CondoVitals Privacy Policy
Version: 2026-07-14-draft · Effective date: not yet in force — pending lawyer review (Gate #4).
CondoVitals ("we," "us") reads Ontario condominium status-certificate packages that users upload and turns them into plain-language findings reports. A status certificate is a sensitive financial document, and this policy explains — mapped to the ten fair-information principles of PIPEDA (the Personal Information Protection and Electronic Documents Act, Schedule 1) — exactly what we collect, why, what happens to it, and what your choices are.
The one-paragraph version: you give express opt-in consent before every upload; we process your document to produce your findings report and then delete the uploaded files (immediately after analysis, with a 24-hour hard sweep as the backstop); the extracted findings stay in your account for you; your documents are never used to train models without your separate express consent; and the only third parties that touch your data are the processors needed to run the service, under contracts requiring comparable protection.
Principle 1 — Accountability
CondoVitals is responsible for personal information under its control, including information transferred to third-party processors.
- Privacy Officer: [TO COMPLETE — a named individual accountable for privacy compliance] · privacy@condovitals.ca
- The Privacy Officer is accountable for this policy, handles access and correction requests, complaints, and breach response.
- Where a processor handles personal information on our behalf (see "Processors" below), we use contractual means to require a comparable level of protection to this policy while the information is in the processor's hands.
Principle 2 — Identifying Purposes
We collect and use personal information for these purposes, identified at or before the time of collection:
- Analyze your uploaded status certificate into a findings report — the core purpose. The document is processed to extract and summarize what it discloses (reserve fund, special assessments, litigation, budget, insurance) into a report for your account.
- Operate your account — sign-in, scan history, showing you your reports.
- Process payments and refunds — via our payment processor.
- Deliver gift scans — connecting a purchaser's payment to a redeeming buyer's scan (the purchaser does not gain access to the buyer's document or report; see the Terms of Service).
- Teaser (free headline check) follow-up — if you use the free check and give us your email address for that purpose, we use it to send the headline result and related CondoVitals information, with an unsubscribe in every message. Teaser email addresses are not sold or shared.
- First-party service analytics — understanding how the service is used so we can run and improve it (see "Analytics" below).
- Legal and safety obligations — records we are required to keep (e.g., payment records, consent records, the breach log described below).
A new purpose gets new consent: we do not use your information for a purpose not identified here without first identifying it and obtaining your consent.
Principle 3 — Consent
- Express, opt-in consent before upload. A status certificate is sensitive financial information, so we do not rely on implied consent. Before any upload (or gift-scan redemption), you are shown a plain-language consent statement describing the purpose and the handling rules, and you actively opt in. Your consent is recorded per scan, together with the version of the consent wording you accepted.
- Gift scans: the redeeming buyer gives their own express consent at redemption. A purchaser cannot consent on the buyer's behalf.
- No model training without separate express consent. Your uploaded documents and extracted findings are never used to train or fine-tune machine-learning models unless you give a separate, explicit, opt-in consent to that specific use. Declining has no effect on your scan.
- Withdrawal. You can withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice, by contacting privacy@condovitals.ca. Withdrawal stops future collection and use; we will explain any consequences (for example, that we cannot produce a report without processing the document). Because uploaded files are deleted after analysis, withdrawal after a scan applies to the retained findings, which we will delete on request except where retention is required by law.
Principle 4 — Limiting Collection
We collect only what the identified purposes need:
- The document you upload (the status-certificate package) — for analysis only.
- Account data: email address and authentication data.
- Scan metadata: scan status, tier, timestamps, consent version, low-confidence flags.
- Payment data: handled by our payment processor; we receive confirmation and the minimum needed for receipts and refunds, not full card numbers.
- Teaser leads: the email address you provide, if you provide one.
- First-party analytics events (see "Analytics").
We do not collect information from data brokers, do not scrape your other documents, and do not require any personal information beyond what the scan and your account need.
Principle 5 — Limiting Use, Disclosure, and Retention (Process-and-Purge)
- Uploaded files are deleted immediately after analysis completes. As a backstop, a hard sweep permanently deletes any remaining uploaded files within 24 hours of upload, whether or not analysis succeeded.
- Extracted findings are retained for your account so you can view, print, and share your report. You can delete your reports and account at any time.
- De-identified building-level aggregates: we may retain building-level, de-identified aggregate data derived from findings (for example, that a given building's certificate disclosed a special assessment in a given year) under a documented internal aggregation policy. These aggregates describe buildings, not people: they exclude names, unit numbers, prices, and anything else identifying you or your transaction, and are maintained so that they cannot be re-linked to an identifiable individual. This retention is disclosed here so it forms part of what you consent to.
- Disclosure: we do not sell or rent personal information. We disclose it only to the processors needed to run the service (below), when required by law, or with your consent (for example, when you share your own report).
- Consent and payment records are kept as required for legal and audit purposes; the breach log is kept per the "Breach response" section below.
Principle 6 — Accuracy
We keep personal information as accurate, complete, and up to date as the purposes require. Specific to our product: automated document reading can misread fields, so the findings report marks low-confidence fields instead of guessing, and your original document remains the authoritative source. You can request correction of your account information and of extraction errors in your retained findings (see Principle 9).
Principle 7 — Safeguards
Safeguards are proportional to sensitivity, and status certificates are sensitive:
- Encryption in transit (TLS) for all uploads and access, and encryption at rest for stored files and databases.
- Access controls: access to user documents and findings is restricted to what operating the service requires; administrative access is limited and logged.
- Deletion as a safeguard: the process-and-purge design (Principle 5) means the most sensitive artifact — your full document — has the shortest possible life on our systems.
- Processor safeguards are addressed by contract (Principle 1 and "Processors" below).
Principle 8 — Openness
This policy is public, written in plain language, and versioned. The consent wording shown at upload, the current policy version, and the Privacy Officer contact are available on the site. Material changes are posted with a new version string, and account holders are notified before material changes take effect.
Principle 9 — Individual Access and Correction
On written request to privacy@condovitals.ca, we will tell you what personal information we hold about you, what it is used for, and to whom it has been disclosed, and give you access to it — normally within 30 days and at no cost, subject to the limited exceptions PIPEDA allows (we will explain any exception we rely on in writing). If you demonstrate that information is inaccurate or incomplete, we will correct it and, where appropriate, transmit the correction to third parties with access to it. Note that because uploaded files are purged after analysis, access requests typically cover your account data, retained findings, scan metadata, and consent records.
Principle 10 — Challenging Compliance
Concerns or complaints about our handling of your personal information go to the Privacy Officer at privacy@condovitals.ca. We investigate all complaints and, where justified, amend our practices and this policy. If you are not satisfied with our response, you can complain to the Office of the Privacy Commissioner of Canada (OPC) — www.priv.gc.ca · 1-800-282-1376.
Processors (Third Parties That Touch Your Data)
We use a small set of processors, each bound by contract to a comparable level of protection and used only for the stated purpose:
| Processor | Role | Data touched | Notes |
|---|---|---|---|
| Cloud hosting provider | Runs the application and storage | Uploaded files (until purge), findings, account data | Encryption at rest; access controls |
| Anthropic (Claude API) | Automated document extraction | Document content during analysis | Not used to train Anthropic models per our API terms; US-based — see cross-border note |
| Stripe | Payment processing | Payment details, billing email | CondoVitals never stores full card numbers; US-based — see cross-border note |
Cross-border note: some processors store or process data in the United States. While in another jurisdiction, your information is subject to that jurisdiction's laws, including lawful-access regimes; we require comparable protection by contract, but contractual measures cannot override foreign law. By consenting to a scan you consent to this processing, as PIPEDA's accountability principle requires us to disclose.
Breach Response
- We maintain a breach-response plan owned by the Privacy Officer.
- If a breach of security safeguards creates a real risk of significant harm (RROSH) to an individual — assessed on the sensitivity of the information and the probability of misuse — we report to the OPC and notify affected individuals as soon as feasible, as PIPEDA requires.
- We keep records of every breach of security safeguards, whether or not it meets the RROSH threshold, for 24 months, consistent with PIPEDA's record-keeping requirements (knowing contravention of the reporting and record-keeping rules is an offence under PIPEDA s.28).
Analytics
Analytics are first-party only: we measure use of our own service (pages, scan funnel, errors) using our own instrumentation, tied to our own infrastructure. We do not embed third-party advertising trackers, cross-site tracking pixels, or social-media trackers, and we do not share analytics data with ad platforms. Analytics events do not include the content of your documents.
Teaser Email Leads
If you run a free headline check and provide an email address, that address is stored as a lead for the purposes in Principle 2: delivering your headline result and sending CondoVitals-related email with an unsubscribe link in every message (per Canada's anti-spam legislation). Teaser leads are never sold, never shared with third parties for their own use, and are deleted on unsubscribe or on request.
Children
The service is for adults involved in real-estate transactions and is not directed to children. We do not knowingly collect personal information from anyone under 18.
Changes to This Policy
Changes are posted with a new version string. Material changes are notified to account holders before they take effect, and a new consent is requested where a change involves a new purpose for information already collected.
Contact
Privacy Officer: [TO COMPLETE — named individual] · privacy@condovitals.ca
General support: support@condovitals.ca
CondoVitals is not a law firm and does not provide legal, financial, tax, or engineering advice. This is general information to help you understand your document. It is not a substitute for advice from a licensed lawyer or advisor. Always confirm anything important with your own professional before you act.