Privacy Policy
Last Updated: March 29, 2026
1. Scope and Application
This Privacy Policy applies to:
- Mortgage professionals who use our Service ("Users"), including account holders and their authorized team members
- Individuals whose personal information is uploaded to the Service by Users ("Clients")
- Visitors to our website and client-facing tools (e.g., Grade My Mortgage, client update links)
- Participants in our referral or partner program ("Partners")
- Anyone who contacts us or receives communications from us
2. Accountability
RateGuard Pro has designated a Privacy Officer who is accountable for our compliance with this Privacy Policy and applicable privacy laws.
Privacy Officer Contact:
Email: jeff@rateguardpro.ca
Mailing Address: 879 Cariou Valley Circle, Newmarket, Ontario L3X 1W9
3. Information We Collect
3.1 Information from Users (Mortgage Professionals)
Account Information: Name, email address, phone number, brokerage name, licence number, brokerage licence number, provinces licensed, mailing address.
Authentication Information: Password (stored as a one-way hash), session tokens, password reset tokens.
Payment Information: Billing details processed by our payment processor, Stripe. We do not store full credit card numbers on our servers.
Profile and Branding: Profile photo, custom branding colours, logo, calendar links, email signature preferences, and communication tone preferences.
Usage Information: Login history and activity logs, features used and interactions with the Service, portal events, email open and click tracking, device information, browser type, IP address.
CRM Credentials: If you connect a third-party CRM (e.g., Finmo), we store encrypted API tokens to maintain the integration. These credentials are encrypted at rest and used solely to synchronize your data.
3.2 Client Information (Uploaded by Users)
Users may upload information about their mortgage clients to the Service through CSV files, CRM integrations, or manual entry. This information may include:
- Client names and contact information (email, phone, mailing address)
- Co-borrower names and contact information
- Property addresses and estimated property values
- Mortgage details (amount, rate, term, lender, funding date, maturity date, amortization, payment frequency)
- Loan-to-value ratios and insurance status
- Payment amounts and prepayment privilege details
- Financial information (income, debts, if uploaded)
3.3 Information from Client-Facing Tools
When Clients interact with tools such as Grade My Mortgage or client update links, we may collect:
- Name, email address, and phone number (if voluntarily provided)
- Mortgage details entered by the Client (lender, rate, remaining term, property value)
- Device information and IP address
This information is shared with the referring User (broker) as part of the Service's lead generation and client engagement features.
3.4 Information from Partners
If you participate in our referral or partner program, we collect your name, email address, company name, and referral activity (referrals made, attribution source, referral status). We track referral attribution through unique partner URLs, coupon codes, and self-reported referral sources on our signup forms.
3.5 Information Collected Automatically
When you visit our website or use the Service, we automatically collect:
- IP address and approximate geographic location
- Browser type and version
- Operating system and device type
- Pages visited, features used, and time spent
- Referring website or source
- Cookies and similar tracking technologies (see Section 10)
4. Purposes for Collection, Use, and Disclosure
4.1 User Information
We collect, use, and disclose User information for the following purposes:
- To create, manage, and authenticate your account
- To provide, maintain, and improve the Service
- To process payments and billing through Stripe
- To send you daily action summaries, system alerts, and operational communications
- To send promotional communications (with your consent, which you may withdraw at any time)
- To synchronize your data with connected CRM platforms
- To analyze usage patterns and improve the Service
- To detect, prevent, and address fraud, security issues, and technical problems
- To manage the referral and partner program, including tracking attribution
- To comply with legal obligations
- To enforce our Terms of Service
4.2 Client Information
We process Client information uploaded by Users solely to:
- Provide the Service to Users, including portfolio analysis, penalty estimation, opportunity identification, renewal tracking, and priority scoring
- Generate reports, PDFs, and communications on behalf of Users
- Run automated nightly analysis to identify new opportunities based on current market rates
- Store and display information within the Service
- Create aggregated, anonymized analytics (which do not identify individuals)
We do not use Client information for our own marketing purposes. We do not sell, rent, or trade Client information to any third party.
4.3 Automated Processing
The Service uses automated tools and algorithms to analyze mortgage data, estimate penalties, score opportunities, and generate communications. No automated decisions with legal or significant effects are made about Clients without the User's (broker's) independent professional review.
5. Consent
5.1 User Consent
By creating an account and using the Service, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.
5.2 Client Consent
Users are responsible for obtaining all necessary consents from their Clients before uploading Client information to the Service. By uploading Client information, Users represent and warrant that they have obtained appropriate consent for such upload and processing, including consent for automated analysis of their mortgage data.
5.3 Withdrawing Consent
You may withdraw your consent at any time by contacting us at jeff@rateguardpro.ca. However, withdrawing consent may affect our ability to provide the Service to you. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
6. Disclosure to Service Providers
We may disclose personal information to third-party service providers who perform services on our behalf. Our current service providers include:
| Provider | Purpose | Data Location |
|---|---|---|
| Supabase | Database hosting, authentication, and data storage | Canada / United States |
| Vercel | Web application hosting and deployment | United States (edge network) |
| Stripe | Payment processing and billing | United States |
| Resend | Transactional and system email delivery | United States |
| Google Workspace | Internal operations, email infrastructure | United States / Global |
Our service providers are contractually obligated to protect personal information and use it only for the purposes for which it was disclosed. We conduct reasonable due diligence on our service providers' privacy and security practices.
6.1 Cross-Border Transfers
Some of our service providers operate in the United States. When personal information is transferred outside Canada, it may be subject to the laws of the jurisdiction in which the service provider operates. We ensure adequate protections are in place through contractual arrangements that require service providers to protect personal information to a standard comparable to Canadian privacy law.
7. Retention
We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law:
| Data Type | Retention Period |
|---|---|
| User account information | While account is active, plus a reasonable wind-down period after termination |
| Client information | While User's account is active; deleted within 90 days of account termination |
| Payment and billing records | 7 years (tax and legal compliance) |
| Usage logs and analytics | Up to 2 years |
| CRM integration credentials | While integration is active; deleted immediately upon disconnection |
| Referral and partner records | Duration of the partner relationship, plus 2 years |
| Client-facing tool submissions | While the referring User's account is active |
8. Safeguards
We implement appropriate technical and organizational measures to protect personal information:
- Encryption of data in transit (TLS/SSL) and at rest
- Passwords stored using one-way cryptographic hashing
- Row-level security policies ensuring Users can only access their own data
- Secure session management with automatic expiration
- API key authentication and action allowlists for all server endpoints
- CRM credentials encrypted at rest using industry-standard methods
- Regular security reviews and vulnerability assessments
- Access limited to authorized personnel on a need-to-know basis
8.1 Data Location
Our primary database is hosted through Supabase with infrastructure in North America. Web applications are served through Vercel's global edge network. While we prioritize Canadian and North American data residency where possible, some data may transit or be processed through servers in other jurisdictions as part of normal content delivery operations.
8.2 Incident Response
We maintain incident response procedures to detect, contain, and remediate security incidents. In the event of a security incident, we will take prompt action to mitigate harm and notify affected parties as required by law.
9. Team Member Access
When an account holder adds a team member, that team member gains access to the account's Client Data, opportunity analysis, and reporting features. Team members authenticate with their own credentials and their actions are logged separately.
Account holders are responsible for ensuring their team members understand and comply with applicable privacy obligations. Removing a team member immediately revokes their access to Client Data.
10. Cookies and Tracking Technologies
| Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management, security | Session / up to 30 days |
| Functional | Remember your preferences, portal settings | 1 year |
| Analytics | Understand usage patterns, feature adoption | 2 years |
| Attribution | Track referral sources for the partner program | 30 days |
We also track portal events (e.g., feature usage, button clicks) server-side through our database to improve the Service and understand how features are used. This tracking is tied to your User account, not to cookies.
You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the Service. Disabling other cookies will not affect core functionality.
11. Your Rights
11.1 Right to Access
You have the right to request access to the personal information we hold about you. We will provide the information in a commonly used electronic format.
11.2 Right to Correction
You have the right to request correction of inaccurate or incomplete personal information. You can update most information directly through the Service's settings.
11.3 Right to Deletion
You may request deletion of your personal information, subject to legal retention requirements. Upon account termination, Client Data is deleted within 90 days as described in Section 7.
11.4 Right to Data Portability
You may export your Client Data at any time through the Service's built-in export features.
11.5 How to Make a Request
Submit requests to jeff@rateguardpro.ca. We will verify your identity and respond within thirty (30) days. In complex cases, we may extend this period by an additional thirty (30) days with notice.
11.6 Client Requests
If you are a Client whose information was uploaded by a User, please contact the mortgage professional who holds your information directly. If you contact us, we will direct your request to the relevant User and assist them in responding.
12. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly.
13. Complaints
If you have concerns about our privacy practices, please contact our Privacy Officer at jeff@rateguardpro.ca. We will investigate and respond to your complaint within thirty (30) days.
If you are not satisfied with our response, you may file a complaint with:
Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Website: www.priv.gc.ca
14. Data Breach Notification
In the event of a breach of security safeguards involving personal information that poses a real risk of significant harm to individuals, we will:
- Notify the Office of the Privacy Commissioner of Canada as soon as feasible
- Notify affected individuals as soon as feasible, including a description of the breach, the types of information involved, and steps individuals can take to protect themselves
- Notify any affected Users (brokers) whose Client Data may have been involved
- Maintain records of the breach for at least twenty-four (24) months
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Privacy Policy on our website and, where appropriate, sending an email to the address associated with your account at least thirty (30) days before the changes take effect.
16. Contact Us
If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:
RateGuard Pro Inc.
Privacy Officer
Email: jeff@rateguardpro.ca
Website: https://rateguardpro.ca
This Privacy Policy was last updated on March 29, 2026.