Legal

Privacy Policy

Effective date: 2026-05-26 — replaces all prior versions

DeveloperDirect (“we,” “us,” “DeveloperDirect”) operates a platform with two distinct surfaces: a public real estate information site at developerdirect.ca, and a private white-label buyer relationship portal (the “Pro Portal”) delivered on behalf of residential builders at subdomains such as [builder].developerdirect.ca. This policy covers both surfaces and describes how we collect, use, and protect personal information in compliance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Who This Policy Applies To

This policy applies to:

Public visitors— anyone browsing developerdirect.ca without an account.
Registered members— buyers who create an account on the public site.
Pro Portal members— purchasers accessing a builder’s private portal through their invitation.
Builder accounts— real estate developers and their team members using the platform.

2. Information We Collect

Public site visitors

When you visit our public site, our hosting provider (Vercel) automatically logs your IP address, browser type, device type, pages visited, and referring URL. We use this for security monitoring and platform improvement only. We do not link this data to your identity. Calculator inputs you enter on our free tools are never stored.

Registered members (public site)

Name and email address when you register.
Documents you voluntarily upload for AI-assisted review. These are stored in your private workspace and never shared with builders or any third party.
Project inquiry submissions: name, email, phone number, and any message you send through a project page. This information is forwarded to the builder whose project you inquired about.

Pro Portal members (purchasers)

When you access a builder’s Pro Portal as a purchaser, we collect and store on behalf of that builder:

Name, email address, phone number, and preferred language.
Your linked property details (lot number, model, possession date, purchase price).
Documents shared with you by the builder, and documents you upload to your transaction workspace.
Appointment records, message threads with the builder’s team, and survey responses.
Selections you make within the portal (e.g., exterior package choices, PDI deficiency notes).
Push notification subscription tokens if you opt in to notifications.
Date of birth and possession anniversary date if you choose to share them for relationship communications.

Builder accounts

Company name, contact details, and account information for team members.
Project content: pricing data, floor plans, marketing materials, construction milestones, and other documents uploaded to the platform.
Purchaser contact lists and communication records within the portal.

3. How We Use Personal Information

To operate the platform and deliver its services to builders and their purchasers.
To facilitate communication between purchasers and builder teams (messages, appointments, notifications).
To route project inquiries to the relevant builder sales team.
To deliver AI-assisted document review results to the member who submitted the document.
To send transactional emails (account confirmations, message notifications, appointment reminders, deposit reminders).
To maintain platform security, detect fraud, and enforce our terms of service.
To improve the platform using aggregated, non-identifying analytics.

We do not use personal information for advertising, behavioural profiling, or any purpose beyond operating the platform.

4. Who We Share Information With

Builder ↔ Purchaser sharing

When you submit an inquiry on a project page, your contact information is shared with that builder’s sales team. Within the Pro Portal, communication and transaction data is shared between the purchaser and the builder on whose platform you are registered. No purchaser data is ever shared with a different builder.

Service providers

We use the following infrastructure providers, each bound by their own privacy and security obligations. All process data solely to deliver their contracted services to us.

Vercel— application hosting, CDN, and file storage. SOC 2 Type II, ISO 27001:2022 certified.
Neon— managed PostgreSQL database. SOC 2 Type II, ISO 27001 certified.
Cloudflare R2— document and file storage. SOC 2 Type II, ISO 27001, PCI DSS certified.
Anthropic— AI document analysis. SOC 2 Type II certified. Zero data retention policy for API use (see Section 6).
Resend— transactional email delivery. SOC 2 compliant.
Google— OAuth sign-in (if you choose to sign in with Google).

We do not sell personal information to any party under any circumstances.

5. Data Residency

All application data — including purchaser records, transaction documents, and communication history — is stored on infrastructure located in the United States (AWS us-east region), operated by Neon and Cloudflare. Application traffic is served via Vercel’s global edge network, but no personal data is persisted at edge nodes. All data is encrypted at rest (AES-256) and in transit (TLS 1.3).

6. AI Processing & Data Confidentiality

When a document is submitted for AI-assisted review, its content is transmitted to Anthropic’s Claude API for processing. Anthropic operates under a zero data retention policyfor API customers: document content is processed in memory only and is not stored, logged, or used to train AI models. Anthropic’s API terms expressly prohibit any use of submitted content beyond processing the immediate request. The AI-generated review result is returned to DeveloperDirect and stored in your secure portal record only.

7. Data Isolation Between Builders

Each builder on the platform operates within a logically isolated data environment. Builder data, purchaser records, and uploaded documents are scoped to that builder’s account at both the application and database layers. No builder can access another builder’s data, and no purchaser can access another purchaser’s records.

8. How Long We Keep Information

Pro Portal data(purchaser records, documents, communications): retained for the duration of the builder’s subscription plus 12 months, unless deletion is requested earlier.
Public site inquiry data: retained for up to 24 months from last interaction.
Server logs: retained for up to 90 days.
Deleted account data: purged within 30 days of a verified deletion request.

9. Your Rights Under PIPEDA

You have the right to:

Access the personal information we hold about you.
Correct inaccurate or incomplete information.
Withdraw consent for non-essential processing at any time.
Request deletion of your personal information, subject to legal retention obligations.
Lodge a complaint with the Office of the Privacy Commissioner of Canada if you believe your rights have not been respected.

To exercise any of these rights, contact us at contact@developerdirect.ca. We will respond within 30 days.

10. Cookies & Local Storage

We use session cookies strictly for authentication (to keep you signed in) and local storage to remember your language preference and notification settings. We do not use third-party advertising cookies or tracking pixels. You can clear cookies and local storage at any time through your browser settings, which will sign you out of your account.

11. Security

We implement industry-standard security controls including TLS 1.3 encryption for all data in transit, AES-256 encryption at rest, role-based access controls (RBAC), bcrypt password hashing, and HTTP security headers across all platform surfaces. For security concerns or vulnerability reports, contact security@developerdirect.ca.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated to registered users by email at least 14 days before taking effect. The current version is always available at this URL with an updated effective date.

13. Contact & Complaints

DeveloperDirect
Vaughan, Ontario, Canada
contact@developerdirect.ca

If you are not satisfied with our response to a privacy concern, you may contact the Office of the Privacy Commissioner of Canada.