Skip to main content

Privacy Policy

Last updated: April 23, 2026

1. Information We Collect

We collect the following information when you use ContractCheck:

  • Account information: Name, email address, province, and password (hashed, never stored in plain text).
  • Documents: PDF files you upload for analysis. These are stored securely and associated with your account.
  • Analysis results: AI-generated findings, risk scores, and recommendations produced from your documents.
  • Chat messages: Questions you ask about your documents and AI responses.
  • Payment information: Processed securely by Stripe. We do not store your credit card number, CVV, or full card details on our servers.
  • Usage data: Pages visited, features used, session information (IP address, browser type).
  • Signup information: IP address, browser user agent, and referral source collected at account creation for fraud prevention and security purposes.

2. How We Use Your Information

  • To provide and improve our contract analysis service
  • To process your payments via Stripe
  • To send transactional emails (receipts, analysis notifications, password resets)
  • To respond to support requests
  • To monitor and improve application performance and security
  • To comply with legal obligations

3. How We Protect Your Information

  • All data is transmitted over HTTPS (TLS encryption)
  • Passwords are hashed using bcrypt (never stored in plain text)
  • Sensitive fields are encrypted at rest using ActiveRecord Encryption
  • Session tokens use signed, httponly cookies
  • Payment processing is handled entirely by Stripe (PCI-DSS compliant)
  • Application errors are monitored via Sentry (no PII transmitted)
  • Rate limiting protects against abuse

4. AI Processing of Your Documents

When you upload a document, it is processed by AI language models (such as Claude by Anthropic and GPT by OpenAI) to generate your analysis. Your document text is sent to these AI providers for processing. We do not use your documents to train AI models. The AI providers' own privacy policies govern their handling of data during processing.

5. Partner Program Data

If you participate in the ContractCheck Partner Program, we additionally collect and process:

  • Company/brokerage information: Business name and phone number provided during partner registration.
  • Referral data: Records of customers referred by you, including which plans they purchased and commission amounts earned.
  • Payout information: Processed via Stripe Connect. Banking details, identity verification documents, and tax information (e.g., SIN/BN) are collected by Stripe directly and governed by Stripe's privacy policy. We do not store your banking details.
  • Commission history: Transaction records of commissions earned, paid, disputed, or reversed, retained for tax and accounting purposes.
  • Buyer delegation data: Email addresses of buyers you invite for courtesy reviews.

Partner program data is retained for a minimum of 7 years after the last transaction for tax compliance (CRA requirements). Partners may request deletion of non-financial personal data at any time.

6. Third-Party Services

We use the following third-party services:

  • Stripe — Payment processing and Partner commission payouts (Stripe Connect)
  • Anthropic (Claude) / OpenAI (GPT) — AI document analysis
  • SendGrid — Transactional email delivery
  • Sentry — Error monitoring (no PII)
  • PostHog — Product analytics (anonymized)

Each service has its own privacy policy. We only share the minimum data required for each service to function.

7. Data Sharing

We do not sell, rent, or trade your personal information. We do not share your documents or analysis results with anyone. We will only disclose information if required by law or to protect our rights.

8. Data Retention

Your account data, documents, and analysis results are retained as long as your account is active. You may request deletion of your account and all associated data by contacting us. Upon deletion, all data is permanently removed within 30 days.

9. Your Rights (PIPEDA)

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to:

  • Access your personal information
  • Request correction of inaccurate information
  • Withdraw consent for certain data uses
  • Request deletion of your data
  • File a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, contact us at the email below.

10. Cookies

We use essential cookies only:

  • Session cookie — Keeps you logged in (httponly, signed)
  • Theme preference — Remembers your light/dark mode choice (localStorage)

We do not use advertising or tracking cookies.

11. Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated via email or a notice on our website. Continued use of the service after changes constitutes acceptance.

12. Contact

For privacy-related questions or requests:

Email: [email protected]

ContractCheck — AI-Powered Real Estate Contract Review