialist Information

Specialist personal information is used only for the following purposes:

  • onboarding verification and eligibility assessment for the Platform;
  • ongoing licence, certification, and insurance compliance monitoring;
  • matching Specialists with Customer service requests;
  • payment disbursements and associated tax reporting (T4A);
  • performance monitoring, quality assurance, and complaint resolution;
  • fraud prevention, safety investigations, and deactivation reviews;
  • legal and regulatory compliance, including responding to government or court demands;
  • defending or pursuing legal claims.

20.4 Storage and Security of Specialist Documents

Identity documents, insurance certificates, and licence copies are stored on encrypted cloud servers with strict access controls. Access is limited to Helpero personnel with a legitimate operational need (onboarding review, compliance verification, or dispute resolution). Specialist documents are not shared with Customers and are not used for marketing or profiling unrelated to Platform operations.

20.5 Specialist Licence and Insurance Verification Consent

By registering as a Service Provider, you expressly authorize Helpero to verify your licences, certifications, insurance coverage, regulatory standing, and professional qualifications directly with insurers, regulators, licensing authorities, and professional bodies at any time during your registration or while you are active on the Platform. Helpero may also conduct periodic re-verification to confirm continued compliance.

20.6 Retention of Specialist Data

Specialist onboarding data, including identity verification records, licence and insurance documents, and background screening outcomes, are retained for the duration of active Platform registration plus seven (7) years following deregistration or account closure. Performance and activity data are retained for seven (7) years from the relevant booking date. See the full retention schedule in Section 13.

21. Data Breach Response Framework

21.1 What Constitutes a Privacy Breach

A privacy breach occurs when personal information is accessed, used, disclosed, copied, modified, or disposed of without authorization, or is lost in circumstances where unauthorized access is reasonably likely. This includes accidental disclosures, unauthorized employee access, external cyberattacks, and loss of devices containing personal information.

21.2 Internal Reporting and Escalation

Any Helpero employee, contractor, or service provider who discovers or suspects a privacy breach must report it to the Privacy Officer immediately and in any event no later than twenty-four (24) hours of discovery. The Privacy Officer will escalate the report to senior leadership and legal counsel within the same period where the breach may be material.

21.3 Investigation Procedures

Upon receiving a breach report, Helpero will:

  • immediately contain the breach and prevent further unauthorized access where possible;
  • assess the scope of the breach, including the nature of the information involved and the number of affected individuals;
  • determine whether the breach creates a real risk of significant harm to any affected individual;
  • document all investigative steps taken and findings in a written breach record;
  • engage external cybersecurity or legal counsel as required by the circumstances.

21.4 Regulatory Notification

Where Helpero determines that a breach creates a real risk of significant harm to any affected individual, Helpero will notify the Office of the Privacy Commissioner of Canada as soon as feasible after making that determination, as required by PIPEDA’s Breach of Security Safeguards Regulations. Breach reports to the OPC will include: a description of the breach, the type of personal information involved, the number of affected individuals, an account of the steps taken to address the breach, and Helpero’s contact information.

21.5 Individual Notification

Where a breach creates a real risk of significant harm to an affected individual, Helpero will notify that individual directly as soon as feasible. Notification will be provided by email to the registered address or by other direct means where possible. Notifications will include: a description of what happened; the type of personal information involved; the steps Helpero has taken to address the breach; the steps the individual can take to protect themselves; and the Privacy Officer’s contact information.

21.6 Breach Records

Helpero maintains a written record of all security breaches, regardless of whether they meet the threshold for regulatory or individual notification. Breach records are retained for a minimum of twenty-four (24) months as required by the Breach of Security Safeguards Regulations. Breach records are reviewed periodically by the Privacy Officer to identify patterns and improve safeguards.

22. Automated Decision-Making and Algorithmic Processing

22.1 Overview

Helpero uses automated systems and algorithms to support certain Platform functions. The following discloses the nature, purposes, and potential impacts of automated processing that may affect users.

22.2 Automated Functions on the Platform

Function Description
Job Allocation and Matching Automated algorithms match Service Requests with available and qualified Specialists based on service category, geographic proximity, availability, and Platform performance data. No manual review occurs for each individual match.
Search Ranking and Visibility Specialist profiles may be ranked in search results based on ratings, review volume, response rates, completion history, and Platform activity. These factors may affect how frequently a Specialist receives Booking offers.
Fraud Detection Automated systems monitor Platform activity for patterns consistent with fraud, abuse, or policy violations. Flagged accounts may be temporarily restricted pending manual review.
Deactivation Reviews Automated systems may flag Specialist accounts for deactivation review based on sustained low ratings, high cancellation rates, or complaint frequency. Flagged accounts are reviewed by Helpero personnel before any final deactivation decision is made.
Pricing and Fee Calculations Service fees and Specialist payouts are calculated algorithmically based on service type, duration, and applicable rate schedules.

22.3 Your Rights Regarding Automated Processing

Helpero does not make fully automated decisions that produce legal effects or similarly significant impacts on individuals without human review. Where an automated system flags an account for deactivation or restricts Platform access, a Helpero staff member reviews the matter before a final decision is confirmed. You may contact privacy@helpero.ca to request information about how automated processing may have affected your account.

23. Third-Party Security Limitations and Liability

Helpero implements the security safeguards described in Section 14. However, Helpero relies on third-party infrastructure, services, and devices that are outside Helpero’s direct control. Helpero is not responsible for security failures, data breaches, or unauthorized access caused by or attributable to:

  • telecommunications providers, internet service providers, or mobile network operators transmitting data to or from the Platform;
  • cloud hosting, storage, or infrastructure providers processing or storing Platform data on Helpero’s behalf;
  • payment processors, financial institutions, or banking infrastructure processing payments or disbursements;
  • Customer devices (mobile phones, computers, tablets) used to access the Platform, including device loss, malware, or unauthorized access to the device;
  • Specialist devices used to access the Platform or to store Customer information received through the Platform;
  • third-party analytics, communications, or marketing platforms connected to the Platform;
  • any party acting outside the scope of their contractual obligations to Helpero.

Where a breach originates with a third-party provider, Helpero will take all reasonable steps within its control to contain the breach, notify affected individuals in accordance with Section 21, and assist in any regulatory investigation. Helpero’s liability in such circumstances is limited to the extent permitted by applicable law.

24. Photo, Video, and Document Retention

24.1 Types of Visual and Document Content Stored

The Platform may store the following categories of photographs, videos, and document images:

Category Description
Before-and-After Service Photos Photographs uploaded by Customers or Specialists in connection with a service, documenting conditions before and after work is performed.
Damage Evidence and Dispute Documentation Photographs or videos submitted in connection with a dispute, complaint, insurance claim, or quality concern.
Identity Verification Images Photographs of government-issued identification documents and profile photographs, collected during Specialist onboarding and managed through Helpero’s identity verification provider.
Profile Photographs Profile images uploaded by Customers and Specialists for display within the Platform.
Service Documentation Any other photographs, videos, or document scans uploaded by users in connection with a Booking, onboarding, or support process.

24.2 Permitted Uses

Visual content and document images are used only for the following purposes:

  • facilitating the service described in the relevant Booking;
  • resolving disputes, complaints, or insurance claims arising from a Booking;
  • verifying Specialist identity and credentials during onboarding and periodic re-verification;
  • supporting legal proceedings or regulatory investigations;
  • platform quality assurance and safety monitoring.

Visual content is not used for advertising, profiling, marketing, or disclosure to third parties outside the stated purposes.

24.3 Retention Periods

Category Retention Period
Before-and-after service photos (non-disputed) 3 years from the Booking date, then securely deleted.
Dispute and complaint evidence photos/videos 5 years from resolution of the dispute or complaint, then securely deleted.
Identity verification images (Specialist onboarding) Retained by the identity verification provider per their policy; Helpero retains verification outcome metadata for the duration of Specialist registration plus 7 years.
Profile photographs Retained for the duration of Account existence; deleted within 30 days of Account deletion request.
Insurance and licence document images Duration of active Specialist registration plus 7 years from deregistration.

24.4 Deletion Procedures

At the end of the applicable retention period, visual content and document images are securely deleted from Helpero’s systems using industry-standard data destruction methods. Where content is stored by a third-party provider (such as a cloud storage service), Helpero issues deletion instructions to the provider at the end of the applicable retention period and confirms deletion in writing where feasible.

25. Legal Basis for Processing Personal Information

Helpero processes personal information on the basis of one or more of the following legal grounds. This Section provides a framework for understanding the legal basis that applies to each category of processing activity.

Legal Basis Description
Consent Where you have provided express consent to a specific processing activity — for example, marketing communications, use of non-essential cookies, or disclosure to a specific third party. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Contractual Necessity Where processing is necessary to perform the contract between Helpero and the user — for example, processing payment information to complete a transaction, sharing the Service Address with the matched Specialist to enable service delivery, or maintaining Account records.
Legal Obligation Where processing is required by applicable law — for example, retaining financial records under the Income Tax Act, reporting notifiable breaches to the Office of the Privacy Commissioner of Canada under PIPEDA’s Breach of Security Safeguards Regulations, or complying with court orders.
Fraud Prevention and Safety Where processing is necessary to prevent, detect, or investigate fraud, abuse, unauthorized access, or safety risks to users or the Platform.
Legitimate Business Interests Where processing is necessary for Helpero’s legitimate operational interests and those interests are not overridden by the individual’s privacy rights — for example, Platform improvement through aggregated analytics, quality assurance through ratings and reviews, or legal defence of claims.

For any specific processing activity where you wish to understand the legal basis that applies, you may contact the Privacy Officer at privacy@helpero.ca. The legal basis for each category of processing is also reflected in the table in Section 4.

END OF PRIVACY POLICY

Helpero Ltd. · Ontario Corporation No. 1001518296 · Version 2.0 · Effective July 1, 2026

542 Keele Street, Suite 1021, Toronto, Ontario M6N 3E2 · privacy@helpero.ca · helpero.ca/privacy

This document should be reviewed by a qualified Ontario privacy lawyer before public deployment.