Matchii Logo
Back to Home

Privacy Policy

Last updated: February 2, 2026

1. Introduction

Matchii ("we," "us," "our"), a platform operated by Brieflly Inc., is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our marketplace platform connecting clients with verified service agencies.

We are incorporated in Toronto, Ontario, Canada, and comply with Canadian privacy laws including the Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Information We Collect

2.1 Information You Provide

Account Registration

  • Personal Identifiers: Name, email address, phone number
  • Authentication: Password (encrypted), or OAuth credentials (Google)
  • User Type: Client or Agency designation

Client Information

  • Project Details: Project descriptions, requirements, budgets, timelines
  • Communication: Messages exchanged with agencies
  • Payment Information: Stripe customer ID, credit balance, transaction history
  • Reviews: Ratings and feedback submitted for agencies

Agency Information

  • Business Details: Company name, business registration number, business email, phone, address
  • Business Verification: Business registration documents, certificates, licenses
  • Team Information: Team size, structure, key personnel
  • Services: Service tracks (A, B, C), sub-services, specializations
  • Pricing: Capacity, rates, project ranges
  • Portfolio: Proof packs, case studies, client references
  • Documents: Uploaded PDFs, images, videos (stored on Google Cloud Storage)
  • Financial: Payout information for commission payments

2.2 Information Automatically Collected

Usage Data

  • Device Information: IP address, browser type, device type, operating system
  • Analytics: Pages visited, time spent, click patterns (via Vercel Analytics)
  • Session Data: Login/logout times, session duration
  • Performance: Page load times, errors encountered

Cookies and Tracking

  • Session Cookies: Authentication tokens (secure, HTTP-only)
  • Analytics Cookies: Vercel Analytics for usage patterns
  • Preference Cookies: Theme settings (light/dark mode), language

2.3 Information from Third Parties

  • Google OAuth: Name, email, profile picture (if you sign in with Google)
  • Stripe: Payment processing status, transaction IDs, customer verification

3. How We Use Your Information

3.1 Platform Operations

  • Create and manage your account
  • Authenticate users and prevent fraud
  • Process project proposals and match clients with agencies
  • Generate AI-powered Statements of Work
  • Facilitate messaging between clients and agencies
  • Manage escrow payments and commission distribution

3.2 Business Verification

  • Verify agency business legitimacy and credentials
  • Review proof packs and portfolio authenticity
  • Conduct compliance checks and vetting
  • Approve or reject agency applications

3.3 AI and Machine Learning

  • OpenAI GPT: Process project descriptions to generate Statements of Work
  • Semantic Matching: Match client projects with suitable agencies using vector embeddings
  • Brief Generation: Power conversational AI for project intake

Note: Your data sent to OpenAI is processed according to OpenAI's data usage policies. We do not use your data to train OpenAI models.

3.4 Communications

  • Send transactional emails (verification, project updates, payment confirmations) via Resend
  • Notify you of project status changes
  • Send service announcements and policy updates
  • Respond to support inquiries

3.5 Analytics and Improvement

  • Analyze platform usage patterns with Vercel Analytics
  • Monitor system performance and errors
  • Improve matching algorithms and AI features
  • Conduct A/B testing for feature optimization

3.6 Legal and Compliance

  • Comply with legal obligations and court orders
  • Enforce our Terms of Service
  • Resolve disputes between users
  • Prevent fraud, abuse, and security threats
  • Maintain audit trail for financial transactions

4. Third-Party Services and Data Sharing

We integrate with the following third-party services that process your data:

4.1 Essential Service Providers

ServicePurposeData Shared
Neon (PostgreSQL)Database hostingAll user data, projects, transactions
Google Cloud StorageFile storageUploaded documents, images, videos
StripePayment processingName, email, payment methods, transaction amounts
OpenAIAI features (SoW generation)Project descriptions, requirements, anonymized context
ResendEmail deliveryEmail addresses, names, email content
Google OAuthAuthenticationName, email, profile picture (if you use Google sign-in)
Vercel AnalyticsUsage analyticsPage views, anonymized user behavior

4.2 Data Processing Agreements

We have data processing agreements with all third-party services to ensure they handle your data securely and in compliance with privacy laws.

4.3 No Third-Party Marketing

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

5. Data Storage and Security

5.1 Data Location

  • Primary Database: Neon PostgreSQL (hosted in Singapore - ap-southeast-1 region)
  • File Storage: Google Cloud Storage (Canada region where possible)
  • Application: Hosted on Google Cloud Run or Vercel

5.2 Security Measures

  • Encryption in Transit: All data transmitted via HTTPS/TLS 1.3
  • Encryption at Rest: Database encryption with AES-256
  • Password Security: Passwords hashed with bcrypt (cost factor 10)
  • Authentication: Secure session tokens, HTTP-only cookies, CSRF protection
  • Access Controls: Role-based permissions (Client, Agency, Admin)
  • Audit Logging: Comprehensive audit trail for sensitive actions

5.3 Data Backups

We maintain automated daily backups of all data with 30-day retention for disaster recovery.

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your account is active and for legitimate business purposes.

6.2 Closed Accounts

  • Personal Data: Deleted within 90 days of account closure
  • Transaction Records: Retained for 7 years for tax and legal compliance
  • Audit Logs: Retained for 7 years for legal and regulatory requirements
  • Anonymized Data: May be retained indefinitely for analytics

6.3 Completed Projects

Project data (briefs, SoWs, messages) is retained for 3 years after completion to support dispute resolution and reference.

7. Your Privacy Rights

7.1 Access and Portability

  • Request a copy of all personal data we hold about you
  • Export your data in machine-readable format (JSON/CSV)

7.2 Correction and Update

  • Update your profile information at any time via dashboard settings
  • Request correction of inaccurate data

7.3 Deletion ("Right to be Forgotten")

  • Request deletion of your account and associated data
  • Note: Transaction records may be retained for legal compliance

7.4 Consent Withdrawal

  • Unsubscribe from marketing emails (via link in email footer)
  • Opt out of analytics cookies (via browser settings)
  • Close your account to stop data processing

7.5 Data Portability

You can request your data in a structured, commonly used format to transfer to another service.

7.6 Lodge a Complaint

If you're unsatisfied with our handling of your data, you may file a complaint with:

  • Office of the Privacy Commissioner of Canada
  • Website: www.priv.gc.ca
  • Phone: 1-800-282-1376

8. Cookies and Tracking Technologies

8.1 Cookie Types

Essential Cookies (Required)

  • Session Token: __Secure-authjs.session-token or authjs.session-token
  • Purpose: Authenticate users, maintain login state
  • Duration: 30 days or until logout

Analytics Cookies (Optional)

  • Vercel Analytics: Anonymized usage tracking
  • Purpose: Understand how users interact with platform
  • Opt-out: Use browser "Do Not Track" setting

8.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies will prevent platform use.

9. Children's Privacy

Matchii is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we discover we've collected data from a minor, we will delete it immediately.

10. International Data Transfers

While we are based in Canada, some of our service providers (OpenAI, Stripe, Vercel) process data in the United States and other jurisdictions. These transfers are conducted under appropriate safeguards including:

  • Standard contractual clauses approved by privacy regulators
  • Data processing agreements with security commitments
  • Encryption in transit and at rest

11. AI and Automated Decision-Making

11.1 AI-Generated Content

We use OpenAI GPT to generate Statements of Work and project recommendations. These are aids, not final decisions:

  • Clients can review and modify AI-generated content before accepting
  • Agency matching uses AI recommendations but client makes final selection
  • No binding contracts are created without explicit human approval

11.2 Human Oversight

Critical decisions (agency approval, dispute resolution, payment release) involve human review by our team.

12. Business Transfers

If Matchii is involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice and ensure the acquiring party honors this Privacy Policy.

13. Updates to This Policy

We may update this Privacy Policy periodically. Changes will be posted with a new "Last updated" date. Material changes will be communicated via email or prominent platform notice.

14. Contact Us

For questions, concerns, or to exercise your privacy rights, contact us:

  • Email: info@matchii.ai
  • Data Protection Officer: info@matchii.ai
  • Mailing Address: Brieflly, Toronto, Ontario, Canada

We will respond to privacy requests within 30 days as required by PIPEDA.

15. Consent

By using Matchii, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. You may withdraw consent at any time by closing your account, though some data may be retained for legal compliance.