Privacy Policy

Last updated: June 15, 2026

1. Who we are

Refisage.com is an informational and educational content website covering mortgages and home financing for a Canadian audience. It is operated by Refisage. For privacy and data protection inquiries, contact us at [email protected].

2. Data we collect

We collect only non-personal data needed to understand site performance and content relevance:

IP address (kept in server logs for a short retention window)
Browser type, operating system, and language
Page visited; referrer classified by category (search, social, direct, internal, external)
Screen resolution, viewport type, and timezone
Browser-level performance metrics (Core Web Vitals)
Aggregated engagement signals: scroll depth, active reading time, article completion, the section that held the most attention, and clicks on links and buttons (we record only the link type, internal/external/affiliate/CTA, and the destination with no personal data, never cursor position or a heatmap)

While browsing the site, we do not collect name, email, phone, address, device fingerprints, or any personally identifiable information; and we do not use persistent cross-session identifiers, with a single exception: the pseudonymous visitor identifier described in section 6, created only if you consent to analytics cookies. The newsletter is suspended: we currently do not collect name, email, or phone through the site (see the section below).

Newsletter sign-up is temporarily unavailable and is not being offered at this time. While it is suspended, we do not collect name, email, or phone through the site, and there is no active sign-up form. If the newsletter is offered again, this policy will be updated beforehand to describe what data would be collected, the lawful basis, and how to unsubscribe. We do not sell your personal data.

Browser notifications (Web Push)

You can choose to receive notifications about new articles directly in your browser. We first show a notice explaining the option; only if you accept does the browser ask for permission (we never trigger the browser permission prompt without your acceptance). When you accept, your browser generates an anonymous technical subscription (an opaque endpoint from the browser’s push service, plus encryption keys) that we keep solely to deliver the notifications. We do not collect or retain any name, email, phone, IP address, or any personal data for the notifications: this subscription does not identify you. You can opt out at any time in your browser’s notification settings, and the subscription stops being used and is removed once the browser invalidates it. Declining the notice has no effect on reading the site.

3. Tracking pixel and telemetry

We load a transparent 1x1 pixel on every article page view. The server records the page view, IP, browser, and referrer in its access log. The pixel path encodes an opaque identifier for the article and its published version, with no reader-level data.

We also send browser performance metrics (Core Web Vitals, JavaScript errors) and aggregated engagement signals to our analytics collector. These are anonymous and used to improve loading speed and editorial quality.

By default this telemetry is anonymous and per-session, with no cookie: the session identifier lives only in the tab’s memory (sessionStorage) and is gone when you close the tab. The use of cookies and a cross-session visitor identifier depends on your consent, as described in section 6.

We honour the Do Not Track (DNT) and Global Privacy Control (GPC) browser signals: when enabled, we suppress optional engagement and context signals, keeping only the aggregated page-view count.

Under PIPEDA, we are accountable for the personal information under our control. The anonymous, per-session telemetry (pixel, Core Web Vitals, aggregated engagement, no cookie) does not identify you and is processed for the purpose of continuously improving the service, analyzing aggregate audience behaviour, and monitoring technical performance.

The cross-session visitor identifier and analytics cookies are based on your consent: they are created only after you enable them in the cookie notice, and you can withdraw your consent at any time.

5. Your rights

Under PIPEDA and applicable provincial privacy laws, you have the right to:

Know what personal information we hold about you and why
Access your personal information
Request correction of inaccurate or incomplete information
Withdraw consent, subject to legal or contractual restrictions
Make a complaint about how we handle your information

To exercise your rights, email [email protected]. You also have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca, or with your provincial privacy regulator where applicable.

6. Cookies and visitor identifier

You control cookies in the consent notice shown on your first visit, and at any time via the Cookie preferences link in the footer.

Necessary (always on): a consent cookie records your consent choice. It is essential and does not track browsing.
Analytics (optional, requires consent): if you enable it, we create a pseudonymous visitor identifier cookie. It stores only a random code (UUID), with no name, email, IP, or any personal data, used to tell new visitors from returning ones and measure retention in aggregate. Lifetime: 90 days. We do not fingerprint your device.
Cloudflare (necessary): our CDN may set strictly necessary security cookies (for example, __cf_bm).

How to withdraw or delete: click Cookie preferences and decline Analytics (this immediately deletes the visitor identifier cookie), or clear cookies in your browser. Data associated with the visitor identifier expires automatically within 90 days. For any deletion request, email [email protected].