Skip to content Skip to footer
(942) 68-TRUST
Get started
Get started

Guardit Privacy Policy

Close

Guardit App Privacy Policy

(Operational, Identity Verification, Payments, Compliance)

Effective Date: February 19 2026
Last Updated: February 19 2026
Operated by: CanTrust Security Ltd. (“CanTrust,” “we,” “us,” “our”)

This GuardIt Privacy Policy applies to the GuardIt mobile and web application (the “Platform”), operated by CanTrust Security Ltd.

GuardIt facilitates identity verification, guard onboarding, shift management, operational tracking, client bookings, and payment processing.

This policy does not apply to casual visitors of the corporate website.

We comply with applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Scope

This policy applies to:

  • Security guards using GuardIt

  • Business clients booking guards

  • Administrators and authorized personnel

  • Individuals undergoing identity verification

  • Users accessing payment services through the Platform

2. Information We Collect

A. Account Information

  • Legal name

  • Email address

  • Phone number

  • Date of birth

  • Address (where required)

  • Profile photo (if required)

B. Licensing & Compliance Information

  • Security guard licence number

  • Licence expiry date

  • Licence validation status

  • Compliance confirmations

  • Training acknowledgements

C. Identity Verification (KYC) & Biometric Data

To protect against fraud and account misuse, we may collect:

  • Government-issued ID images

  • Facial liveness verification data

  • Device authentication signals

  • Re-authentication data during shift check-in

Biometric data is used strictly for identity authentication and platform security.

D. Location Data

If enabled:

  • GPS location at shift check-in/check-out

  • Location verification signals for deployment integrity

  • Device-level fraud detection signals

Location collection is limited to operational integrity and fraud prevention.

E. Payment & Financial Information

Where payment services are enabled:

  • Bank account details

  • Transaction history

  • Payout preferences

  • Billing information

  • Wallet balances

  • Payment identifiers required by financial institutions

Payment services may be provided by regulated financial institutions and payment processors.

F. Tax Reporting Information

Where required for tax reporting (e.g., T4A issuance):

  • Social Insurance Number (SIN)

SIN is collected only where legally required and is not used as a general identifier.

G. Operational & Performance Data

  • Shift assignments

  • Attendance confirmations

  • Ratings and reviews

  • Cancellation history

  • Incident reports

  • Administrative audit logs

3. How We Use Information

We use information to:

  • Verify identity and prevent fraud

  • Validate licensing compliance

  • Facilitate guard bookings

  • Enable shift check-in/out

  • Process client payments and guard payouts

  • Calculate and collect platform fees

  • Issue tax reporting documentation

  • Detect suspicious or fraudulent activity

  • Maintain insurance and compliance records

  • Improve platform performance

  • Resolve disputes and incidents

4. Legal Basis for Processing

We process personal information based on:

  • Contractual necessity

  • Legal obligations (tax, compliance)

  • Consent (where applicable)

  • Legitimate business interests (security, fraud prevention)

Sensitive data (e.g., biometrics, SIN) is subject to heightened safeguards.

5. Information Sharing

We do not sell personal information.

We may share information with:

  • Identity verification providers

  • Payment processors (including Zum Rails)

  • Financial institutions

  • Hosting and cloud providers

  • Security and fraud detection vendors

  • Legal or regulatory authorities when required

Clients may see limited guard information necessary to deliver services.

6. Data Security

We implement appropriate safeguards, including:

  • Encryption in transit (TLS)

  • Encryption at rest for sensitive data

  • Role-based access control

  • Multi-factor authentication (where applicable)

  • Administrative audit logging

  • Segregation of sensitive datasets (e.g., SIN, banking data)

No system guarantees absolute security, but we maintain commercially reasonable safeguards.

7. Data Retention

We retain data only as long as necessary for operational, compliance, and legal purposes.

Typical retention periods:

  • Tax and financial records: 6–7 years

  • Payout and transaction data: 6–7 years

  • Incident and liability records: as required for insurance

  • Identity verification results: retained as necessary for fraud prevention

  • Location logs: retained in minimized form

Data is securely deleted or anonymized when no longer required.

ADDENDUM A

PAYMENT SERVICES ADDENDUM (ZUM RAILS)

GuardIt may utilize regulated financial institutions and payment service providers, including Zum Rails, to facilitate:

  • EFT payouts

  • Interac transfers

  • Wallet services

  • Accounts payable and receivable processing

  • Instant payout rails

Information shared may include:

  • Legal name

  • Date of birth (where required)

  • Banking information

  • Transaction details

  • Business identifiers

Payment providers may:

  • Conduct risk assessments

  • Apply transaction limits

  • Implement hold periods

  • Request additional documentation

  • Monitor for suspicious activity

These activities are undertaken in accordance with Canadian financial regulations.

ADDENDUM B

BIOMETRIC IDENTITY VERIFICATION DISCLOSURE

Biometric verification may be used for:

  • Onboarding identity confirmation

  • Fraud prevention

  • Account sharing prevention

  • Secure shift check-in

Biometric processes may include:

  • Facial liveness detection

  • Document-to-selfie comparison

  • Re-authentication triggers

Biometric data:

  • Is used solely for identity verification

  • Is not sold or used for marketing

  • Is retained only as necessary for security and compliance

Users who decline biometric verification may not access certain platform features.

ADDENDUM C

DATA RESIDENCY & CANADA-ONLY HOSTING DISCLOSURE

GuardIt is hosted on infrastructure located exclusively within Canada.

All primary production data, including:

  • User account information

  • Licensing data

  • Payment-related metadata

  • Transaction records

  • Audit logs

  • Sensitive identifiers (including SIN where applicable)

is stored and processed within Canadian data centers.

We select service providers that support Canadian data residency and require contractual safeguards to prevent unauthorized cross-border transfers.

Where a third-party identity verification or payment provider operates infrastructure outside Canada, only the minimum necessary information is shared, and such processing is subject to appropriate contractual protections.

We take reasonable measures to ensure that data residency commitments are maintained unless legally required otherwise.

ADDENDUM D

LIABILITY & INDEMNIFICATION DISCLOSURE

1. User Responsibility

Users are responsible for:

  • Providing accurate and lawful information

  • Maintaining confidentiality of login credentials

  • Securing personal devices used to access GuardIt

GuardIt is not liable for unauthorized access resulting from user negligence, including credential sharing or device misuse.

2. Identity Misrepresentation

Providing false identity, licensing, financial, or tax information (including SIN) may result in:

  • Immediate account suspension

  • Termination of platform access

  • Reporting to appropriate authorities

3. Payment Processing Liability

GuardIt facilitates payment services through regulated financial institutions. Processing delays, holds, or restrictions imposed by financial partners are governed by applicable financial regulations and institutional policies.

GuardIt is not responsible for independent actions taken by regulated payment institutions in compliance with law.

4. Limitation of Liability

To the extent permitted by law, GuardIt shall not be liable for:

  • Indirect or consequential damages

  • Business interruption losses

  • Losses arising from third-party service provider actions

  • Regulatory actions resulting from user-provided misinformation

5. Indemnification

Users agree to indemnify and hold harmless CanTrust Security Ltd., its officers, directors, employees, and partners from claims arising out of:

  • False information provided

  • Violation of laws or regulations

  • Fraudulent conduct

  • Misuse of the Platform

Contact

Privacy Officer
CanTrust Security Ltd.
Email: privacy@youcantrust.ca