What forms does ContractFill support?

Residential Purchase Contract (6 pages, 170 fields), Amendments, and Notices (Waiver, Non-Waiver, General). Condo RPC and Country Residential are shipping soon.

How does the smart interview work?

You talk through the deal, just like you'd explain it to a colleague. ContractFill asks the right questions in order: price, conditions, deposit, completion day. Speak or type. The AI validates every answer and catches inconsistencies before the contract generates.

How does condition tracking work?

ContractFill automatically extracts 5 condition types (financing, inspection, sale of property, insurance, custom) from every deal. Deadlines are calculated, status is tracked, and when it's time to act, you're routed to the correct AREA notice or amendment form with everything pre-filled. The condition status updates automatically when the form is saved.

What does the brokerage plan include?

Everything agents get, plus a compliance dashboard showing all active deals, pending conditions, and overdue deadlines across your team. Agent management (invite, activate, deactivate), monthly compliance reports with CSV export, and custom onboarding for your team.

What's included in a transaction?

One completed contract counts as one transaction. Amendments and notices tied to the same deal are included — they don't count separately.

How long is my data stored?

Active deals with integrations or conditions persist for the life of the transaction. Completed deals are archived after 90 days and can be recovered. Orphan deals without integrations clean up after 7 days. Your data stays yours and is encrypted in transit and at rest.

Encrypted in transit and at rest. PIPEDA and PIPA compliant. AI processing uses Anthropic's Claude with no data retention. Full privacy policy at contractfill.ca/privacy.

Do I need my own DocuSign account?

Yes. ContractFill creates drafts with signature tabs pre-placed in your DocuSign account. You control when it sends. DocuSign integration is available on Professional plans and above.

Can I cancel anytime?

Yes. No long-term contracts, no cancellation fees. Cancel from your account settings.

Is ContractFill only available in Alberta?

Right now, yes. ContractFill is built specifically for AREA forms and Alberta real estate transactions. Other provinces are coming. If you're a broker or association and want to bring ContractFill to your province, reach out at hello@contractfill.ca.

Privacy Policy

Effective Date: March 14, 2026 | Last Updated: March 16, 2026

Quick Links

→ Introduction & Scope → Privacy Officer → Information We Collect → How We Use Your Data → AI & Data Processing → Third-Party Processors → Data Security → Data Retention → Your Rights → Consent → Cookies & Tracking → Data Breach Notification → Children's Privacy → Policy Changes → Contact & Complaints

1. Introduction & Scope

ContractFill ("we," "us," "our," or "Company") is a Software-as-a-Service (SaaS) platform designed to help Alberta realtors create, review, and manage residential real estate contracts and related documents.

This Privacy Policy explains how ContractFill collects, uses, discloses, and safeguards your personal information when you access our website and platform at contractfill.ca and related services (the "Service").

Scope: This policy applies to all personal information we collect from users, including real estate agents, brokers, and anyone accessing the ContractFill platform. It covers information collected both directly (when you provide it) and automatically (through your use of the Service).

Legal Basis: ContractFill operates in Alberta, Canada, and is subject to the Personal Information Protection Act (PIPA) at the provincial level and the Personal Information Protection and Electronic Documents Act (PIPEDA) at the federal level. This policy is designed to comply with both frameworks.

2. Privacy Officer

ContractFill has designated a Privacy Officer responsible for overseeing privacy compliance and handling privacy inquiries and complaints.

Privacy Officer: Cole Kander

Email: hello@contractfill.ca

Company: ContractFill

Location: Alberta, Canada

If you have questions about our privacy practices or wish to exercise your privacy rights, you may contact our Privacy Officer at any time.

3. Information We Collect

Personal Information You Provide Directly

Account Registration

Name, email address, phone number, physical address, and password

Professional Credentials

Real Estate Council of Alberta (RECA) license number, CREA (Canadian Real Estate Association) ID, brokerage name, brokerage address, brokerage phone number, board membership information

Deal & Transaction Data

Property addresses, purchase prices, buyer and seller names, transaction conditions, deadlines, inspection details, financing conditions, and other deal-specific information you enter to generate contracts

Generated Documents

PDF contracts, amendments, notices, and other documents you create through our platform

Communications

Messages, support requests, feedback, and any information you submit through contact forms

Payment Information

Payment processing is handled entirely by Stripe, our third-party payment processor. ContractFill does not store, access, or process credit card numbers, banking details, or other sensitive financial information. Only Stripe has access to complete payment data.

Information Collected Automatically

Usage Data

Device & Browser Information

IP address, browser type, operating system, device type, device identifiers, and general geographic location (country/region level)

Error & Performance Logs

Application errors, system performance metrics, crash reports, and technical diagnostics to help us improve the Service

Cookies & Similar Technologies

See Section 11 (Cookies & Tracking) for details

4. How We Use Your Information

ContractFill uses your information for the following specific purposes:

Service Delivery

To create your account, authenticate you, provide access to the platform, generate documents, and maintain your data

Contract & Document Generation

To process your answers and deal information to generate customized residential real estate contracts, amendments, and related documents

AI-Powered Guidance (See Section 5)

To submit your interview responses and deal data to Anthropic Claude for form completion suggestions and workflow guidance

Payment Processing

To process subscription fees and invoices (via Stripe)

Legal Compliance

To comply with applicable laws, regulations (including PIPEDA and Alberta PIPA), and lawful government requests

Customer Support

To respond to your inquiries, troubleshoot technical issues, and provide assistance

Product Improvement

To analyze usage patterns, identify bugs, improve features, and optimize the user experience

Security & Fraud Prevention

To detect, prevent, and address fraud, abuse, technical issues, and security threats

Communication

To send transactional emails (confirmations, receipts), service updates, security alerts, and—with your consent—marketing communications

5. How AI Processes Your Data

Important: This section explains how ContractFill uses AI.

Your deal data and answers may be processed by Anthropic's Claude AI to help guide form completion and contract generation.

What Data Is Shared with Anthropic Claude

Your answers to interview questions (e.g., buyer/seller names, property details, conditions)
Transaction context and deal information you provide
Your professional credentials (for form customization purposes only)

How Anthropic Uses This Data

To suggest and auto-fill form field values
To provide guidance on contract completion
To improve workflow efficiency
NOT to train Anthropic's general AI models (we use the Anthropic Commercial API)

Data Retention by Anthropic

Anthropic may retain conversation and interaction data for up to 30 days for the purpose of:

Safety monitoring and abuse detection
System performance analysis
Legal compliance

After 30 days, Anthropic deletes this data. Your data is not used to improve Anthropic's general models. For details, see Anthropic's Commercial Terms.

Your Control Over AI Processing

By using ContractFill, you consent to the processing of your deal data by Anthropic Claude for the purposes outlined above. If you do not wish to use AI-guided features, please contact us at hello@contractfill.ca to discuss alternatives.

Transparency: We believe AI should be used responsibly. We are committed to being clear about when and how AI processes your information, and we do not sell your data to third parties for AI training.

6. Third-Party Processors & Subprocessors

ContractFill shares your information with carefully selected third-party service providers who process data on our behalf under data processing agreements (DPAs). These subprocessors are bound by confidentiality obligations and are only permitted to use your data for the specific purposes outlined below.

1. Anthropic (Claude AI)

Purpose: AI form completion guidance and contract generation suggestions

Data Processed: Interview responses, deal context, property details, buyer/seller information

Location: United States (may be processed globally)

DPA: Yes — Commercial API terms include data processing protections

2. Supabase

Purpose: Database, user authentication, file storage

Data Processed: All user data (account info, deal data, documents, transaction logs)

Location: Canada (Supabase servers located in Canadian regions)

DPA: Yes — Supabase maintains DPA covering privacy and data protection

3. Vercel

Purpose: Web hosting, application deployment, CDN services

Data Processed: Cached web content, performance metrics, request logs

Location: Global CDN (servers in multiple countries)

DPA: Yes — Vercel Data Processing Agreement in place

4. Stripe

Purpose: Payment processing and billing

Data Processed: Payment information (NOT stored by ContractFill), transaction records, billing address

Location: United States

DPA: Yes — Stripe maintains comprehensive data processing terms

5. DocuSign

Purpose: E-signature and document signing services (if used)

Data Processed: Executed contracts, signer information, signature data

Location: United States (with EU and other regional infrastructure)

DPA: Yes — DocuSign Data Processing Agreement available

6. Trello (Optional Integration)

Purpose: Deal tracking and workflow management (only if you choose to connect Trello in Settings)

Data Processed: Deal summaries, buyer/seller names, property addresses, PDF attachments, deal field data

Location: United States

DPA: Yes — Atlassian (Trello) Data Processing Agreement

7. Google Drive (Optional Integration)

Purpose: Document backup and file storage (only if you choose to connect Google Drive in Settings)

Data Processed: Generated PDF documents (only if user opts in)

Location: United States (Google's global infrastructure)

DPA: Yes — Google Cloud Data Processing Amendment in place

8. SendGrid

Purpose: Transactional and notification email delivery

Data Processed: Email address, email content (confirmations, notifications)

Location: United States

DPA: Yes — SendGrid Data Processing Agreement available

Cross-Border Data Transfers

Some of our subprocessors (Anthropic, Vercel, Stripe, DocuSign, Trello, Google Drive, SendGrid) are located in or may process data in the United States or other countries. By using ContractFill, you consent to the transfer of your personal information to these jurisdictions. We ensure that appropriate safeguards (data processing agreements, encryption, standard contractual clauses) are in place to protect your data.

7. Data Security

ContractFill implements industry-standard technical, organizational, and administrative safeguards to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

Encryption in Transit

All data transmitted between your device and our servers uses TLS 1.2+ encryption (HTTPS)

Encryption at Rest

Sensitive data stored in our database and file storage is encrypted using industry-standard algorithms

Access Controls

Data access is restricted to authorized personnel and systems on a need-to-know basis. Staff access is authenticated via secure credentials and role-based access control (RBAC)

Audit Logging

We maintain audit logs of data access and modifications to detect and investigate unauthorized activities

Network Security

Our infrastructure includes firewalls, intrusion detection systems, and regular security testing

Third-Party Security

We vet subprocessors for security compliance and require them to maintain appropriate safeguards (SOC 2, ISO 27001, or equivalent)

Regular Updates

We regularly update software, patch security vulnerabilities, and perform security assessments

Important: While we implement strong security measures, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials. Never share your password with others, and notify us immediately if you suspect unauthorized access.

8. Data Retention

ContractFill retains your personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. The retention periods vary by data type and are based on specific legal requirements:

Account Information & User Profile

Retention Period: Duration of account plus 7 years after termination

Legal Basis: (a) CRA GST/HST record retention requirements for ContractFill as a service provider; (b) Preservation of evidence for potential disputes, complaints, or RECA investigations; (c) 12 months post-termination to respond to PIPEDA access requests

Deal Data & Generated Documents

Retention Period: All deal data persists for the lifetime of your account. After account termination, deal records are retained for 7 years to meet regulatory requirements.

Legal Basis: RECA, CREA, and provincial real estate regulatory requirements for transaction record retention. Deals are stored in our database (Supabase) regardless of whether optional integrations like Trello or DocuSign are connected.

Payment & Transaction Records

Retention Period: 7 years

Legal Basis: CRA accounting, tax, and legal compliance requirements

Usage & Activity Logs

Retention Period: 12 months

Legal Basis: Security, fraud prevention, and system optimization purposes

Support & Communication Records

Retention Period: 3 years

Legal Basis: To address ongoing support needs and resolve disputes

Error & Diagnostic Logs

Retention Period: 30 days (extended if investigating critical issues)

Legal Basis: System diagnostics and security investigations

Anthropic AI Interaction Data

Retention Period: Deleted by Anthropic after 30 days

Legal Basis: ContractFill does not store copies; data is managed by Anthropic per their privacy practices

Your Rights Upon Account Termination

When you terminate your account, you have a 30-day window to download your personal data in a portable format (see Section 9 for available formats).

Days 1-30: You may request and download all your personal data, deal records, and generated documents
After Day 30: Your data will be retained only as required by law (7-year retention for regulatory compliance). You will no longer be able to download it, but we will preserve it for legal obligations only
After 7 Years: All data will be securely deleted, except where ongoing legal proceedings or RECA investigations require extended retention

To initiate the download process, contact our Privacy Officer at hello@contractfill.ca immediately upon account termination.

Deletion & Erasure Requests

You may request deletion of your data (subject to legal retention obligations) by contacting our Privacy Officer at hello@contractfill.ca.

Our Deletion Process:

We assess whether the data is subject to legal retention requirements (tax, regulatory, evidence preservation)
We delete data where legally permissible within 30 days of your request
For data that must be retained by law, we will encrypt or de-identify it to minimize processing
We provide written confirmation of deletion or explanation of legal retention requirements

9. Your Rights Under PIPEDA & Alberta PIPA

Under PIPEDA (federal) and Alberta's PIPA (provincial), you have the following rights regarding your personal information:

Right to Access

You may request access to the personal information we hold about you. Upon request, we will provide:

A clear summary of all personal information and how it is used
Export in your choice of formats: PDF, CSV, or JSON
Response within 30 days of your verified request (or as required by law)

Cost: Free for all access requests. We may charge a maximum of $25 only for frivolous or vexatious requests that duplicate recent access

Right to Correction

You may request correction of inaccurate or incomplete personal information. We will verify your identity and update your information within 30 days. If we cannot verify the correction, we will note your request in your record

Right to Deletion

You may request deletion of your personal information, subject to legal retention obligations. We will delete data where permitted by law within 30 days and provide confirmation of deletion or a written explanation of any legal retention requirements

Right to Data Portability

You may request a copy of your personal information in a portable, machine-readable format for transfer to another service, including:

CSV: Standard spreadsheet format for easy import to other platforms
JSON: Structured data format for technical integration
PDF: Human-readable format with all personal information clearly documented

Provided within 30 days at no cost

Right to Withdraw Consent

Where we rely on your consent to process data (e.g., for AI processing with Anthropic Claude), you may withdraw that consent at any time by contacting our Privacy Officer. This will not affect data already processed with your prior consent. Future processing will immediately cease upon withdrawal

Right to Opt-Out of Marketing

You may opt out of receiving marketing communications by clicking the unsubscribe link in any email or contacting us directly. We will honor opt-out requests within 10 business days

Right to Dispute Resolution

If you are dissatisfied with our handling of your personal information, you have the right to:

File a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca
File a complaint with the Information and Privacy Commissioner of Alberta (OIPC) at www.oipc.ab.ca

Identity Verification Process

To protect your privacy, we require identity verification before fulfilling access, deletion, or portability requests. We verify your identity using:

Your account email address registered with ContractFill
Last 4 digits of your RECA license (for real estate professionals)
Answer to security question (if applicable)

Once verified, we will fulfill your request within the timeframes specified above. Verification typically takes 2-5 business days.

How to Exercise Your Rights

To exercise any of the above rights, contact our Privacy Officer:

Email: hello@contractfill.ca

In your request, include:

Your full name
Account email address
Last 4 digits of your RECA license
Clear description of your request (e.g., "Request to access my personal data as CSV export")

Response Timeline: We will respond within 30 days (or as required by law). If your request is complex, we may request an extension of up to 30 additional days, which we will notify you of in writing.

11. Cookies & Tracking Technologies

What Are Cookies?

Cookies are small files stored on your device that your browser sends to our servers. We use cookies to enhance your experience and provide essential functionality.

Cookies We Use

cf-auth-token

Purpose: Authentication and session management

Type: Essential / Required

Duration: Until session ends or 30 days (whichever comes first)

cf-onboarding

Purpose: Tracks onboarding progress and user preferences

Type: Functional

Duration: Until session ends or user changes preferences

Third-Party Tracking

ContractFill does NOT use third-party tracking, advertising cookies, or analytics services that track you across websites. We respect your privacy and do not sell data to advertisers or data brokers.

Similar Technologies

We may use local storage, session storage, and similar technologies for the same purposes as cookies. These are subject to the same privacy protections.

Your Cookie Preferences

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the ContractFill Service. Essential cookies (like authentication) cannot be disabled without losing access to your account.

12. Data Breach Notification

In the event of a data breach involving your personal information, ContractFill is committed to transparency and will follow this mandatory notification timeline:

Step 1: Immediate Assessment (Within 24 hours)

We immediately investigate the nature, scope, and impact of the breach, including:

What personal data was accessed or compromised
How many individuals are affected
Whether the data is encrypted, de-identified, or in plaintext
Risk level and potential harm to affected individuals

Step 2: Notify Affected Users (Within 30 Days)

We will contact you via email at your registered address and on the ContractFill platform, providing:

What data was breached: Specific types of personal information (e.g., name, email, RECA license number, deal data)
When the breach occurred: Date of discovery and estimated date of unauthorized access
Potential consequences: Possible risks to your personal privacy and security
Steps you should take: Recommended actions (e.g., change password, monitor credit, enable 2FA)
Our response: What ContractFill is doing to remediate and prevent future breaches
Compensation or support: If applicable, information on free credit monitoring or identity theft protection services

Step 3: Notify Regulators (Within 30 Days)

We will report the breach to:

Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca (PIPEDA breaches)
Information and Privacy Commissioner of Alberta (OIPC) at www.oipc.ab.ca (Alberta PIPA breaches)
RECA (Real Estate Council of Alberta): If the breach involves buyer/seller personal information, deal data, or transaction records related to real estate transactions

We will include the same details provided to you in regulatory notifications, with additional technical information as required by regulators

Step 4: Remediate & Prevent Future Breaches

We take appropriate steps to mitigate harm and prevent future breaches, including:

Securing affected systems and closing vulnerability
Conducting forensic investigation to understand root cause
Implementing enhanced security controls and encryption
Notifying third-party processors of the breach

Step 5: Preserve Evidence (3 Years)

We will preserve all logs, records, and evidence related to the breach for 3 years to support regulatory investigations, legal proceedings, and RECA inquiries

Breaches NOT Requiring Notification

The following types of breaches do not require user notification (but may still be reported to regulators if required by law):

Encrypted data: Data that was encrypted at the time of breach and encryption keys were not compromised
De-identified data: Data that has been rendered non-identifiable and cannot reasonably be linked to an individual
Non-sensitive data: Publicly available information that does not pose a privacy or security risk (e.g., general business contact information already in public domain)

Your Responsibility

If you are notified of a breach, we recommend you take the following steps:

Change your password: Update your ContractFill password immediately
Enable 2FA: Activate two-factor authentication on your account
Monitor accounts: Monitor your financial accounts and credit reports for suspicious activity
Contact your bank: For credit card fraud, contact your financial institution immediately
File a report: If you experience identity theft, file a report with local law enforcement

For questions about the breach, contact our Privacy Officer at hello@contractfill.ca

13. Children's Privacy

ContractFill is intended for real estate professionals (agents, brokers) who are at least 18 years of age. We do not knowingly collect personal information from individuals under 18. If we become aware that a child under 18 has provided us with personal information, we will delete that information promptly.

If you believe a minor's information has been collected, please contact our Privacy Officer immediately at hello@contractfill.ca.

14. Changes to This Privacy Policy

ContractFill may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be effective upon posting to the Service.

Material Changes

If we make material changes that significantly affect how we use your information, we will notify you via email at your registered address and/or prominently on our website. Continued use of the Service after such notification constitutes your acceptance of the revised policy

Minor Updates

Minor clarifications or updates may be made without prior notice. We encourage you to review this policy periodically

Last Updated: March 14, 2026

For the current version of this policy, visit contractfill.ca/privacy

15. Contact & Complaints

Contact Our Privacy Officer

Cole Kander

Privacy Officer, ContractFill

Email: hello@contractfill.ca

Location: Alberta, Canada

We will respond to privacy inquiries, access requests, and complaints within 30 days (or as required by applicable law).

Filing a Complaint

If you believe ContractFill has violated your privacy rights or this Privacy Policy, you may file a complaint with us and/or escalate to the appropriate regulatory authority:

Office of the Privacy Commissioner of Canada (OPC)

Federal regulator for PIPEDA

Website: www.priv.gc.ca

Phone: 1-800-282-1376

Email: info@priv.gc.ca

Information and Privacy Commissioner of Alberta (OIPC)

Provincial regulator for Alberta PIPA

Website: www.oipc.ab.ca

Phone: 403-592-6522

Email: inquiries@oipc.ab.ca

Our Commitment

ContractFill is committed to protecting your privacy and complying with PIPEDA and Alberta PIPA. If you have concerns about our privacy practices, we encourage you to reach out. We will work with you to address any issues promptly and fairly.

For questions about this privacy policy, contact hello@contractfill.ca

Privacy Policy

Quick Links

1. Introduction & Scope

2. Privacy Officer

3. Information We Collect

Personal Information You Provide Directly

Payment Information

Information Collected Automatically

4. How We Use Your Information

5. How AI Processes Your Data

What Data Is Shared with Anthropic Claude

How Anthropic Uses This Data

Data Retention by Anthropic

Your Control Over AI Processing

6. Third-Party Processors & Subprocessors

7. Data Security

8. Data Retention

9. Your Rights Under PIPEDA & Alberta PIPA

10. Consent

How We Obtain Consent

Consent for Specific Uses

Withdrawing Consent

11. Cookies & Tracking Technologies

What Are Cookies?

Cookies We Use

Third-Party Tracking

Similar Technologies

Your Cookie Preferences

12. Data Breach Notification

13. Children's Privacy

14. Changes to This Privacy Policy

15. Contact & Complaints

Contact Our Privacy Officer

Filing a Complaint