Compliance is not optional.
We built it in.

Canadian Anti-Spam Legislation — among the strictest in the world

• Express consent obtained and logged with timestamp, method, and purpose before any commercial electronic message (CEM)
• Implied consent tracked with automatic expiration: 2 years for existing business relationships, 6 months for referrals and inquiries
• Every CEM includes sender identification, physical address, and functional unsubscribe mechanism
• Unsubscribe requests processed within 10 business days as required by law
• Consent records stored as tamper-proof audit trail with cryptographic verification
• Consent type (express vs. implied) displayed in agent dashboard for every contact
• Third-party consent not accepted — consent must be specific to your organization

Personal Information Protection and Electronic Documents Act — 10 Fair Information Principles

• Accountability: Designated Privacy Officer responsible for compliance across the platform
• Identifying purposes: Data collection purpose disclosed at point of collection
• Consent: Meaningful, informed consent obtained before collecting, using, or disclosing personal information
• Limiting collection: Only personal information necessary for identified purposes is collected
• Use, disclosure, and retention limited to stated purposes — no secondary use without fresh consent
• Accuracy: Individuals can access and correct their personal information at any time
• Safeguards: Encryption at rest (AES-256) and in transit (TLS 1.3), access controls, incident response
• Breach notification to Privacy Commissioner and affected individuals within 72 hours of discovery
• Right to file complaint with the Office of the Privacy Commissioner of Canada (OPC)

Real Estate Council of Ontario — Trust in Real Estate Services Act, 2002

• Client data confidentiality: strict data segregation between brokerages and agents
• Record retention: all transaction records, communications, and consent logs retained for minimum 6 years as required by TRESA
• Advertising compliance: AI-generated messages and property descriptions flagged for brokerage review before sending
• Dual agency disclosure: automated systems identify potential conflicts and flag for manual disclosure
• Material fact documentation: call summaries and communication logs preserved as evidence of disclosure obligations
• Brokerage oversight: managing brokers can audit all agent communications and AI interactions
• Registration verification: platform displays agent registration status and brokerage affiliation in all communications

Alberta PIPA, BC PIPA, and Quebec Law 25 — substantially similar legislation

• Alberta PIPA: consent requirements and breach notification aligned with Alberta OIPC guidelines
• BC PIPA: data residency awareness — notification when personal information stored outside Canada
• Quebec Law 25: Privacy impact assessments conducted for any new feature handling Quebec resident data
• Quebec Law 25: Automatic de-identification of personal information when used for analytics or AI training
• Quebec Law 25: Right to data portability honored — contacts exportable in structured format on request
• Cross-provincial data transfers handled in compliance with each province’s adequacy requirements
• Provincial regulator contact information provided to users upon request