Privacy Policy

1. Who We Are

Co-Tenant is a residential lease analysis service operated by its founders (“we,” “us,” or “our”). We are committed to handling your personal information responsibly and in compliance with applicable Canadian privacy law, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial equivalents.

2. What We Collect

• Account information: Your email address and optional display name, provided at signup and managed through Supabase Authentication.
• Lease documents: Photos or scans of your residential lease that you upload. These are stored encrypted in Supabase Storage.
• Extracted lease data: Text and structured fields extracted from your lease by our OCR and AI analysis pipeline (e.g., rent amount, dates, landlord name, clause text).
• Analysis results: AI-generated findings about your lease, including identified flags, deadlines, and rent control status.
• Community contributions (optional): If you choose to contribute, your anonymized rent amount for community benchmarking, outcome reports, and referral reviews. These are always stored separately from your identity and are anonymized upon account deletion.
• Feedback submissions: Any feedback or complaint reports you submit through the Service.

3. How We Use Your Information

• To provide the lease analysis service you requested.
• To improve the accuracy of AI analysis (lease text may be reviewed by our team to correct errors — never shared externally or used to train third-party models without your consent).
• To generate anonymized community statistics (rent benchmarks, outcome distributions).
• To respond to feedback and improve the Service.
• To comply with our regulatory obligations under the A2I sandbox (Ontario).

4. Third-Party Services

We use the following third-party services to operate Co-Tenant:

• Supabase (database, authentication, file storage) — data stored in servers located in Canada/US. See supabase.com/privacy.
• Railway (backend hosting) — servers in US. See railway.app/legal/privacy.
• Vercel (frontend hosting) — servers in US/global CDN. See vercel.com/legal/privacy-policy.
• Anthropic (AI analysis via Claude API) — lease text is sent to Anthropic’s API for analysis. Anthropic’s API data is not used to train models. See anthropic.com/privacy.

5. Data Retention

Your data is retained for as long as your account is active. Lease photos are automatically purged after 90 days to minimize storage of sensitive documents. Extracted text and analysis results are retained indefinitely unless you delete your account.

6. Account Deletion

You may delete your account at any time from the account settings menu. Upon deletion, all personal data (leases, analyses, photos) is permanently deleted. Community-contributed data (anonymized rent benchmarks, outcome reports, referral reviews) is retained in anonymized form with no link to your identity, so that aggregate community statistics are preserved for other tenants.

7. Your Rights

Under applicable Canadian privacy law, you have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Request deletion of your personal information.
• Withdraw consent (which may limit your ability to use the Service).

To exercise these rights, contact us through the feedback form in the Service.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Terms acceptance gate within the Service.