Privacy Policy

Privacy Policy governs the manner in which ABM Tax collects, uses, maintains, and discloses information collected from users (each, a “User”) of the www.abmtax.ca website (“Site”) and app.abmtax.ca web app. This privacy policy applies to the Site and all products and services offered by abmtax.ca.

Personal identification information

We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, place an order, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.

Non-personal identification information

We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.

Purpose of Collecting Your Phone Number

ABM Tax collects your phone number to provide important account-related updates, appointment reminders, billing notices, and service information. With your explicit consent, we may also send limited marketing or promotional messages about our products and services.

Consent to Receive Text Messages
By providing your mobile number and selecting the SMS-consent option on our forms or website, you agree to receive text messages from ABM Tax. Your consent is voluntary and may be withdrawn at any time by replying STOP to a text message or by contacting us directly at info@abmtax.ca or (204) 505-9696.

Message Frequency and Type
Message frequency will vary depending on your relationship with ABM Tax and the nature of the services you use. Standard message and data rates from your mobile carrier may apply.

Opt-Out Process
You may opt out of receiving further text messages at any time by replying STOP to any message. You may also request removal by contacting us through the methods listed above. After opting out, you may still receive essential service or account-related notifications as permitted by law.

Data Storage and Security
ABM Tax securely stores all consent records, phone numbers, and message logs in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). Access to this data is limited to authorized personnel, and information is retained only as long as necessary for business or legal purposes.

Third-Party Service Providers
We may use reputable third-party providers (such as Twilio, AWS SNS, or equivalent) to deliver text messages. These providers process your data solely to transmit the messages and are bound by strict confidentiality and security obligations.

Compliance with Canadian Law
All of our commercial electronic messages comply with Canada’s Anti-Spam Legislation (CASL) and applicable Manitoba consumer protection and privacy laws. We maintain detailed records of consent and opt-out requests to ensure ongoing compliance.

Web browser cookies

Our Site may use “cookies” to enhance User experience. User’s web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

How we use collected information

abmtax.ca may collect and use Users personal information for the following purposes:

To improve customer service

Information you provide helps us respond to your customer service requests and support needs more efficiently.

To personalize user experience

We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.

To improve our Site

We may use feedback you provide to improve our products and services.

To process payments

We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.

To send periodic emails

We may use the email address to send User information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, they may do so by contacting us via our Site.

How we protect your information

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.

Sharing your personal information

We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.

Changes to this privacy policy

abmtax.com has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

Your acceptance of these terms

By using this Site, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

ABMTAX AI Chat Widget — Privacy Policy

Last updated: March 19th, 2026

This Privacy Policy governs the manner in which ABMTAX collects, uses, maintains, stores, and discloses information collected from users (each, a “User”) of the ABMTAX AI Chat Widget (the “Widget”). This Privacy Policy applies only to the Widget and does not replace or override the privacy policy applicable to the abmtax.ca website, the app.abmtax.ca (TaxAnywhere) web application, or the abmbooks.com platform.

By using the ABMTAX AI Chat Widget, you acknowledge that you have read and understood this Privacy Policy.

For the AI chat feature, your use of the chat constitutes consent to the collection and processing of your message text as described in this Policy, including the transmission of your question text to a third-party large language model hosted on AWS Bedrock.

About ABMTAX

ABMTAX is a private-sector organization providing tax preparation and related services to clients in Canada and the United States, including Manitoba and Alberta provinces. We are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws.

Contact information:

Email: info@abmtax.ca

Phone: +1 (204) 505-9696

Website: https://abmtax.ca

Mailing address: Office 200 — 500 Portage Ave, Winnipeg, MB R3C 3X1

Information We Collect

Personal identification information

We may collect personal identification information from Users in a variety of ways when they interact with the Widget, including when Users type messages to the AI assistant, or use the file upload form to submit tax documents.

Personal information collected through the Widget may include, but is not limited to:

Email address — collected voluntarily when the User submits the file upload form; used to identify the User, deliver a submission confirmation email, and match the User to their existing ABMTAX TaxAnywhere platform account

Messages and conversation content exchanged with the AI assistant, including the text of every question submitted and every response generated

A unique session identifier (conversation ID) — a random UUID generated by the User’s browser each time the Widget is loaded; it is not linked to any login, account, or identity and cannot be used on its own to identify a person

Documents and files voluntarily uploaded through the Widget, such as tax documents, receipts, T-slips, or other supporting materials submitted via the file upload form

File metadata, including filename, file size, file type, and upload timestamp

An optional free-text comment submitted together with uploaded files

The language preference selected within the Widget (English or Tigrinya), stored locally in the browser

Users may choose not to provide certain information; however, doing so may prevent them from accessing document-upload or account-linked features.

Sensitive information

Documents submitted through the Widget may contain sensitive personal and financial information, including Social Insurance Numbers (SINs), income details, banking information, or tax identification data. ABMTAX collects and uses such information solely for legitimate business purposes related to tax preparation, filing, account support, and legal compliance.

Non-personal and technical information

We may collect non-personal or technical information automatically when Users interact with the Widget, including:

Message timestamps and session identifiers used solely for organizing conversation records

Server-side logs used for security, troubleshooting, and abuse prevention

The Widget does not collect device contacts, precise location data, sensor data, IP addresses, browser fingerprints, or cookies. Recent chat history (up to the last 50 messages) is stored locally in the User’s browser using localStorage solely to allow the conversation to persist across page navigations on the same device; this data never leaves the User’s browser on its own.

How We Collect Information

Chat messages: When the User types a message and clicks Send, the text of the message and the session conversation ID are transmitted to the ABMTAX server over an encrypted HTTPS connection.

File upload form: When the User completes and submits the file upload form, the email address, optional comment, and selected files are transmitted to the ABMTAX server over an encrypted HTTPS connection.

Outcome and status messages: When the Widget displays a status message to the User (such as confirmation that files were received or notification of an error), that message text is also transmitted to the ABMTAX server over an encrypted HTTPS connection so that the full conversation record is preserved.

How We Use Collected Information

ABMTAX may collect and use Users’ information for the following purposes:

To operate and provide the AI Chat Widget, including generating AI responses to User questions

To maintain a complete and ordered record of each chat session for internal quality review, customer support, and service improvement

To receive, authenticate, and route documents submitted by Users to their ABMTAX TaxAnywhere platform account

To send Users a confirmation email acknowledging receipt of their submitted documents

To notify the ABMTAX team of new document submissions so that tax professionals can review and process the submitted materials

To store submitted files securely for later access by authorized ABMTAX staff

To match the User’s submitted email address with their existing TaxAnywhere platform account in order to associate uploaded documents with the correct client profile

To improve AI assistant accuracy and Widget functionality using aggregated or de-identified data

To analyze conversation trends, topics, and patterns for internal business analytics and quality control, including identifying commonly asked questions, frequently requested services, and gaps in the AI assistant’s knowledge base

To use aggregated insights derived from conversations to inform ABMTAX’s marketing and business development decisions, such as understanding which services generate the most user interest and which topics to highlight in promotional communications

To maintain system security, prevent fraud or abuse, and comply with legal obligations

We do not sell, trade, or rent Users’ personal information to third parties. We do not share individual conversation records with external parties for advertising or marketing purposes. Conversation data may be analyzed internally on an aggregated and de-identified basis to inform ABMTAX’s service offerings and marketing decisions, as described above.

Where and How User Data Is Stored

Conversation Records — AWS DynamoDB

Every message exchanged through the Widget is stored in an AWS DynamoDB table. This includes:

– All questions typed by the User and all responses generated by the AI assistant

– The text content of file upload summaries displayed in the chat (including the User’s email address and the names of submitted files as they appear in the chat)

– System status messages shown to the User (such as “Processing your files…”, upload success confirmations, and error notifications)

Each record stored in DynamoDB contains the following fields:

– conversation_id: the session UUID generated by the User’s browser for this page load

– timestamp: the UTC date and time the message was stored, in ISO-8601 format with microsecond precision (this is also the table’s sort key, ensuring messages are stored and retrieved in chronological order)

– role: either “user” (a message sent by the User) or “bot” (a message generated by the system or AI)

– message: the plain-text content of the message

DynamoDB records are stored in the AWS region configured for this deployment. Conversation records are not automatically expired and persist until explicitly deleted by authorized ABMTAX staff.

Access to DynamoDB is protected by AWS IAM credentials. The table is not publicly accessible.

Uploaded Files — AWS S3

Files submitted through the Widget’s file upload form are stored in a private AWS S3 bucket. Each file is stored under an object key of the format:

{user_email}/{upload_timestamp}_{original_filename}

For example: client@example.com/20240115T103000Z_T4_2023.pdf

The timestamp prefix in the filename is added to prevent collisions if the same filename is re-uploaded. Files are organized under a folder prefix corresponding to the User’s email address.

S3 storage contains the raw file bytes and the file’s MIME type. Files are not automatically deleted and persist until explicitly removed by authorized ABMTAX staff.

Access to the S3 bucket is controlled by AWS IAM credentials. The bucket is private; direct public access is disabled. Authorized staff may generate time-limited pre-signed URLs (valid for up to one hour) to access specific files when needed.

Platform User Records — AWS RDS PostgreSQL

ABMTAX maintains a PostgreSQL database hosted on AWS RDS that contains a synchronized list of registered ABMTAX TaxAnywhere platform users. This table (platform_users) stores the following fields for each registered user:

– id: the internal ABMTAX platform user ID

– firstname and lastname

– email address

– telephone number (normalized to 11-digit format)

– active status, account type, registration status

– Internal platform identifiers (ref_token, object_id)

When a User submits files through the Widget, the server queries this table by the submitted email address to locate the User’s platform user ID. This ID is then used to upload the submitted files directly to the User’s TaxAnywhere account. If no matching email address is found in the platform_users table, the file upload to TaxAnywhere will not succeed, although files will still be emailed to the ABMTAX team.

The platform_users table is not created or modified by Widget interactions. It is synchronized separately from the ABMTAX TaxAnywhere API by authorized ABMTAX staff. Users do not directly cause writes to this table by using the Widget.

Access to the RDS database requires SSL/TLS and valid database credentials. The database is not publicly accessible.

Email Transmissions — Microsoft Office 365

When a User submits files through the Widget, two emails are sent using ABMTAX’s Microsoft Office 365 email account (via SMTP on smtp.office365.com, port 587, with STARTTLS encryption):

Admin notification email: sent to the ABMTAX team’s internal email address. It contains the User’s email address, the optional comment, a list of submitted filenames and sizes, and the uploaded files as email attachments.

User confirmation email: sent to the email address provided by the User. It contains a confirmation of receipt, the optional comment, a list of submitted filenames and sizes, and the uploaded files as email attachments. The email instructs the User not to reply, as it is automatically generated.

These emails are transmitted and stored in accordance with Microsoft’s data handling policies for Office 365. Email content, including attached files, may be retained by the email service provider in accordance with their standard policies.

How We Use the AI Language Model (AWS Bedrock)

When the User sends a chat message, the Widget contacts ABMTAX’s server, which forwards the User’s question text to Amazon Web Services Bedrock to generate a response using the Large Language Model (Hosted on AWS Bedrock service).

The following information is transmitted to AWS Bedrock:

– The User’s question text

– A system-level instruction prompt containing ABMTAX-specific knowledge retrieved from local text files (no personal data is included in this context)

The following information is NOT transmitted to AWS Bedrock:

– The User’s email address

– Any uploaded files or file contents

– The session conversation ID

– Any name, telephone number, or other personal identifier, unless explicitly written by the user in the message and sent to the chatbot.

AWS Bedrock processes the prompt temporarily to generate a response. AWS’s data retention and processing policies apply to data sent to Bedrock. For more information, see: https://aws.amazon.com/bedrock/

The User’s question text may also be transmitted to the TaxAnywhere platform indirectly if the User mentions their account details in a chat message. Users are advised not to include sensitive personal or financial details (such as SINs or passwords) in chat messages.

If you do not want your question text to be processed by a third-party large language model, please do not use the AI chat feature of the Widget.

Third-Party Service Providers

We use the following third-party service providers to operate the Widget:

AWS DynamoDB — conversation record storage

AWS S3 — uploaded file storage

AWS RDS PostgreSQL — platform user account lookup

AWS Bedrock (Meta Llama 3 8B Instruct) — AI response generation

Model use policy: https://www.llama.com/llama3/use-policy/

Microsoft Office 365 (smtp.office365.com) — transactional email delivery

ABMTAX TaxAnywhere Platform (app.abmtax.ca) — destination for uploaded tax documents

These providers process information solely for service delivery and are bound by their respective terms of service, confidentiality obligations, and security standards.

Data Storage Location and Cross-Border Transfers

Data may be stored and processed using AWS services in the United States or other jurisdictions where AWS operates data centers. Email is processed and may be stored by Microsoft in locations where Microsoft operates Office 365 infrastructure. Files transmitted to the TaxAnywhere platform are processed and stored in accordance with ABMTAX’s TaxAnywhere data handling practices.

Information stored outside Canada may be subject to the laws of the jurisdiction in which it is stored. ABMTAX takes reasonable contractual and technical measures to protect information in accordance with PIPEDA.

All data transmissions between the User’s browser and ABMTAX’s server use secure, encrypted HTTPS / TLS connections.

Data Retention and Deletion

Conversation records in DynamoDB are retained indefinitely unless a User requests deletion. Uploaded files in S3 are retained indefinitely unless a User requests deletion. Platform user records in the RDS database are maintained for as long as the User holds an active ABMTAX account and may be updated when account details change.

If you wish to request deletion of your conversation records, submitted files, or any other personal information collected through the Widget, please contact ABMTAX at info@abmtax.ca or +1 (204) 505-9696. Upon a verified deletion request, ABMTAX will, to the extent technically feasible and legally permitted:

Delete your conversation records from DynamoDB

Delete your uploaded files from the S3 bucket

Note that data already transmitted to and stored in email systems or the TaxAnywhere platform may be subject to separate retention and deletion processes.

Breach of Security Safeguards

ABMTAX maintains technical and organizational safeguards designed to protect the personal information collected through the Widget. In the event of a breach of security safeguards involving personal information collected through the Widget, ABMTAX will:

Assess the breach to determine whether it creates a real risk of significant harm to any affected individual, considering the sensitivity of the information involved, the probability that the information has been, is being, or will be misused, and any other relevant factors;
Report the breach to the Office of the Privacy Commissioner of Canada as soon as feasible if the breach creates a real risk of significant harm;
Notify affected individuals as soon as feasible if the breach creates a real risk of significant harm, including a description of the breach, the type of personal information involved, the steps ABMTAX has taken or intends to take to reduce the risk of harm, steps the individual can take to reduce the risk of harm, and contact information for ABMTAX’s privacy officer;
Notify any other organization or government institution that may be able to reduce the risk of harm resulting from the breach, where appropriate; and
Maintain a record of every breach of security safeguards involving personal information under ABMTAX’s control, regardless of whether the breach triggers notification obligations, for a minimum of 24 months.

These obligations are carried out in accordance with Division 1.1 of Part 1 of the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Breach of Security Safeguards Regulations (SOR/2018-64).

Your Rights

Under PIPEDA and applicable Canadian privacy law, you have the right to:

Request access to the personal information ABMTAX holds about you

Request correction of inaccurate personal information

Withdraw consent to the collection and use of your personal information for purposes where consent is the basis for processing (subject to legal and contractual limitations)

Request deletion of your personal information (subject to legal and contractual limitations)

To exercise any of these rights, please contact ABMTAX using the contact information below.

Compliance with Law

ABMTAX complies with applicable Canadian privacy laws, including PIPEDA, and applicable electronic communications requirements. We may disclose information if required by law, court order, regulatory authority, or to protect the rights and safety of ABMTAX, our Users, or others.

Children’s Information

The ABMTAX AI Chat Widget is intended for adults using ABMTAX tax preparation services. We do not knowingly collect information from children under the age of 13 (or the applicable age of majority). If such information is identified, it will be handled in accordance with applicable law.

Changes to This Privacy Policy

ABMTAX may update this Privacy Policy at any time when needed. When we do so, we will revise the “Last updated” date at the top of this document. We encourage Users to review this Policy periodically to stay informed about how we protect their information.

Your Acceptance of These Terms

By using the ABMTAX AI Chat Widget, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

Contacting Us

If you have questions about this Privacy Policy, our privacy practices, or wish to submit a data access or deletion request, please contact:

Email: info@abmtax.ca

Phone: +1 (204) 505-9696

Mailing address: Office 200 — 500 Portage Ave, Winnipeg, MB R3C 3X1

ABMTAX WhatsApp Helper Bot – Privacy Policy

Last updated: March 6’th, 2026

This Privacy Policy governs the manner in which ABMTAX collects, uses, maintains, stores, and discloses information collected from users (each, a “User”) of the ABMTAX WhatsApp Helper Bot (the “Bot”). This Privacy Policy applies only to the Bot and related WhatsApp-based services and does not replace or override the privacy policy applicable to the abmtax.ca website, the app.abmtax.ca (TaxAnywhere) web application, or the abmbooks.com platform.

By using the Bot, you signify your acceptance of this Privacy Policy. If you do not agree to this Policy, please do not use the Bot.

About ABMTAX

Contact information:

Email: PrivacyOfficer@abmtax.ca

Phone: +1 (204) 505-9696

Website: https://abmtax.ca

Mailing address: Office 200 – 500 Portage Ave, Winnipeg, MB R3C 3X1

Information We Collect:

Personal identification information

We may collect personal identification information from Users in a variety of ways when they interact with the Bot, including when Users send messages, select menu options, upload documents, or link their WhatsApp number to an existing ABMTAX account.

Personal information collected through the Bot may include, but is not limited to:

WhatsApp phone number (WhatsApp ID / wa_id) — used to identify the User, maintain conversation state, match the User to their existing ABMTAX TaxAnywhere platform account, and organize uploaded documents

Messages and conversation content exchanged with the Bot, including the text of every message sent and every response generated

Menu selections and button interactions, including tax question category navigation, account menu choices, and privacy policy acceptance or rejection

Documents and files voluntarily uploaded through WhatsApp, such as tax documents, receipts, T-slips, or other supporting materials

File metadata, including filename, upload timestamp, file size, and file type

Account-related information retrieved from the ABMTAX platform when the User requests account features, such as name, email address, telephone number, internal user ID, tax application IDs, status, submission year, e-file status, pricing fields, and related records

Users may choose not to provide certain information; however, doing so may prevent them from accessing account-related or document-related Bot features.

Sensitive information

Some information provided through the Bot, including tax documents or SIN-related data, may be sensitive. Documents submitted through the Bot may contain sensitive personal and financial information, including Social Insurance Numbers (SINs), income details, banking information, or tax identification data. ABMTAX collects and uses sensitive information only for legitimate business purposes related to tax preparation, filing, account support, and legal compliance.

Non-personal and technical information

We may collect non-personal or technical information automatically when Users interact with the Bot, including:

Message timestamps and message types (incoming/outgoing)

Internal system identifiers used to manage bot flows and conversation state

Application, database, and storage logs used for security, troubleshooting, and abuse prevention

We do not intentionally collect device contacts, precise location data, sensor data, IP addresses, or browser fingerprints from your phone.

How We Collect Information

WhatsApp messages: When the User sends a text message, button selection, or interactive reply through WhatsApp, the message content and the User’s WhatsApp phone number are received by the Bot’s server via the Meta WhatsApp Cloud API over an encrypted HTTPS connection.

Document uploads: When the User sends a document, image, or other media file through WhatsApp, the file is downloaded from Meta’s servers by the Bot over an encrypted HTTPS connection and then stored securely.

Account data retrieval: When the User requests account-related features (such as viewing their profile or tax applications), the Bot queries the ABMTAX TaxAnywhere platform API using the User’s linked account information over an encrypted HTTPS connection.

Email notifications: When the User uploads documents through the Bot, email notifications (including attached files) are transmitted to the ABMTAX team and the User via the Bot’s email system over an encrypted SMTP connection.

How We Use Collected Information

ABMTAX may collect and use Users’ information for the following purposes:

To operate and provide the WhatsApp Helper Bot, including generating AI responses to User questions

To recognize Users and maintain conversation state

To respond to questions and requests submitted through WhatsApp

To provide general tax-related information from the CRA knowledge base

To allow Users to view ABMTAX account information and tax application information & status when requested

To receive, store, and manage documents submitted through the Bot

To upload submitted documents to the User’s ABMTAX TaxAnywhere platform account

To send Users a confirmation email acknowledging receipt of their submitted documents

To notify the ABMTAX team of new document submissions so that tax professionals can review and process the submitted materials

To match the User’s WhatsApp phone number with their existing TaxAnywhere platform account in order to associate uploaded documents with the correct client profile

To improve Bot functionality, accuracy, and user experience using aggregated or de-identified data

To maintain system security, prevent fraud or abuse, and comply with legal obligations

We do not sell, trade, or rent Users’ personal information to third parties. We do not use Bot conversations or uploaded documents for advertising or unrelated marketing purposes.

Consent and Opt-In

By using the Bot and accepting the privacy policy from the prompt presented in WhatsApp, you consent to the collection, use, and storage of your information as described in this Policy.

Consent is required before account data or document features are enabled. If you do not accept this privacy policy, please do not use the Bot.

You may withdraw your consent at any time by sending the message “optout” to the Bot or by contacting ABMTAX directly. Note: withdrawing your consent by sending “optout” message to the Bot is only applicable to the Bot’s collection and usage of your information (not other ABMTAX platforms, products or services).

Opt-Out and Data Deletion

You may opt out from your data being stored and used by the Bot at any time by sending “optout” message to the Bot in WhatsApp or by contacting us at PrivacyOfficer@abmtax.ca or +1 (204) 505-9696. Note: withdrawing your consent by sending “optout” message to the Bot is only applicable to the Bot’s collection and usage of your information (not other ABMTAX platforms, products or services).

Upon opt-out, ABMTAX will, to the extent technically feasible and legally permitted:

Delete Bot conversation records

Delete user state and Bot-specific linkage records

Delete documents uploaded through the Bot from AWS S3 storage

Delete platform user records and associated tax application records linked to the Bot from the Bot’s database

Retain minimal audit records (such as a hashed phone number and timestamp) solely to document compliance and prevent further processing

After opting out, the Bot will not process new personal information unless you re-consent (by accepting this Privacy Policy).

Where and How User Data Is Stored

Conversation Records — AWS DynamoDB

Every message exchanged through the Bot is stored in an AWS DynamoDB table. This includes:

– All messages sent by the User and all responses generated by the Bot

– Message type (incoming or outgoing), payload identifiers, and message metadata

Each conversation record contains the following fields:

– user_id: the User’s WhatsApp phone number (partition key)

– timestamp: a composite sort key containing the UTC date/time and a unique message identifier, ensuring messages are stored and retrieved in chronological order

– message_type: either “incoming” (a message sent by the User) or “outgoing” (a message sent by the Bot)

– message_content: the text content of the User’s message

– response_content: the text content of the Bot’s response

– message_metadata: additional metadata about the message (JSON format)

DynamoDB records are stored in the AWS region configured for this deployment. Conversation records are not automatically expired and persist until the User opts out or explicitly requests deletion.

Access to DynamoDB is protected by AWS IAM credentials. The table is not publicly accessible.

User State — AWS RDS PostgreSQL

The Bot maintains a record of each User’s current position in the conversation flow (e.g., main menu, tax question browsing, document upload mode). This record includes:

– user_id: the User’s WhatsApp phone number

– current_state: the User’s current menu or flow position

– state_data: contextual data for the current state (e.g., selected tax category)

– privacy_accepted_time: the timestamp of the User’s most recent privacy policy acceptance

User state records are stored in the same AWS RDS PostgreSQL database and are subject to the same security controls.

User Profile — AWS RDS PostgreSQL

When a User’s WhatsApp phone number is matched to an ABMTAX TaxAnywhere platform account, the Bot stores a linkage record containing:

– The User’s WhatsApp phone number

– The matched ABMTAX platform user ID

– Basic profile information (first name, last name, email address)

This data is used to associate the User with their TaxAnywhere account for document uploads and account information retrieval.

Platform User Records — AWS RDS PostgreSQL

ABMTAX maintains a synchronized list of registered ABMTAX TaxAnywhere platform users. This table stores the following fields for each registered user:

– id: the internal ABMTAX platform user ID

– firstname and lastname

– email address

– telephone number (normalized to 11-digit format)

– active status, account type, registration status

– Internal platform identifiers (ref_token, object_id)

When a User interacts with account features through the Bot, the server queries this table by the User’s WhatsApp phone number to locate their platform user ID. This ID is then used to retrieve account information or upload documents to the User’s TaxAnywhere account.

The platform users table is synchronized separately from the ABMTAX TaxAnywhere API by authorized ABMTAX staff. Users do not directly cause writes to this table by using the Bot.

Uploaded Files — AWS S3

Files submitted through the Bot are stored in a private AWS S3 bucket. Each file is stored under an object key organized by the User’s WhatsApp phone number:

{user_phone_number}/{filename}

The S3 bucket is private; direct public access is disabled. Access to the S3 bucket is controlled by AWS IAM credentials.

Files are not automatically deleted and persist until the User opts out or explicitly requests deletion.

Email Transmissions — Microsoft Office 365

When a User uploads documents through the Bot, two emails are sent using ABMTAX’s Microsoft Office 365 email account (via SMTP on smtp.office365.com, port 587, with STARTTLS encryption):

Admin notification email: sent to the ABMTAX team’s internal email address. It contains the User’s information, a list of submitted filenames and sizes, and the uploaded files as email attachments.

User confirmation email: sent to the email address associated with the User’s ABMTAX account. It contains a confirmation of receipt and the uploaded files as email attachments.

How We Use the AI Language Model (AWS Bedrock)

When the User selects the “Chat With AI” feature and sends a chat message, the Bot forwards the User’s question text to Amazon Web Services Bedrock to generate a response using a Large Language Model (hosted on AWS Bedrock service).

The following information is transmitted to AWS Bedrock:

– The User’s question text

– A system-level instruction prompt containing ABMTAX-specific knowledge retrieved from local text files (no personal data is included in this context)

The following information is NOT transmitted to AWS Bedrock:

– The User’s WhatsApp phone number

– Any uploaded files or file contents

– Any name, email address, telephone number, or other personal identifier, unless explicitly written by the User in the message and sent to the chatbot

Users are advised not to include sensitive personal or financial details (such as SINs or passwords) in chat messages.

If you do not want your question text to be processed by a third-party large language model, please do not use the “Chat With AI” feature of the Bot.

Third-Party Service Providers

We use the following third-party service providers to operate the Bot:

AWS DynamoDB — conversation record storage

AWS RDS PostgreSQL — user state, user profiles, and platform user data storage

AWS S3 — uploaded file storage

AWS Bedrock and the Large Language Model hosted there — AI response generation

Meta WhatsApp Business Platform (Cloud API) — messaging platform

Microsoft Office 365 (smtp.office365.com) — transactional email delivery

ABMTAX TaxAnywhere Platform (app.abmtax.ca) — user account data and destination for uploaded tax documents

These providers process information solely for service delivery and are bound by their respective terms of service, confidentiality obligations, and security standards.

Data Storage Location and Cross-Border Transfers

All data transmissions between the User’s WhatsApp client, Meta’s servers, and ABMTAX’s server use secure, encrypted HTTPS / TLS connections.

Data Retention and Deletion

Conversation records in DynamoDB are retained indefinitely unless a User opts out or requests deletion. Uploaded files in S3 are retained indefinitely unless a User opts out or requests deletion. Platform user records in the database are maintained for as long as the User holds an active ABMTAX account and may be updated when account details change.

If you wish to request deletion of your conversation records, submitted files, or any other personal information collected through the Bot, you may either:

Send the message “optout” to the Bot in WhatsApp for automatic deletion of all Bot-related data

Contact ABMTAX at PrivacyOfficer@abmtax.ca or +1 (204) 505-9696 to submit a deletion request

Upon a verified deletion request, ABMTAX will, to the extent technically feasible and legally permitted:

Delete your conversation records from DynamoDB

Delete your uploaded files from the S3 bucket

Delete your user state and profile records from the database

Note that data already transmitted to and stored in email systems or the TaxAnywhere platform may be subject to separate retention and deletion processes.

Data Storage and Security

ABMTAX uses industry-standard security measures and reputable cloud infrastructure providers to protect User information.

Data may be stored and processed using:

AWS DynamoDB for conversation records (message history)

AWS RDS (PostgreSQL) for user state, user profiles, and Bot-related records

AWS S3 for document storage

AWS EC2 for Bot application hosting and functioning

All data transmissions use secure, encrypted connections (HTTPS / TLS). Database connections use SSL/TLS encryption. The database and S3 bucket are not publicly accessible and are protected by AWS IAM credentials and security group policies.

Breach of Security Safeguards

ABMTAX maintains technical and organizational safeguards designed to protect the personal information collected through the Bot. In the event of a breach of security safeguards involving personal information collected through the Bot, ABMTAX will:

Assess the breach to determine whether it creates a real risk of significant harm to any affected individual, considering the sensitivity of the information involved, the probability that the information has been, is being, or will be misused, and any other relevantfactors;
Report the breach to the Office of the Privacy Commissioner of Canada as soon as feasible if the breach creates a real risk of significantharm;
Notify affected individuals as soon as feasible if the breach creates a real risk of significant harm, including a description of the breach, the type of personal information involved, the steps ABMTAX has taken or intends to take to reduce the risk of harm, steps the individual can take to reduce the risk of harm, and contact information for ABMTAX’s privacy officer;
Notify any other organization or government institution that may be able to reduce the risk of harm resulting from the breach, where appropriate; and
Maintain a record of every breach of security safeguards involving personal information under ABMTAX’s control, regardless of whether the breach triggers notification obligations, for a minimum of 24 months.

Your Rights

Under PIPEDA and applicable Canadian privacy law, you have the right to:

Request access to the personal information ABMTAX holds about you

Request correction of inaccurate personal information

Withdraw consent to the collection and use of your personal information for purposes where consent is the basis for processing (subject to legal and contractual limitations)

Request deletion of your personal information (subject to legal and contractual limitations)

To exercise any of these rights, please contact ABMTAX using the contact information below.

Compliance with Law

ABMTAX complies with applicable Canadian privacy laws, including PIPEDA, and applicable messaging and electronic communications requirements. We may disclose information if required by law, court order, regulatory authority, or to protect the rights and safety of ABMTAX, our Users, or others.

Children’s Information

The ABMTAX WhatsApp Helper Bot is intended for adults and clients using ABMTAX tax services. We do not knowingly collect information from children under the age of 13 (or the applicable age of majority). If such information is identified, it will be handled in accordance with applicable law.

Changes to This Privacy Policy

ABMTAX may update this Privacy Policy at any time when needed. When we do so, we will revise the “Last updated” date at the top of this document. Material changes may require you to re-accept the policy before continuing to use the Bot. We encourage Users to review this Policy periodically to stay informed about how we protect their information.

Your Acceptance of These Terms

By using the ABMTAX WhatsApp Helper Bot, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

Contact Us

If you have questions about this Privacy Policy, our privacy practices, or wish to submit a data access or deletion request, please contact:

Email: info@abmtax.ca

Phone: +1 (204) 505-9696

Mailing address: Office 200 – 500 Portage Ave, Winnipeg, MB R3C 3X1

This document was last updated on March 4th, 2026.

Privacy Policy

Winnipeg

Calgary