Privacy Policy

Information We Collect

CIBC Digital Business collects information necessary to provide business banking, cash management, and commercial lending services. This includes business registration details, authorized signatory identification, transaction records, account balances, and communication preferences. When you interact with our digital banking platform, we log access timestamps, IP addresses, device information, and session activity for security and audit purposes.

How We Use Your Information

Information collected is used to operate your business accounts, process transactions, prevent fraud, comply with regulatory obligations, and improve our digital banking services. We may use aggregated, de-identified data for analytical purposes. Transaction data is retained in accordance with Canadian financial record-keeping requirements and regulatory mandates from the Office of the Superintendent of Financial Institutions (OSFI).

Information Sharing

CIBC Digital Business shares information with service providers who assist in payment processing, statement delivery, fraud detection, and platform hosting. These providers are contractually bound to data protection standards. We may disclose information as required by law, court order, or regulatory request. We do not sell business client information to third parties for marketing purposes.

Data Security

We maintain administrative, technical, and physical safeguards to protect your business banking data. All online and mobile banking sessions use 256-bit TLS encryption. Access controls restrict employee data access based on role and need. Our security program includes regular penetration testing, vulnerability assessments, and third-party security audits. Multi-factor authentication is required for all digital banking logins.

Your Rights and Choices

You may review and update account information through the CIBC Digital Business platform. For questions about data handling or to exercise rights under applicable Canadian privacy law, contact our privacy office through the support resources page. Business clients may request a summary of personal information held in connection with their accounts, subject to identity verification requirements.

Data Retention and Disposal

Business transaction records are retained for a minimum of seven years in accordance with Canadian tax and corporate record-keeping regulations. Personal information associated with closed accounts is securely disposed of after the statutory retention period expires. We use industry-standard data destruction methods including cryptographic erasure for digital records and secure shredding for any physical documentation. Account holders may request earlier deletion of non-mandatory personal data by contacting the privacy office, though certain records must be preserved to satisfy regulatory obligations.

International Data Transfers

Business banking data is primarily processed and stored within Canada. Certain service providers that support platform hosting, payment processing, or fraud detection may process data in other jurisdictions. When data is transferred outside Canada, contractual safeguards ensure the receiving party maintains protection standards equivalent to those required under Canadian privacy law. Business clients with specific data sovereignty requirements should discuss these needs with their banking advisor during account setup.

Cookies and Tracking

Our digital banking platform uses essential session cookies required for secure authentication and transaction processing. We also use analytics cookies to understand platform usage patterns and improve the user experience. You may configure your browser to reject non-essential cookies, though this may limit certain platform features. Detailed cookie settings are available in your account preferences.

Policy Updates

This privacy policy is reviewed annually and updated as needed to reflect changes in our data practices or regulatory requirements. Material changes are communicated to active business clients through the digital banking portal or registered email address. Continued use of CIBC Digital Business services after policy updates constitutes acceptance of the revised terms.

Last Updated: May 3, 2026

This privacy policy applies to all CIBC Digital Business online services, the mobile banking app, and any web properties operated under the cibcbusiness.co.com domain. By using these services, you acknowledge that you have read and understood this policy.

For questions about this policy, visit our support resources page or contact a business banking advisor.

Additional resources: Office of the Privacy Commissioner of Canada · Financial Consumer Agency of Canada