Privacy Policy

Last updated: March 31, 2026
1. Who We Are

Trickls ("we," "us," "our") operates the trickls.com website and browser extension. We are committed to protecting your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and all other applicable privacy legislation.
2. Information We Collect

Account information: Email address, display name, and password (hashed). If you sign in with Google or Facebook, we receive your name, email, and profile photo from those services.

Extension activity: When you visit any website, the extension checks the domain against our supported merchant list. This check is not logged or associated with your account. We record clicks only when you activate the Trickls donation banner at checkout. We do not track your general browsing history, keystrokes, or mouse activity.

Transaction data: Merchant name, purchase amount (when reported by the affiliate network), commission earned, and donation amounts.

Technical data: Browser type and user agent (submitted with feedback only), IP address (logged by our hosting provider for security).

What we do NOT collect: Payment card numbers, bank account details, Social Security/SIN numbers, browsing history on non-merchant sites, personal files, or location data.
3. How We Use Your Information

We use your information solely to: operate your account, track affiliate commissions, distribute donations to your chosen charities, display your impact dashboard, send transactional emails (password resets, verification codes), and improve our service. We do not use your data for behavioral advertising or profiling.
4. Consent

By creating an account, you consent to the collection and use of your information as described in this policy. You may withdraw consent at any time by deleting your account. For commercial electronic messages, we obtain express opt-in consent as required by Canada's Anti-Spam Legislation (CASL). You can unsubscribe from any email at any time.
5. Third-Party Services

We share limited data with the following third parties, each of which processes data under their own privacy policies:

Affiliate networks (Skimlinks): To track and attribute commissions from your purchases.
Every.org: To disburse charity donations. We share the charity name, donation amount, and batch reference — not your personal information.
SendGrid: To deliver transactional emails (password resets, verification codes). We share your email address and the email content necessary for delivery (e.g., your display name and verification codes).
Google/Facebook: If you use OAuth sign-in, these services provide us your name, email, and profile photo.


We do not sell, rent, or trade your personal information to any third party for marketing purposes.
6. Data Security

Passwords are hashed using bcrypt with 12 rounds. All API communication uses HTTPS/TLS encryption. Login sessions expire after 7 days. Two-factor authentication via email is available. Password reset tokens are stored as SHA-256 hashes. Database access is restricted and connections are encrypted.
7. Cookies and Local Storage

We use browser localStorage to store your login session token. The browser extension uses chrome.storage to store your session token, basic profile information, and preferences locally. We do not use third-party tracking cookies, analytics pixels, or fingerprinting technologies.
8. Data Retention

We retain your account data for as long as your account is active. If you delete your account, your personal data is permanently removed. Anonymized transaction records (with identifying details such as merchant names and URLs stripped) may be retained for accounting and tax compliance.
9. Your Rights

All users: You can access, update, or delete your personal information at any time through the Settings page. Account deletion permanently removes your personal data. Anonymized financial records may be retained for compliance.

PIPEDA (Canada): You have the right to access your personal information, challenge its accuracy, and withdraw consent. To make a request, email privacy@trickls.com.

GDPR (EU/EEA): You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. To exercise these rights, email privacy@trickls.com.

CCPA/CPRA (California): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To make a request, email privacy@trickls.com.

Quebec (Law 25): You have the right to access, rectify, and delete your personal information. We designate our privacy contact as the person responsible for the protection of personal information.
10. Data Breach Notification

In the event of a data breach that poses a real risk of significant harm, we will notify the Office of the Privacy Commissioner of Canada (OPC) and affected individuals as required by the Digital Privacy Act and PIPEDA. We will also notify relevant authorities under GDPR and CCPA where applicable.
11. International Data Transfers

Your data may be processed on servers located outside of Canada. We ensure that any international transfers comply with applicable data protection laws and that appropriate safeguards are in place.
12. Children's Privacy

Trickls is not directed at children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
13. Accessibility

We strive to make this privacy policy accessible to all users, including those using assistive technologies. If you have difficulty accessing this policy, please contact us.
14. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email. Continued use of the service after changes constitutes acceptance of the updated policy.
15. Contact

For privacy inquiries, data access requests, or complaints: privacy@trickls.com

Office of the Privacy Commissioner of Canada: www.priv.gc.ca