ClearTitleCA | Effortless Property Title Transfer Canada

Privacy Policy

Introduction

ClearTitleCA (“ClearTitle Canada Inc.,” “we,” “our,” “us”) is a Canada-based platform that streamlines property-title transfers, discharge registrations, and lien searches for buyers, sellers, lawyers, and lenders. This Privacy Policy sets out how we collect, use, store, and disclose personal information when clients, counsel, registries, or visitors interact with cleartitleca.com, our mobile tools, or in-office kiosks.

• Information we collect

(a) Identity & contact — full name, mailing address, email, phone, driver-licence or passport scan, bar number (for lawyers).

(b) Property & transaction data — legal description, PIN, municipal roll, purchase price, mortgage reference, lien details, discharge statements.

(c) Compliance files — FINTRAC KYC forms, politically exposed person attestations, source-of-funds declarations, power-of-attorney documents.

(d) Financial data — trust-account ledgers, tokenised card reference, billing postal code, GST/HST allocation, receipt history.

(e) Preference data — notification channels, language choice, file-status filter, saved search templates.

(f) Technical data — IP address, browser build, multi-factor seed, feature-usage metrics, crash traces.

(g) Support artefacts — chat transcripts, call recordings, CCTV footage of in-person signing zone (retained for security).

• Purposes

– verify identity, meet FINTRAC anti-money-laundering requirements, and confirm signing authority;

– draft and e-sign conveyance packages, submit title-registry filings, and obtain tax/utility certificates;

– process filing fees, courier charges, and subscription invoices;

– send milestone alerts (e.g., “transfer registered”), closing reminders, and security notifications;

– create de-identified analytics that improve turnaround times and registry-search accuracy;

– investigate fraud, protect staff, and satisfy legal obligations under provincial land-title acts and the Income Tax Act.

• Retention

Deal dockets, registry receipts, and trust-account statements are retained for the longer of ten years or the period prescribed by the relevant law society. Compliance records remain at least five years after file closure per FINTRAC rules. Encrypted backups purge on a 35-day rolling cycle.

• Access & correction

Clients or their authorised representatives may review or amend stored information via My Files or by emailing privacy@cleartitleca.com.

• Consent

We obtain express consent at onboarding and whenever you upload sensitive documents or link a payment method. Implied consent covers operational logs essential for security. Withdrawal of consent may be limited where statutes require record retention; impacts will be explained in advance.

• Accountability

A designated Privacy Officer conducts annual compliance audits, staff training, and responds to written privacy inquiries within 30 days.

GDPR

Although ClearTitleCA focuses on Canada, some users may reside in the European Economic Area (EEA). Where the EU General Data Protection Regulation applies, we act as controller for account, billing, and registry data and processor for conveyance documents you provide. Processing bases: performance of a contract (Art. 6 (1)(b)), legitimate interest in safeguarding high-value transactions (Art. 6 (1)(f)), and legal obligation (Art. 6 (1)(c)). EEA residents may request access, rectification, erasure, restriction, portability, or objection via dpo@cleartitleca.com and may lodge complaints with their supervisory authority.

Cookie Policy

4.1. Types of Cookies

• Essential — session tokens, CSRF guards, load-balancer cookies securing login and e-signature workflows.

• Preference — stores language, file-list layout, dark-mode toggle, and registry-search defaults.

• Analytics — first-party Matomo cookies with IP truncation measuring feature adoption and page latency.

• Marketing — optional cookies announcing service upgrades or partner notary promotions; never shared with ad networks.

4.2. How to Disable Cookies

Most browsers allow you to delete or block cookies. Essential cookies are required for portal access; disabling them prevents login. Preference and analytics cookies can be declined via our banner or by enabling “Do Not Track.” Marketing cookies load only after explicit opt-in and can be revoked under Account → Privacy.

Transfer to Third Parties

We do not sell personal information. Disclosures occur only to:

• Canadian cloud hosts operating encrypted servers in Toronto and Calgary;

• PCI-DSS Level 1 payment processors and Schedule I banks handling trust funds;

• Provincial land registries and tax authorities for filings and certificate requests;

• Licensed couriers delivering paper originals when mandatory;

• Legal counsel, regulators, or courts when compelled by law or to defend claims;

• Law-enforcement agencies where disclosure is necessary to investigate fraud or protect public safety.

All vendors sign Data-Processing Agreements mandating safeguards equal to PIPEDA and, where relevant, EU Standard Contractual Clauses.

Data Security Measures

• AES-256-GCM encryption at rest with tenant-scoped keys stored in FIPS 140-2 Level 3 HSMs.

• TLS 1.3 with Perfect Forward Secrecy for data in transit.

• Zero-trust segmentation isolating each matter vault.

• Role-based access control enforced by hardware-backed multi-factor authentication.

• Hourly incremental and nightly full backups replicated across two Canadian regions (RPO 15 min, RTO 4 h).

• Continuous vulnerability scanning, quarterly penetration tests, and annual SOC 2 Type II audit.

• Incident-response plan that notifies affected users within 72 hours of a confirmed breach and publishes remediation updates.

Effective Date

This Privacy Policy is effective as of 19 June 2025 and supersedes all previous versions. Material updates will be announced by email and in-app notice at least 30 days before enforcement.