Compliance & Data Protection

How Verifran Protects Your Data and Stays Compliant

Verifran is committed to regulatory compliance, data security, and transparency. This page explains how we handle franchise regulations, anti-spam law, privacy law, and your data.

Independence Declaration

Verifran is an independent platform. We are not affiliated with, endorsed by, or partnered with any franchise brand. We do not receive commissions or referral fees from franchise brands for candidate introductions. Our revenue comes exclusively from franchisor subscriptions. This independence ensures that our FRS assessments and candidate recommendations are unbiased.

1CASL Compliance (Canadian Anti-Spam Legislation)

Verifran fully complies with Canada's Anti-Spam Legislation (S.C. 2010, c. 23). We take CASL seriously because trust is the foundation of our platform.

Express consent only

We never send commercial emails without explicit, opt-in consent. No pre-checked boxes.

Clear sender identification

Every email identifies Verifran as the sender with our contact information and physical address.

Easy unsubscribe

Every commercial email includes a working unsubscribe link. Requests are processed within 10 business days.

Consent records

We maintain timestamped records of when and how consent was obtained for every contact.

2PIPEDA Compliance (Personal Information Protection)

As a Canadian organization, Verifran complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). Our practices align with PIPEDA's 10 fair information principles.

We identify the purpose for collecting information at or before the time of collection

We obtain meaningful consent before collecting, using, or disclosing personal information

We collect only the information necessary for the identified purposes

We retain information only as long as necessary for the stated purpose

We protect personal information with appropriate security safeguards

You can request access to, correction of, or deletion of your personal information at any time

3Data Security Practices

Encryption in transit

All data is transmitted over TLS/SSL encrypted connections. No exceptions.

Encryption at rest

Stored data is encrypted using AES-256. Database backups are also encrypted.

Access controls

Strict role-based access controls limit who can access personal data within our team.

Infrastructure

Hosted on Vercel (application) and Supabase (database) - both SOC 2 Type II compliant.

AI processing

Vera conversations are processed by Anthropic (Claude). Anthropic does not train on user data and deletes inputs after processing.

No data selling

We never sell, rent, or trade personal information. Period.

4Data Anonymization for Industry Research

Verifran may publish aggregated, anonymized FRS data for industry research purposes (e.g., "The average Financial Readiness score of candidates in Ontario is 68/100"). This data:

•Cannot be traced back to any individual candidate
•Is only published when sample sizes are large enough to prevent re-identification
•Never includes email addresses, names, or other identifying information
•Is free to cite with attribution: "Source: Verifran FRS Index"

5Your Rights - Deletion, Portability & Opt-Out

Right to deletion

Request complete deletion of all your personal data, FRS results, and conversation history. We process deletion requests within 30 days.

Right to data portability

Request a copy of all data we hold about you in a machine-readable format (JSON or CSV).

Right to opt out

Unsubscribe from any marketing communications at any time. Transactional emails (e.g., your FRS results) are exempt.

Right to correction

Request correction of any inaccurate personal information we hold about you.

Right to restrict processing

Request that we limit how we use your data while a concern is being investigated.

To exercise any of these rights, email privacy@verifran.com. We respond within 30 days. If you are unsatisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada.

6Canadian Franchise Disclosure Requirements by Province

Disclosure Period

14 days before signing or payment

Rescission Rights

60 days if FDD is deficient; 2 years if no FDD provided

Smallest province with franchise legislation. Requirements align with other regulated provinces.

Provinces without specific franchise legislation

Quebec

No specific law

Relies on Civil Code of Quebec for contract law. Good faith obligations and pre-contractual disclosure under general law.

Saskatchewan

No specific law

No franchise-specific legislation. Common law principles govern franchise relationships.

Nova Scotia

No specific law

No franchise-specific legislation currently. Industry groups have advocated for adoption.

Newfoundland and Labrador

No specific law

No franchise-specific legislation. Federal business law applies.

How Verifran helps franchisors stay compliant

Verifran tracks which provinces your candidates are in and ensures your qualification process meets local disclosure requirements. We provide timestamped records of candidate interactions, consent documentation, and FDD delivery tracking to help you maintain a compliant franchise development process.

Stay compliant as you grow

Verifran is built with compliance at its core. Every interaction is documented, every consent is recorded, and every candidate's rights are respected.

Start finding qualified candidates Read full Privacy Policy

This page is for informational purposes only and does not constitute legal advice. Consult a franchise lawyer for specific compliance guidance.