Privacy Policy
Realtorhub AI is committed to protecting your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Canadian privacy law. This policy explains what we collect, why we collect it, and your rights.
1. Who We Are
Realtorhub AI ("Realtorhub," "we," "us," or "our") is a software platform that helps Canadian real estate agents screen rental applicants using AI-assisted analysis. Our platform is available at realtorhub.ai.
For privacy inquiries, the person accountable for compliance with this policy is our Privacy Officer. Please contact us using our contact form.
2. Information We Collect
Account Information
When you register, we collect your name, email address, brokerage name, and RECO registration number. This is used to verify you are a licensed real estate agent in Canada.
Listing & Application Data
When you create a listing, we store the property address, rent amount, and unit details you provide. When you submit a rental application for screening, we process the applicant's name, contact details, employment and income information, and any documents you upload or share with us.
Gmail Data
If you connect your Gmail account, we access emails in your inbox that relate to rental applications (subject lines, body text, attachments). See Section 5 for full details.
Usage Data
We automatically collect standard server logs including your IP address, browser type, pages visited, and timestamps. This data is used for security monitoring and product improvement.
Device & Browser Information
We collect browser version, operating system, and screen resolution to ensure compatibility and diagnose issues.
3. How We Use Your Information
| Purpose | Legal Basis (PIPEDA) |
|---|---|
| Provide the applicant screening service | Consent at account creation; contractual necessity |
| Verify agent licensing with RECO | Legitimate interest (compliance and trust) |
| Generate AI-assisted screening reports | Consent (explicit opt-in to AI features) |
| Send service emails (alerts, reports, confirmations) | Contractual necessity |
| Analyse aggregate usage patterns to improve the product | Legitimate interest; anonymised data only |
| Comply with law enforcement requests or legal obligations | Legal obligation |
We do not sell your personal information or applicant data to any third party, ever.
4. Third-Party Processors
We share data with the following sub-processors solely to deliver our service. All processors are contractually bound to protect data in accordance with PIPEDA.
| Processor | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database, authentication, file storage | All account, listing, and application data | USA (SOC 2 Type II) |
| Anthropic | AI-powered screening analysis (Claude) | Application text, documents (no applicant PII sent beyond what is necessary) | USA |
| Gmail OAuth, Google Analytics 4 | Gmail access tokens; anonymised usage events | USA / global | |
| CanLII | Legal database lookups for tenancy history | Name queries only; no data stored by CanLII on our behalf | Canada |
| Vercel | Web hosting and edge delivery | Request logs, IP addresses | USA / global CDN |
5. Gmail Integration
Realtorhub's use of Google user data, including data obtained through the Gmail API, is subject to the Google API Services User Data Policy, including the Limited Use requirements.
What we access
- Emails whose subject lines or senders match rental application patterns
- Attachments (pay stubs, ID documents, reference letters) in those emails
What we do not access
- Personal emails unrelated to rental applications
- Emails in your Sent, Drafts, Spam, or Trash folders (unless you explicitly grant access)
- Your Google Calendar, Drive, or any other Google service
Token storage
Your Gmail OAuth refresh token is stored encrypted in our Supabase database. We use it only to fetch new emails on your behalf when you are actively using the platform. We never share your token with third parties.
Revoking access
You can disconnect Gmail at any time from Settings → Gmail Integration. Revoking access deletes your stored token immediately. You can also revoke access directly from your Google Account Permissions page.
Realtorhub AI does not use Gmail data to serve advertisements, train AI models, or for any purpose other than providing rental applicant screening to you.
6. AI Processing
We use Anthropic's Claude AI to analyse application documents and generate screening summaries. When you trigger an AI report, relevant application text and documents are sent to Anthropic's API.
Anthropic does not use API inputs to train their models per their privacy policy. We send only the minimum data necessary to generate the report — we do not transmit applicant social insurance numbers, banking details, or health information.
AI-generated reports are advisory only. See our Terms of Service — AI Disclaimer for important limitations.
7. Analytics & Cookies
We use Google Analytics 4 to understand how agents use our platform. We implement Google Consent Mode v2 — analytics only activate if you have accepted cookies.
Cookies we set
| Cookie | Purpose | Duration |
|---|---|---|
rh_cookie_consent | Stores your cookie preference (accept/decline) | 1 year |
sb-* (Supabase) | Authentication session management | Session / 7 days |
_ga, _ga_* (Google) | Analytics (only set with consent) | 2 years |
You can change your cookie preferences at any time by clicking .
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 2 years after closure |
| Application screening reports | 7 years (applicable provincial landlord recordkeeping requirements) |
| Gmail OAuth tokens | Until you disconnect Gmail or close your account |
| Server/access logs | 90 days |
| Analytics data (GA4) | 14 months (Google Analytics default) |
Upon account closure, we delete or anonymise your personal information within 30 days, except where we are required by law to retain it.
9. Your Rights
Under PIPEDA, you have the right to:
- Access — Request a copy of the personal information we hold about you
- Correction — Ask us to correct inaccurate or incomplete information
- Deletion — Request that we delete your personal data, including data collected via Facebook or Google Login. We will action deletion requests within 30 days.
- Withdrawal of consent — Withdraw consent for processing, subject to legal or contractual restrictions
- Complaint — File a complaint with the Office of the Privacy Commissioner of Canada
To exercise any of these rights, please use our contact form with your name and request. We will respond within 30 days. For step-by-step data deletion instructions, including how to remove data collected via Facebook Login, visit our Data Deletion Request page.
10. Security
We implement industry-standard safeguards including TLS 1.3 encryption in transit, AES-256 encryption at rest (Supabase), row-level security policies, and access controls that limit employee access to personal data.
In the event of a data breach that poses a real risk of significant harm to individuals, we will notify affected users and the Office of the Privacy Commissioner of Canada within 72 hours of becoming aware of the breach.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of the platform after the effective date constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices:
- Contact Form: Use our contact form to reach out
- Website: realtorhub.ai
You may also contact the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.