TrulyServd
Beta
Privacy Policy

Privacy Policy

Effective Date: 2026-05-07 Last Updated: 2026-05-07

Overview (Plain English)

TrulyServd is a marketplace where homecooks list homemade food and buyers discover and pre-order it. We collect the personal information we need to run the platform — your account details, your messages with other users, technical data about how you use the site, and (for sellers only) a government-issued ID and food handler's certificate so we can verify you. We do not process payments, we do not sell your personal information, and we follow Canada's federal privacy law, PIPEDA (the Personal Information Protection and Electronic Documents Act). This policy explains what we collect, why, who sees it, how long we keep it, and the rights you have over your data.

1. Who We Are

TrulyServd (the "Platform," "we," "us," or "our") is operated by 13809536 Canada Inc. ("the Company"), a Canadian federal corporation. The Platform is accessible at trulyservd.com (the "Site").

  • Privacy Officer (Accountability under PIPEDA): The Company has designated a Privacy Officer responsible for compliance with this policy and PIPEDA.
  • Privacy Officer email: [email protected]
  • Mailing address: 14 Sherrill Ave, Brantford, ON N3V 0C3

This policy applies to all visitors, registered buyers, registered sellers ("homecooks"), and anyone else whose personal information we handle through the Site.

Plain English Summary

TrulyServd is run by a Canadian company called 13809536 Canada Inc. We have a Privacy Officer who is responsible for protecting your data — you can reach them at [email protected]. This policy applies to everyone who uses the Site, whether you are buying, selling, or just browsing.

2. The Law We Follow

This policy is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private-sector privacy law, and applicable Ontario privacy legislation. PIPEDA is built on ten Fair Information Principles, and this policy is organized around them. Where you reside outside Canada, we still apply PIPEDA standards to your data, and you may have additional rights under your local privacy law.

Plain English Summary

We follow PIPEDA, Canada's main privacy law, plus Ontario rules where relevant. PIPEDA is built on 10 principles, and the rest of this policy walks through how we apply each one.

3. PIPEDA Principle 1 — Accountability

The Company is responsible for the personal information under its control. We have appointed a Privacy Officer who is accountable for our compliance with this policy and with PIPEDA. The Privacy Officer can be reached at [email protected].

We remain responsible for personal information we transfer to third-party service providers (for example, hosting providers and email-delivery vendors) and we use contractual and other means to require those providers to protect your information at a level comparable to what is described here.

Plain English Summary

We take responsibility for your data, even when we hand it to vendors who help us run the Site. Our Privacy Officer is the single point of contact for any privacy question or complaint.

4. PIPEDA Principle 2 — Identifying Purposes

We collect personal information only for purposes we identify to you at or before the time of collection. The purposes for which we collect personal information are:

  1. To create and operate your account (authentication, login, password recovery).
  2. To allow buyers to discover and pre-order from sellers (listings, search, messaging).
  3. To verify the identity of sellers and that they hold a valid food handler's certificate, in order to maintain trust and reduce risk on the Platform.
  4. To enable communication between buyers and sellers through our messaging feature.
  5. To operate, secure, troubleshoot, and improve the Site (technical/log data, fraud prevention, debugging, analytics).
  6. To comply with our legal obligations and to respond to lawful requests.
  7. To send you transactional and service notifications (e.g., account changes, listing approval status, important policy updates).
  8. To send you marketing communications, but only with your express opt-in consent and only where you have not withdrawn that consent.

We do not collect personal information for any purpose other than those listed above without first telling you and obtaining your consent.

Plain English Summary

We are upfront about why we collect each piece of data: to run your account, to let buyers and sellers find and message each other, to verify that sellers are who they say they are, to keep the Site working and safe, to follow the law, and to send you the occasional important email. Marketing emails are opt-in only.

5. PIPEDA Principle 3 — Consent

Your knowledge and consent are required for the collection, use, or disclosure of your personal information, except where PIPEDA permits otherwise (for example, to investigate a breach of agreement, to comply with a subpoena, or in an emergency threatening someone's safety).

5.1 How we obtain consent

  • Express consent — We obtain express consent at sign-up (you must accept our Terms of Service and this Privacy Policy), when sellers upload sensitive identity documents, and when you opt in to marketing emails.
  • Implied consent — For lower-sensitivity uses that you would reasonably expect (for example, using your email to send you a transactional notice about your account), consent may be implied from your continued use of the Site.

5.2 Withdrawing consent

You may withdraw your consent at any time, subject to legal and contractual restrictions and reasonable notice. To withdraw consent:

5.3 Consequences of withdrawing consent

Withdrawing consent for some purposes may mean we can no longer provide parts of the Service to you. For example:

  • If a seller withdraws consent for us to keep a copy of their government-issued ID or food handler's certificate, we will not be able to keep their seller account active, because verified ID and a current food handler's certificate are required to list food on the Platform.
  • If a buyer withdraws consent for us to process their account data, we will close the account and they will lose access to past messages and orders.

We will explain the impact at the time you ask to withdraw consent so you can make an informed decision.

Plain English Summary

You must agree before we collect your data. You can take that agreement back at any time, but doing so may mean we can no longer keep your account open — for example, sellers cannot operate without a verified ID and food handler certificate on file.

6. PIPEDA Principle 4 — Limiting Collection

We collect only the personal information that is necessary for the purposes identified in Section 4. We do not collect indiscriminately, and we use lawful and fair means.

6.1 What we collect

A. Account data (all users)

  • Name — to identify you on the Platform and in messages.
  • Email address — for login, password recovery, transactional notices, and (with consent) marketing.
  • Phone number — for account security, and so sellers and buyers can coordinate pickup/delivery off-platform if they choose.
  • Password — stored only as a salted cryptographic hash. We never store or have access to your plain-text password.
  • Mailing/contact address (sellers, optional for buyers) — for fulfilment coordination and, for sellers, any future regulatory requirement that they identify a kitchen location to local authorities.

B. Seller verification documents (sellers only — sensitive)

  • Government-issued photo ID (e.g., driver's licence, passport) — collected for the sole purpose of verifying that the seller is a real, identifiable person of legal age.
  • Food handler's certificate — collected for the sole purpose of confirming that the seller has completed a recognized food-safety training program, as a regulatory and trust signal.

These documents are sensitive personal information and are subject to enhanced safeguards (see Section 9). They are:

  • Not shared with any third party other than service providers strictly necessary to store and review them.
  • Not sold, licensed, or rented to any party, ever.
  • Not displayed publicly, not shown to other users, and not shown on the seller's public profile.
  • Used only to verify the seller and, if necessary, to investigate a credible safety or fraud concern, or to comply with a lawful order.

C. Listing data (sellers)

Information sellers voluntarily post about their food: titles, descriptions, photos, prices, ingredients, allergen information, dietary tags, availability, pickup/delivery options. This information is public by design — buyers must be able to see it.

D. Messaging history

The content and metadata of messages exchanged between buyers and sellers through the Platform's messaging feature. We retain messages so users can see their history, so we can investigate disputes, and so we can detect abuse.

E. Technical and usage data (collected automatically)

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited, links clicked, time on page, referring URL
  • Cookies and similar technologies (see Section 6.2 below and our Cookie Policy)
  • Server logs (timestamps, error logs, security events)

F. Information from third parties

If you sign in via a third-party identity provider (where supported in the future), we may receive basic profile information (name, email, profile photo) from that provider in accordance with the permissions you grant.

G. Payment data

We do not collect or process payment data. TrulyServd is a listing and discovery marketplace. All payment transactions occur off-platform between buyers and sellers. We never see, store, or transmit credit card numbers, bank account numbers, or other financial account information through TrulyServd.

6.2 Cookies

We use a limited number of essential and analytics cookies. For full details on what cookies we use, why, and how to control them, please see our Cookie Policy.

Plain English Summary

We collect what we need and nothing more: your name, email, phone, and password for everyone; a government ID and food handler certificate from sellers (used only to verify them — never shared, sold, or shown publicly); listings; messages; and technical data like your IP address. We do not handle payments. Cookies are explained in a separate Cookie Policy.

7. PIPEDA Principle 5 — Limiting Use, Disclosure, and Retention

7.1 Use

We use personal information only for the purposes identified in Section 4. We do not repurpose data for unrelated uses without obtaining new consent.

7.2 Disclosure

We disclose personal information only as follows:

  • To service providers who help us run the Site (cloud hosting, database hosting, email delivery, error monitoring, customer support tooling). These providers are bound by contract to protect your data and use it only on our instructions.
  • To other users, but only data you have intentionally made available — for example, your seller name, public profile, and listing details are visible to buyers; the messages you send are visible to the recipient.
  • To law enforcement, regulators, or courts when we are required to disclose under a valid legal order, or where we believe in good faith that disclosure is necessary to protect someone's safety or to investigate fraud or a serious breach of our Terms.
  • In a business transaction — if the Company is involved in a merger, acquisition, financing, or sale of assets, your personal information may be transferred to the successor entity. We will notify you of such a transfer and your choices, where required by law.

We do not sell, rent, license, or trade your personal information for money or other valuable consideration.

We do not participate in advertising networks that profile users across the web, and we do not share your personal information with advertising platforms for targeting.

7.3 Retention

We retain personal information only as long as necessary to fulfil the purposes identified in this policy or as required by law. Default retention periods:

Data category Retention period Reason
Active account data For as long as your account is open To provide the Service
Account data after account closure Up to 24 months after closure Dispute resolution, fraud investigation, legal claims
Seller verification documents (gov ID, food handler certificate) For as long as the seller account is active, plus up to 12 months after deactivation Regulatory and dispute investigation
Messaging history For as long as both parties have active accounts, plus up to 24 months Dispute and abuse investigation
Listing data For as long as the listing is published, plus up to 12 months after delisting Records, dispute resolution
Technical/server logs Up to 12 months Security, abuse detection, debugging
Marketing-consent records Until consent is withdrawn, plus a reasonable period to evidence the withdrawal Compliance with anti-spam and privacy law
Records we are required to keep by law For the period required by the applicable law Legal obligation

When the retention period ends, we securely delete or irreversibly anonymize the data.

Plain English Summary

We use your data only for what we told you, and we share it only with service providers we hire, with users you intentionally interact with, when the law requires it, or in a corporate sale. We never sell your data. We keep data only as long as we need it — generally up to about two years after you leave — then we delete or anonymize it.

8. PIPEDA Principle 6 — Accuracy

We make reasonable efforts to keep personal information as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

You can review and correct most of your information directly in your account settings. If you cannot correct something yourself (for example, a verification document or your registered name), email [email protected] and we will update it after reasonable verification of your identity.

Plain English Summary

We try to keep your data accurate. Most of it you can edit yourself in your account settings. For anything you cannot edit, just email us and we will fix it.

9. PIPEDA Principle 7 — Safeguards

We protect your personal information with security safeguards appropriate to its sensitivity. Our safeguards include:

9.1 Technical safeguards

  • Encryption in transit using HTTPS/TLS for all traffic between your browser and our servers.
  • Encryption at rest for databases and file storage holding personal information, including the dedicated storage used for seller verification documents.
  • Hashed and salted passwords — we never store plain-text passwords.
  • Access controls — only authorized personnel and systems can access personal information, and access is role-based and logged.
  • Network and application security — firewalls, rate limiting, monitoring, and routine patching.

9.2 Organizational safeguards

  • Privacy Officer accountable for the program.
  • Confidentiality obligations on all personnel and contractors.
  • Need-to-know access — staff can only see the personal data necessary for their role.
  • Vendor due diligence and written data-protection terms with service providers.
  • Incident-response procedures in the event of a privacy breach.

9.3 Sensitive document handling (sellers)

Government-issued IDs and food handler certificates receive enhanced safeguards: encrypted storage, restricted access to a small set of trained reviewers, no access by other users, no inclusion in analytics datasets, and shorter post-deactivation retention than other account data.

9.4 Breach notification

If a privacy breach occurs that creates a real risk of significant harm, we will notify the Office of the Privacy Commissioner of Canada and the affected individuals as required by PIPEDA's breach-notification rules, and we will keep records of all breaches as PIPEDA requires.

Plain English Summary

We use industry-standard security: encryption everywhere, hashed passwords, locked-down access, vendor agreements, and an incident response plan. Sensitive seller documents get extra protection. If there's a breach that could seriously harm you, we will tell you and Canada's Privacy Commissioner.

10. PIPEDA Principle 8 — Openness

This Privacy Policy, together with our Cookie Policy and Terms of Service, makes our personal-information practices readily available to you. If you have any question about our practices that is not answered here, contact the Privacy Officer at [email protected] and we will respond.

Plain English Summary

This policy is meant to be clear and public. If anything is unclear, ask us.

11. PIPEDA Principle 9 — Individual Access

You have the right, on written request, to:

  1. Be informed of the existence, use, and disclosure of your personal information.
  2. Access your personal information that we hold.
  3. Request correction of inaccurate or incomplete information.
  4. Request deletion of your personal information, subject to legal and contractual limits (for example, we may need to keep certain transaction or dispute records).

11.1 How to make a request

Send a written request to [email protected] with the subject line "PIPEDA Access Request." We may need to verify your identity before responding to protect your data from unauthorized access.

11.2 Our response

We will respond to your request within 30 days of receiving it, as PIPEDA requires. If we need an extension, we will notify you within the 30-day window and explain why.

We will respond at minimal or no cost to you. If a request is unusually complex or involves a large volume of records and we expect a charge, we will give you an estimate in advance and you can decide whether to proceed.

11.3 When we may refuse access

We may refuse access in the limited circumstances PIPEDA permits — for example, where access would reveal personal information about another individual that cannot be redacted, where the information is subject to solicitor-client privilege, or where disclosure could reasonably be expected to threaten someone's life or security. If we refuse, we will tell you why and tell you about your right to complain (Section 13).

Plain English Summary

You can ask us what data we have on you, get a copy, fix anything that is wrong, or ask us to delete it. We will respond within 30 days. There are a few narrow situations where we cannot give you everything (for example, if it would expose someone else's personal data), and if that happens we will explain why.

12. Data Storage and Residency

All service providers used by TrulyServd to operate the Platform — including cloud hosting, database hosting, email delivery, and error monitoring — store and process personal information within Canada. We do not transfer your personal information outside Canada for storage or processing.

We use contractual safeguards with each service provider to require a level of protection consistent with the standards described in this policy and with PIPEDA.

Plain English Summary

Your data stays in Canada. All of the vendors we use to run the platform store data within Canada.

13. PIPEDA Principle 10 — Challenging Compliance

If you believe we have not handled your personal information in accordance with this policy or with PIPEDA, you can challenge our compliance.

13.1 First step — contact the Privacy Officer

Email the Privacy Officer at [email protected] with a description of your concern. We will investigate and respond. If your complaint is justified, we will take steps to correct the issue, including amending our policies and practices if necessary.

13.2 Second step — Office of the Privacy Commissioner of Canada

If you are not satisfied with our response, you can file a complaint with the Office of the Privacy Commissioner of Canada (OPC):

  • Web: https://www.priv.gc.ca/
  • Phone (toll-free): 1-800-282-1376
  • Mail: Office of the Privacy Commissioner of Canada, 30 Victoria Street, Gatineau, Quebec K1A 1H3

Ontario residents may also have rights under provincial privacy legislation as applicable.

Plain English Summary

If you think we've handled your data badly, tell us first — email the Privacy Officer. If we don't fix it to your satisfaction, you can file a complaint with the Office of the Privacy Commissioner of Canada.

14. Children's Privacy

The Platform is intended for users 18 years of age or older, consistent with our Terms of Service. We do not knowingly collect personal information from anyone under 18. If we discover that a person under 18 has created an account or provided personal information, we will close the account and delete the information promptly.

If you believe a person under 18 has provided personal information to us, please contact [email protected].

Plain English Summary

You must be 18 or older to use TrulyServd. If we find out a minor has signed up, we delete their data and close the account.

15. Marketing Communications and Anti-Spam

We comply with Canada's Anti-Spam Legislation (CASL). We will only send you commercial electronic messages (marketing emails) where you have given your express consent, and every such message will include an unsubscribe link that works for at least 60 days. You can opt out of marketing at any time without affecting your account or transactional notices.

Plain English Summary

Marketing emails are opt-in only and every one has a working unsubscribe link. Opting out of marketing does not close your account or stop important account notices.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

  • We will update the Last Updated date at the top.
  • For material changes (changes that meaningfully affect your rights or how we use your data), we will notify you in advance by email and/or by an in-Site notice, and where the change requires it, we will ask for fresh consent.

Your continued use of the Site after a non-material update constitutes acceptance of the updated policy.

Plain English Summary

We can update this policy. If a change is significant, we will tell you in advance and ask for your consent again where needed.

17. Contact Us

For any privacy question, request, or complaint:

  • Privacy Officer email: [email protected]
  • Mailing address: 14 Sherrill Ave, Brantford, ON N3V 0C3
  • Operating company: 13809536 Canada Inc., operating as TrulyServd

For complaints you cannot resolve with us, see Section 13 for how to contact the Office of the Privacy Commissioner of Canada.