Privacy Policy

1. Information We Collect

We collect the following types of information:

• Account information: name, email address, phone number and postal address during registration
• Condo information: information about your syndicate, buildings, units and equipment
• Usage data: information about your use of the platform, pages viewed and features used
• Subscription payment information: to pay your CondoAide subscription, we collect either credit card information (Visa, Mastercard, American Express), or banking details (institution number, transit number, account number) if you choose pre-authorized debit (PAD/ACSS Debit). This information is processed directly by our payment provider Stripe (PCI DSS Level 1 certified, the highest level). CondoAide never stores your raw card or bank account numbers — only a secure token that does not allow reconstruction of the original number. Automatic collection of co-owner contributions by syndicates is also processed by Stripe (Stripe Payments Canada, Ltd.): co-owners who enable the debit authorize a PAD/ACSS mandate, and their banking details are processed by Stripe, which deposits the funds directly into the syndicate's account. CondoAide never holds these funds nor stores raw account numbers.
• PAD mandate for the subscription: if you pay your subscription by PAD, the mandate itself — signed authorization, mandate identifiers and status, including revocations — is retained by Stripe on our behalf. In our own systems we keep only our Stripe billing references (customer and subscription identifiers) and billing history, not the mandate document. This billing data is retained for 7 years after the subscription ends for tax, accounting and legal-compliance purposes.
• Subscription transaction history: amounts, dates, statuses (successful, failed, returned), failure reasons where applicable — for billing and accounting compliance
• Communications: messages exchanged through our support service
• Uploaded documents: any documents you upload to the Service (registers, attestations, reports, photos, etc.)

2. Use of Information

We use your information to:

• Provide and improve our condo management services
• Process your payments and manage your subscription
• Send you important communications about your account
• Inform you of updates and new features (with the option to unsubscribe from non-essential communications)
• Ensure compliance with Bill 16, the regulation adopted under decree 991-2025, and other applicable regulations
• Respond to your support requests
• Detect and prevent fraud, abuse, and violations of our Terms of Service

3. Sharing of Information

We do not sell your personal information. We share certain information with the following sub-processors, who act on our behalf and are bound by a data processing agreement:

• Supabase — Database hosting and file storage. Categories: all application data. Location: Canada (ca-central-1 region).
• Vercel — Web application hosting. Categories: application traffic, no permanent storage. Location: United States and Canada (multiple regions).
• Stripe — Subscription payment processing (credit cards + PAD/ACSS Debit bank withdrawals from the syndicate to CondoAide) and automatic condo-fee collection by pre-authorized debit (PAD/ACSS) from co-owners to the syndicate's account. Categories: payer name, email, billing address, payment method, banking information of co-owners who enabled the debit, subscription and cotisation transaction history. Location: Canada and United States.
• Brevo — Transactional and marketing emails. Categories: email addresses, email content. Location: European Union.
• Anthropic — AI assistant (opt-in features only). Categories: user requests on opt-in AI features. Location: United States.
• OpenAI — AI assistant (opt-in features, fallback). Categories: user requests on opt-in AI features. Location: United States.
• OVHcloud (self-hosted OpenReplay) — Hosts our OpenReplay installation: product telemetry + session recording for technical support. Categories: pseudonymized user identifier, interaction events (pages visited, features used), technical metadata (browser, OS), visual reconstruction of navigation with automatic masking of form fields and sensitive screens. Location: Canada (Montréal, Québec). Self-hosted software — OpenReplay Inc. is not a sub-processor; the operational sub-processor is OVHcloud (hosting and storage).
• OVHcloud (self-hosted GlitchTip) — Hosts our GlitchTip installation: application error and exception tracking, plus application logging. Categories: exception stack trace, log messages, pseudonymized user identifier, URL where the error occurred, technical metadata. Request bodies (form data, authentication headers, cookies) are automatically dropped before storage. Location: Canada (Montréal, Québec). Self-hosted software — the GlitchTip team is not a sub-processor; the operational sub-processor is OVHcloud.
• OVHcloud (self-hosted Plausible) — Hosts our Plausible installation: cookieless, aggregate web analytics (visitor count, pages viewed, traffic sources, city and country) on the public pages of the site. No direct personal information is captured: no cookies, no persistent visitor identifier, no device fingerprint. The IP address is used momentarily to determine the city, then immediately discarded; it is never stored. Statistics are aggregate. Location: Canada (Montréal, Québec). Self-hosted software — the operational sub-processor is OVHcloud.
• Aggregate web analytics — cookieless. To measure overall traffic on our public pages (visitor count, most-viewed pages, traffic sources, city and country breakdown), we use a self-hosted Plausible installation on the same OVHcloud infrastructure in Montréal. Plausible sets no cookies on your device, stores no persistent identifier, and captures no direct personal information. The IP address is used momentarily to determine the city, then immediately discarded; it is never stored. Statistics are aggregate and are not linked to an identifiable visitor. This aggregate measurement runs for all visitors regardless of your cookie banner choice, because no personal information is involved. Retention: 24 months.
• This list is updated when we add or remove a sub-processor. Significant changes will be communicated through this policy and by email.
• Members of your syndicate: depending on the permissions configured in your account, certain information may be visible to other members of your syndicate (for example, your name and payment status may be visible to administrators and the treasurer).
• Legal authorities: we may disclose your personal information if required by law, by court order, or to protect our rights, your safety, or that of others.

4. Data Security

We take the security of your data seriously:

• Encryption in transit: TLS 1.3 between your browser and our servers
• Encryption at rest: AES-256 on the database, backups and stored files
• Passwords: hashed with bcrypt (never stored in plain text, never reversible)
• Authentication tokens: cryptographically signed with HMAC-SHA256 for integrity
• Authentication: secure authentication with two-factor authentication options
• Hosted in Quebec: application served by Vercel (Montreal / yul1 region); database and stored files on Supabase (ca-central-1 / Montreal region). Your condo association data is not transferred outside Canada in normal operation of the Service. Exceptions (subscription payments, opt-in AI features) are described in section 9.
• Access controls: strict role-based permissions, logging of all sensitive actions
• Backups in Quebec: Supabase backups with point-in-time recovery (7 days) and daily snapshots; additional backups kept at two distinct Quebec providers (Montreal and Beauharnois), 30-day retention, with automated weekly restore verification
• Tokenization: bank and credit card information is never stored in plain text on our servers — it is tokenized by Stripe (PCI DSS Level 1 certified)
• Certified sub-processors: Supabase and Vercel are SOC 2 Type 2 certified; Stripe is SOC 2 Type 2 and PCI DSS Level 1 certified
• We commit to an annual third-party penetration test ("pentest") starting in late 2026.

5. Data Retention

We retain your information as long as your account is active or as required by law. Specific retention periods:

• General account data — 90 days after account closure, unless otherwise required by law.
• Condo documents (registers, log book, attestations) — According to the periods prescribed by Bill 16 and the Civil Code of Quebec.
• PAD mandate for subscription payment (metadata held by us; signed document retained by Stripe on our behalf) — 7 years after the mandate ends, for tax, accounting and legal-compliance purposes.
• Subscription transaction data (payments to CondoAide) — 7 years for tax, accounting and regulatory compliance purposes.
• Co-owner condo-fee collection PAD mandate (Payment Service — metadata held by us; signed document retained by Stripe on the syndicate's behalf) — 7 years after the mandate ends, for tax, accounting and legal-compliance purposes.
• Condo-fee transaction data (co-owner debits via the Payment Service) — 7 years for tax, accounting and regulatory compliance purposes.
• Audit logs (sensitive actions) — 7 years for compliance purposes.
• Support communications — 3 years after the last interaction.
• After the periods above, data is permanently deleted from our production systems. Copies may persist in backups for an additional period (up to 30 days) before rotation and destruction.

6. Your Rights

In accordance with Quebec's Law 25, PIPEDA, and applicable laws, you have the right to:

• Access your personal information
• Correct inaccurate or incomplete information
• Request deletion of your data (subject to our legal retention obligations, for example PAD mandates retained for 7 years)
• Withdraw your consent to certain processing (opt-in AI features can be disabled at any time)
• Receive your data in a structured and portable format (JSON or CSV export)
• Object to processing (notably marketing communications)
• De-automate: refuse a decision based solely on automated processing (Law 25 art. 12.1)
• Revoke your PAD mandate for the subscription at any time, free of charge, in accordance with Payments Canada Rule H1
• File a complaint with the Commission d'accès à l'information du Québec (cai.gouv.qc.ca) or the Office of the Privacy Commissioner of Canada (priv.gc.ca) for users outside Quebec
• To exercise any of these rights, contact our Person Responsible for the Protection of Personal Information (see section 7).

7. Person Responsible for the Protection of Personal Information

In accordance with Article 3.1 of Law 25, CondoAide has designated a Person Responsible for the Protection of Personal Information. This person is your point of contact for any question relating to the processing of your personal information, to exercise your rights, or to report a concern.

• Name: Nicolae Racovita
• Title: President of CondoAide and Person Responsible for the Protection of Personal Information
• Email: privacy@condoaide.ca
• Postal address: 4143 chemin Ste-Angélique, Saint-Lazare (Quebec) J7T 2N5, Canada

8. Privacy Incident Notification

In accordance with Law 25, in the event of a privacy incident presenting a risk that serious harm will be caused to a person concerned, we commit to:

• Inform the Commission d'accès à l'information du Québec within reasonable timeframes. Our internal target is to notify within 72 hours of incident confirmation.
• Inform affected individuals without undue delay, by email or any other appropriate means.
• Document each incident in an internal register, including the nature, causes, corrective measures and lessons learned.
• Take necessary measures to limit the harm and prevent recurrence.
• Cooperate fully with personal information protection authorities in case of investigation.

9. International Data Transfers

Some of our sub-processors process personal information outside Quebec or Canada (see the list in section 3). For transfers outside Canada:

• We assess the adequacy of protections offered in the destination jurisdiction
• We put in place appropriate contractual protections with each sub-processor (Data Processing Agreements)
• We limit transfers to what is necessary for the provision of the Service
• For AI features (Anthropic, OpenAI), requests are only sent if you explicitly enable the relevant opt-in features
• For payments (Stripe — Canada and United States), cross-border processing supports both subscription billing and the collection of condo fees through the Payment Service. This includes co-owners' banking details (financial information). This flow is governed by Stripe's data processing agreement (DPA) and its PCI DSS Level 1 certification; account numbers are never stored in plain text by CondoAide. A privacy impact assessment (Law 25, art. 17) covers this transfer.
• If you have questions about a specific transfer or wish to object to a particular processing activity, contact privacy@condoaide.ca.

10. Cookies, Telemetry and Session Recording

Cookie banner. For unauthenticated visitors on the public site and on sign-in pages, OpenReplay telemetry is only enabled if you accept it via the banner that appears on your first visit. Your choice is stored locally (localStorage) and can be changed at any time via the "Reset cookie preferences" link at the bottom of every page. Refusing telemetry does not affect your use of the service — strictly necessary cookies (session, security, language) remain active. OpenReplay session recording. When authenticated, OpenReplay records a reconstruction of your navigation (clicks, scrolls, page changes) to help our support team reproduce a problem when you report it. Enabled by default, can be disabled at any time via Profile → Session recording for support. Form fields and screens containing sensitive information (PAD, attestation, registry, financial statements, insurance proofs, compliance, syndicate members, payments) are masked automatically. GlitchTip error tracking. Remains active regardless of your choice because it is strictly necessary for service quality. Minimized configuration: pseudonymized user identifier, request bodies (form data, authentication headers, cookies) automatically dropped, IP address not transmitted. Retention: 30 days for all flows — events and session recordings on OpenReplay; application logs and error events on GlitchTip. Resolved GlitchTip issue groups are kept 90 days for regression detection. For more information, see our Cookie Policy.

11. Information Concerning Children

The Service is not intended for persons under 14 years of age. We do not knowingly collect personal information from children. If you believe a child has provided personal information to CondoAide, contact privacy@condoaide.ca so that we can proceed with deletion.

12. Changes

We may modify this policy from time to time. We will notify you of material changes by email or through the platform. The last update date is indicated at the top of this page. Continued use of the Service after a modification constitutes your acceptance of the updated version.

13. Contact Us

For any questions about this policy or to exercise your rights:

Appendix — Change History

Version history of this policy:

• Version 1.0 — February 1, 2025 — Initial version.
• Version 1.1 — May 7, 2026 — Added PAD/ACSS Debit payment method; public designation of the Person Responsible for the Protection of Personal Information; expansion of the sub-processor list; addition of the privacy incident notification section; addition of the international data transfers section; addition of PIPEDA and Office of the Privacy Commissioner of Canada references.
• Version 1.2 — June 2, 2026 — Launch of automatic condo-fee collection by pre-authorized debit (PAD/ACSS): Stripe (Stripe Payments Canada, Ltd.) now also processes co-owner contribution debits to the syndicate's account. Sections 1 and 3 and the sub-processor list updated accordingly.
• Version 1.3 — June 13, 2026 — Clarifications on Stripe's processing of condo fees: added distinct retention periods for the co-owner condo-fee mandate and transactions (section 5), and described the cross-border transfer of co-owners' banking details via Stripe, covered by a privacy impact assessment (section 9).