Privacy notice

The Government of Canada and the Canada Revenue Agency (CRA) are committed to providing websites that respect the privacy of visitors. This privacy notice summarizes the privacy practices for the CRA's online activities.

All personal information collected by this institution is governed by the Privacy Act. This means that you will be informed of the purpose for which your personal information is being collected and how to exercise your right of access to that information.

Your privacy and the Internet

The nature of the Internet is such that web servers automatically collect certain information about a visit to a website, including the visitor's Internet Protocol (IP) address. IP addresses are unique numbers assigned by Internet Service Providers (ISP) to all devices used to access the Internet. Web servers automatically log the IP addresses of visitors to their sites. The IP address, on its own, does not identify an individual. However, in certain circumstances, such as with the co-operation of an ISP for example, it could be used to identify an individual using the site. For this reason, the Government of Canada considers the IP address to be personal information, particularly when combined with other data automatically collected when a visitor requests a webpage such as the page or pages visited, date, and time of the visit.

Unless otherwise noted, the CRA does not automatically gather any specific personal information, such as name, telephone number, or email address from those who visit our webpages. We would obtain this type of information only if you supply it to us, for example, by email, or by filling in a contact form, or when you file an electronic tax return online, or conduct other online transactions with us. When we collect personal information from you during an online transaction, we explain why we are doing so and how you can exercise your right to access that information. The explanation we provide is often in the form of a privacy notice or statement. In cases where services are provided by organizations outside of the Government of Canada, such as social media platforms or mobile applications, IP addresses may be recorded by the web server of the third-party service provider.

Communicating with the Government of Canada

If you choose to send the CRA an email or complete a feedback form online, your personal information is used by the agency in order to respond to your inquiry. The information you provide will only be shared with another government institution if your inquiry relates to that institution. The CRA does not use the information to create individual profiles nor does it disclose the information to anyone other than to those in the federal government who need to provide you with a response. Any disclosure of your personal information is in accordance with the Privacy Act.

Emails and other electronic methods used to communicate with the CRA are not secure unless it is specifically stated on a webpage. Therefore, it is recommended that you do not send sensitive personal information, such as your social insurance number or your date of birth, through non-secure electronic means.

Personal information from emails or completed feedback forms is collected pursuant to section 5 of the Canada Revenue Agency Act. Such information may be used for statistical, evaluation and reporting purposes and is included in Personal Information Bank (PIB) Public Communications (CRA PSU 914).

Third-party social media

The CRA's use of social media serves as an extension of its presence on the web. Social media account(s) are public and are not hosted on Government of Canada servers. Users who choose to interact with us via social media should read the terms of service and privacy policies of these third-party service providers and those of any applications you use to access them. The CRA uses Twitter , YouTube.

Personal information that you provide to the Government of Canada via social media account(s) is collected under the authority of the section 5 of the Canada Revenue Agency Act. This information is collected to capture conversations (for example, questions and answers, comments, "likes," retweets) between you and the CRA. It may be used to respond to inquiries, or for statistical, evaluation, and reporting purposes. Comments posted that violate Canadian law will be deleted and disclosed to law enforcement authorities. Comments that violate our rules of engagement will also be deleted. The personal information is included in Personal Information Bank Outreach Activities (CRA PSU 938).

Improving your experience on Government of Canada websites

Digital markers (including cookies)

A digital marker is a resource created by the visitors' browser in order to remember certain pieces of information for the web server to reference during the same or subsequent visit to the website. Examples of digital markers are "cookies" or HTML5 web storage. Some examples of what digital markers do are as follows:

  • they allow a website to recognize a previous visit each time the visitor accesses the site;
  • they track what information is viewed on a site, which helps website administrators ensure visitors find what they are looking for.

The CRA uses sessional and persistent digital markers on some portions of its website. During your online visit, your browser exchanges data with the CRA's web server. The digital markers used do not allow the CRA to identify individuals.

You may adjust your browser settings to reject digital markers, including cookies, if you so choose. However, it may affect your ability to interact with the CRA's website.

Web analytics

Web analytics is the collection, analysis, measurement, and reporting of data about web traffic and visits for purposes of understanding and optimizing web usage. Information in digital markers may be used for the purpose of web analytics to remember your online interactions with the CRA's website.

The CRA uses web analytics tools to improve its website. When your computer requests a CRA webpage, our institution collects the following types of information for analytics purposes:

  • the originating IP address
  • the date and time of the request
  • the type of browser used
  • the page(s) visited

The CRA uses WebTrends internally and retains information collected for web analytics for a maximum period of 18 months. After this period, the information must be disposed of in accordance with the Standard on Privacy and Web Analytics and as authorized by the Librarian and Archivist of Canada. The information is not disclosed to an external third-party service provider.

The CRA uses Google Analytics and the information collected is disclosed to Google, an external third-party service provider. Your IP address is anonymized prior to being stored on the service provider's servers in order to help safeguard your privacy. The information collected is de-personalized by utilizing Google "anonymizeIP" feature. If you wish, you may opt out of being tracked by Google Analytics by disabling or refusing the cookies; by disabling JavaScript within your browser; or by using the Google Analytics Opt-Out Browser Add-On. Disabling Google Analytics or JavaScript will still permit you to access comparable information or services from our website. However, if you disable your session cookie option, you will still be able to access our public website, but you might have difficulties accessing any secure services.

Data collected using Google Analytics for web analytics purposes goes outside of Canada to Google servers and may be processed in any country where Google operates servers and may be subject to the governing legislation of that country, such as the USA Patriot Act. For further information about Google Analytics, please refer to the Google Analytics terms of service.

Information used for the purpose of web analytics is collected pursuant to the Standard on Privacy and Web Analytics. Such data may be used for communications and information technology statistical purposes, audit, evaluation, research, planning, and reporting. For more information on how your privacy is safeguarded in relation to web analytics, see the Standard on Privacy and Web Analytics.

Protecting the security of Government of Canada websites

The CRA employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. This software receives and records the IP address of the computer that has contacted our website, the date and time of the visit and the pages visited. We make no attempt to link these addresses with the identity of individuals visiting our site unless an attempt to damage the site has been detected.

This information is collected pursuant to section 161 of the Financial Administration Act. The information may be shared with appropriate law enforcement authorities if suspected criminal activities are detected. Such information may be used for network security related statistical purposes, audit, evaluation, research, planning, and reporting and is included in Personal Information Bank Security Incidents (CRA PSU 939).

Inquiring about these practices

Any questions, comments, concerns or complaints you may have regarding the administration of the Privacy Act and privacy policies regarding the CRA's web presence may be directed to our Access to Information and Privacy Coordinator by email to ATIP-AIPRP@cra-arc.gc.ca, by calling 613-960-5393 (Ottawa area) or 1-866-333-5402, or writing to the following address:

Director, ATIP Directorate
Canada Revenue Agency
555 MacKenzie Avenue, 5th Floor
Ottawa ON K1A 0L5

If you are not satisfied with the CRA's response to your privacy concern, you may wish to contact the Office of the Privacy Commissioner by telephone at 1-800-282-1376.

Report a problem or mistake on this page
Please select all that apply:

Privacy statement

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: