Apply Now

Privacy & Security

Your trust is our priority. Your information is protected every step of the way.

At CornerStone Financial, your privacy isn’t just a policy—it’s a foundational part of how we do business. We understand that when you share personal and financial information with us, you’re placing your trust in our hands. That’s a responsibility we take very seriously.

We are fully committed to protecting your information through robust security protocols, transparent data practices, and strict adherence to Canadian privacy laws and financial industry regulations. Whether you’re applying for a loan, uploading documents, or simply browsing our website, every step is secured by industry-grade technology and ethical data handling standards.

Our goal is simple: to give you peace of mind by ensuring that your personal data remains safe, confidential, and never misused—because trust should be earned, not assumed.

1. Information We Collect

We only collect the personal information that is necessary to evaluate your eligibility, process your loan application, and provide you with continued service and support. We believe in minimal data collection and only ask for details that are directly relevant to your financial needs and regulatory compliance.

The types of information we may collect include:

  • Full name and contact information
  • Government-issued photo identification
  • Employment and income details
  • Bank account and transaction history
  • Government-issued photo ID (such as a driver’s license or passport)
  • Other documentation needed to verify identity or financial standing
  • Credit score and financial data (only when authorized)

 

We may also collect limited technical information when you interact with our website (such as IP address, browser type, and pages visited) to help us protect your account and improve our platform’s performance and security.

All data is collected in accordance with applicable laws and used solely for legitimate business purposes. We do not engage in data harvesting, profiling for marketing resale, or any unauthorized third-party sharing.

2. How We Protect Your Data

All data you share with CornerStone Financial is safeguarded using multiple layers of advanced digital and physical security protocols. Our infrastructure is designed to ensure that your personal and financial information remains protected at every stage of your interaction with us—from application to repayment.

Here’s how we keep your information safe:

  • SSL Encryption (256-bit Secure Socket Layer): Every session on our website is protected by industry-standard 256-bit SSL encryption. This ensures that all data transmitted between your browser and our servers is fully encrypted and unreadable to unauthorized parties, including during form submissions, logins, and document uploads.
  • Secure Data Storage: All client data is securely stored on servers located in access-controlled environments. These servers are equipped with firewalls, intrusion detection systems, and encryption at rest to ensure that your information cannot be tampered with or accessed by unauthorized users—even internally.
  • Role-Based Access Controls (RBAC): Only authorized team members with a verified need-to-know can access sensitive client data. Each access level is carefully monitored and logged to ensure accountability and traceability, and access permissions are reviewed regularly.
  • Automatic Session Timeouts & Fraud Monitoring: To prevent unauthorized access through unattended sessions, our platform includes automatic logout features. Additionally, our fraud prevention tools actively monitor for suspicious activity and flag inconsistencies for review.

 

At CornerStone Financial, protecting your data is not a one-time measure—it’s an ongoing commitment. We stay up to date with evolving cybersecurity practices and remain vigilant in monitoring, testing, and improving our systems to uphold the trust you place in us.

3. Regulatory Compliance

CornerStone Financial operates in full compliance with Canadian federal and provincial privacy laws, lending regulations, and industry best practices. We are committed to maintaining the highest standards of accountability, data protection, and ethical lending throughout every aspect of our business.

Here’s how we ensure our operations meet legal and regulatory expectations:

  • PIPEDA (Personal Information Protection and Electronic Documents Act): We comply fully with PIPEDA, the federal privacy law that governs how businesses in Canada collect, use, and disclose personal information. We only collect information that is necessary for the services we provide, obtain client consent before using or sharing personal data, and allow clients to access or correct their information at any time.
  • Provincial Consumer Protection Legislation: We adhere to the lending and disclosure requirements set by each province in which we operate. This includes respecting maximum allowable interest rates, clear fee disclosures, and client rights to cancellation or repayment options as defined by legislation
  • PCI DSS Compliance (Payment Card Industry Data Security Standard): For any payment processing activities, we ensure compliance with PCI DSS standards to safeguard credit card information. All payment data is handled through secure, certified third-party processors to eliminate risk and maintain full encryption and tokenization of sensitive details.
  • Anti-Money Laundering (AML) & Know-Your-Customer (KYC) Policies: We follow federally mandated AML and KYC guidelines to help detect and prevent financial crimes. As part of our onboarding process, we verify identity through government-issued IDs, assess risk profiles, and monitor for suspicious activity in accordance with FINTRAC (Financial Transactions and Reports Analysis Centre of Canada) regulations.

 

By staying fully compliant with both federal and provincial regulations, we protect not only your information but also your rights as a borrower. Our legal and compliance teams continuously monitor regulatory updates to keep our systems and processes current, lawful, and secure.

4. How We Use Your Information

We use your personal information solely for purposes directly related to delivering our services and supporting your financial needs. We do not use your information for unsolicited marketing, nor do we sell or trade your data to third parties.

Your information may be used in the following ways:

  • To Process and Assess Loan Applications: We use your data to verify your identity, assess your eligibility, and make fair, responsible lending decisions. This includes reviewing your income, employment, credit history (with consent), and supporting documents to evaluate affordability and reduce risk.
  • To Communicate With You: We use your contact details to reach out with important updates about your application, account status, repayment schedule, or customer service needs. These communications may include emails, calls, or secure messages based on your preferences.
  • To Deliver Personalized Financial Support: We aim to offer solutions that suit your specific goals and financial situation. Your information helps us tailor loan terms, provide relevant product recommendations, and adjust repayment options if needed.
  • To Fulfill Legal and Regulatory Obligations: We are required by Canadian financial regulations to collect and retain certain personal and transactional data. This helps us comply with Anti-Money Laundering (AML), Know-Your-Customer (KYC), and income verification laws.
  • To Ensure Security and Prevent Fraud: Your data may be analyzed through secure systems to detect unusual patterns, unauthorized account access, or attempted fraud. This is part of our continuous effort to protect both you and our platform.
  • To Improve Our Services and Website: We may use non-personal technical data (such as browser type, session duration, or usage patterns) to improve our platform’s usability, security, and performance. This data is anonymous and used solely for technical optimization.

 

All use of your data is governed by applicable privacy laws, and we only retain it for as long as necessary to fulfill our service obligations or legal requirements. You can request a review or deletion of your personal data at any time, subject to legal constraints.

5. Sharing Information with Third Parties

At CornerStone Financial, we do not sell, rent, or trade your personal information—ever. We believe that your trust is earned through transparency, and we treat your data with the same level of protection and confidentiality we would expect for our own.

However, in order to deliver our services effectively, securely, and in compliance with financial regulations, we may share limited information with a small number of carefully vetted third-party service providers. These partners help us operate efficiently and serve you better, but they are never permitted to use your data for their own marketing or advertising purposes.

 

Types of Third Parties We Work With:

  • Identity Verification Services: To ensure your identity is valid and to comply with anti-fraud and regulatory requirements (KYC, AML), we may verify your information through licensed ID verification providers.
  • Credit Bureaus (with consent): When necessary, and only with your explicit permission, we may share your information with licensed credit reporting agencies to assess your creditworthiness and confirm your financial history.
  • Payment Processors: When processing loan disbursements or setting up repayments, we securely transmit relevant banking details through PCI DSS-compliant third-party payment gateways and financial platforms.
  • Document Storage & E-signature Services: For applications, agreements, and account communications, we may use encrypted cloud-based platforms that store your documents and allow you to sign digitally in a secure environment.
  • Email & Communication Tools: To send important loan-related updates or service notices, we may use third-party email and communication systems. These providers are bound by data processing agreements and can’t use your contact info for their own use.
  • Regulatory or Legal Authorities: In rare cases, we may be legally obligated to share your information in response to a valid court order, subpoena, government investigation, or other legal process. In such cases, we ensure that only the minimum necessary information is disclosed and that your privacy rights are respected as much as possible.

 

Our Partner Standards

Every third-party partner we work with is subject to strict confidentiality, data protection, and legal compliance obligations. These partners must:

  • Sign data processing or confidentiality agreements
  • Demonstrate compliance with Canadian privacy laws (e.g. PIPEDA)
  • Follow strict protocols to prevent unauthorized access or use
  • Process your data only on our behalf and only for the intended purpose

 

We also conduct periodic reviews of our third-party providers to ensure continued compliance with privacy and security requirements.

6. Your Rights & Choices

At CornerStone Financial, we believe in giving you full control over your personal information. As a client, you have the right to know how your data is used, who it’s shared with, and what steps you can take to review, correct, or remove that information at any time—subject to applicable legal requirements.

We fully comply with Canadian privacy regulations, including the Personal Information Protection and Electronic Documents Act (PIPEDA), which grants individuals clear rights related to the collection, access, and handling of their personal data.

Here’s what you can do:

  • Request Access to Your Data: You can request a full report of the personal information we have on file for you, including loan application details, contact information, documents submitted, and any communication logs. We will respond to your request promptly—usually within 30 days.
  • Request Corrections or Updates: If you believe any of the information we hold about you is inaccurate, incomplete, or outdated (e.g., name, address, employment details), you can ask us to correct or update it. We will verify the request and make the necessary changes without delay.
  • Withdraw Consent (Where Applicable): If we are processing your data based on consent—for example, for optional services or non-essential communication—you have the right to withdraw that consent at any time. This will not affect your eligibility for essential services like loan processing.
  • Request Deletion of Your Information: You may ask us to delete some or all of your personal data when it’s no longer needed for legal, regulatory, or contractual reasons. If approved, we will securely erase or anonymize the data, in accordance with federal and provincial laws.
  • Opt Out of Non-Essential Communication: You may unsubscribe from non-essential messages like service updates, educational content, or promotions at any time using the “unsubscribe” link in our emails or by contacting us directly. This will not affect your account-related notifications.
  • Inquire About Third-Party Sharing:
    If you wish to know which third-party service providers have received your information and for what purpose, we will provide a clear and transparent summary upon request.

 

To exercise any of your data rights, please contact us. We take every privacy request seriously and will always respond respectfully and in accordance with applicable privacy laws.

7. Data Retention Policy

We retain your personal information only for as long as necessary to deliver our services effectively, maintain your account, and comply with applicable legal, regulatory, and financial reporting obligations. This includes keeping your data during the active period of your loan, as well as for a legally required retention period after your account is closed—typically for audit, tax, fraud prevention, or dispute resolution purposes.

Once your information is no longer needed for these purposes, we follow strict procedures to securely dispose of, delete, or anonymize the data from our systems. This process ensures that your personal details cannot be reconstructed, identified, or accessed in the future. We routinely review our data retention policies to align with current privacy laws and best practices, always prioritizing your right to security and confidentiality.

8. Questions or Concerns?

If you have any concerns, questions, or complaints about how your personal information is collected, used, stored, or shared, we encourage you to reach out. Whether you need clarification on our privacy practices or want to exercise your rights under applicable privacy laws, our team is here to support you. We take all privacy inquiries seriously and are committed to responding promptly and respectfully.

If you’d like to speak with someone about your data, please don’t hesitate to contact us—we’re always here to help.