Privacy Policy

Last Updated: April 19, 2026

BuyRealty.ca (“we”, “us”, “our”) is committed to protecting the privacy and personal information of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at buyrealty.ca and use our real estate listing search, electronic-signature, transaction, and client services. This policy is designed to comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s Anti-Spam Legislation (CASL), Ontario’s Trust in Real Estate Services Act (TRESA) and the Real Estate Council of Ontario’s (RECO) Code of Ethics, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (FINTRAC PCMLTFA), the Toronto Regional Real Estate Board’s F168 Authorized Agreement, and the PROPTX Information Security Policy 2024.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account, save favourites, request a tour, sign a document, or interact with our services, we may collect:

• Account Information: Email address, phone number, first name, and last name
• Favourited Listings: Properties you save or “like” using the heart icon
• Saved Searches: Search criteria you save for future use or notifications, including city, price range, bedrooms, bathrooms, property type, and other filter preferences, along with your preferred notification channels (Email, SMS, WhatsApp, RCS)
• Tour Booking Requests: When you request a property tour, we collect the tour type (in-person or virtual), your preferred date and time, and your contact information (name, email, phone). If you are not a registered user, this information is collected as guest data
• Family Member Information: If you add a family member to your account, we collect their first name, last name, email address, phone number, and relationship to you. Family members undergo dual verification (email and SMS) before their account is created
• Invitations: When you invite a friend to join BuyRealty.ca, we collect the recipient’s email address or phone number. Your name and email are included in the invitation message
• Communication Content: Messages you send or receive through our platform via SMS, MMS, WhatsApp, RCS, or email
• Identity Verification Artifacts: Where required for high-assurance signing or FINTRAC obligations, we may collect government-issued identity document images, knowledge-based-authentication (KBA) responses, and (with your explicit consent) biometric liveness samples used solely to verify that the signer matches the named recipient

1.2 Information Collected Automatically

When you browse our website or use authenticated MLS® features, we automatically collect:

• Browsing Activity: Listings you view (page views), photos you browse within listings (photo views), and properties you share via social media or messaging
• Map Interaction Data: When you use the map search feature, we record your map viewport area (geographic bounds) to filter and display relevant listings
• IP Address: Your Internet Protocol address, collected at the time of registration, during site visits, and at every access to TRREB Virtual Office Website (VOW) restricted listing data, which may be used to determine your approximate geographic location
• Device & Browser Information: Browser type, operating system, user-agent string, and session data
• Geolocation Data: If you grant browser permission, we may collect your precise location to provide location-based search results, map functionality, and nearby property recommendations
• Cookies & Session Data: We use cookies to maintain your login session, remember preferences, and improve site performance
• VOW Audit Records: For TRREB / PropTx-sourced listings, every access to VOW-restricted fields (including sold/closed prices, days-on-market history, listing-history timeline, and broker-furnished disclosures) is logged with timestamp, IP address, the listing key, and the user identifier — as required by §5 of the F168 Authorized Agreement and the PROPTX Information Security Policy 2024
• Correlation IDs: Each electronic-signature envelope-lifecycle action is tagged with a non-personally-identifying UUID so that the audit chain can be reconstructed end-to-end across our systems

1.3 Information from Third-Party Sources

We receive real estate listing data from two MLS® data sources:

• The Canadian Real Estate Association (CREA) through its Data Distribution Facility (DDF®) for nationwide listing coverage
• The Toronto Regional Real Estate Board (TRREB) through the PropTx AMPRE OData v4 feed for authoritative Greater Toronto Area listing coverage, governed by TRREB’s F168 Authorized Agreement and the PROPTX Information Security Policy 2024

Both feeds include property details, pricing, photos, listing history, and listing agent information. This data is sourced from licensed brokerages and does not contain your personal information. Listings sourced from TRREB display the “TRREB MLS®” attribution badge as required by §4 of the F168 Authorized Agreement.

We also receive publicly available regulator data from the Real Estate Council of Ontario (RECO) Registrant Search tool to display verified brokerage and agent registration details on our Realtor Dashboard. This data is publicly published by RECO and contains no information about consumers or website visitors.

1.4 Electronic Signature & Transaction Documents

When you participate in an electronic-signature workflow (for example, an Offer to Purchase, OREA Form 100, Form 101 Status Certificate request, Form 801, or Working with a REALTOR® Information Guide acknowledgement), we collect and process:

• Documents: The PDFs and supporting attachments uploaded to or generated within the signing envelope
• Recipient Information: Each recipient’s name, email address, phone number, role in the transaction, and routing order
• Identity-Verification Outcomes: The tier of multi-factor authentication completed (basic email OTP, intermediate SMS OTP, advanced knowledge-based authentication, or maximum biometric liveness) and the verification timestamp — we retain the outcome and method but not your raw KBA answers or biometric samples once the challenge has been verified
• Cryptographic Signature Evidence: Detached PKCS#7 / PAdES B-LTA signatures, RFC 3161 trusted-timestamp tokens, certificate chains, and revocation evidence (CRL / OCSP) sufficient to verify the signed PDF in any standards-compliant viewer
• Consent & Acknowledgement Records: Information Guide acknowledgements, Multiple Representation disclosures, RECO advertising-title acknowledgements, and any other TRESA-required consents
• Audit Ledger Entries: A hash-chained, append-only ledger of every envelope event (created, viewed, authenticated, signed, completed, cancelled) with correlation IDs, IP addresses, and user-agent strings for legal-non-repudiation purposes
• FINTRAC Identity Records: When the transaction triggers a FINTRAC obligation, we collect and retain the identity-verification record required by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act
• Deposit & Payment Information: When a refundable deposit is taken through the platform, payment-method tokens (we do not store full card numbers), authorization status, capture and refund history, and any associated chargeback notices — processed through our PCI-DSS-compliant payment provider

1.5 Realtor Credential & Brokerage Documents

If you are a registered real estate professional using our Realtor Dashboard, you may upload personal credential documents (such as your RECO Certificate of Registration, government-issued identification, professional insurance certificates, and continuing-education completions) into a private per-realtor vault. These documents are accessible only to you and to your designated brokerage administrator(s). They are not shared with consumers, other realtors, or third parties, and they are stored in an access-controlled directory protected by deny-all server rules.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide Our Services: Display real estate listings, enable property search, allow you to save favourites and saved searches, request property tours, and execute electronic-signature workflows for offers, status certificates, and other real-estate transaction documents
• Account Management: Create and manage your account, verify your identity via email and SMS verification codes, process phone-number changes with SMS verification, and manage linked family member accounts
• Tour Scheduling: Process your tour booking requests, assign a realtor, send tour confirmations and calendar invitations, and notify the assigned agent
• Communication: Send you verification codes, respond to your inquiries, deliver listing notifications via your chosen channels (Email, SMS, WhatsApp, RCS), and facilitate agent-client communication
• Personalization: Show you relevant listings based on your search history and saved preferences, generate interest profiles, display similar and nearby properties, and provide property comparables
• Electronic Signatures & Transactions: Route documents through the signing recipients in the order you specify, generate PAdES-LTA-compliant signed PDFs with trusted timestamps, fulfill TRESA / RECO disclosure requirements (Information Guide, Multiple Representation), and maintain a tamper-evident audit chain of every envelope event
• Regulatory & Audit Logging: Maintain the VOW access log required by §5 of the F168 Authorized Agreement, the FINTRAC identity record required by the PCMLTFA, and the deposit / trust-account record required by RECO under TRESA
• Analytics & Improvement: Understand how users interact with our site, which listings are popular, and improve our services. We track page views, photo views, and search patterns to provide activity summaries
• Security: Detect and prevent fraud, unauthorized access, and other malicious activity. We implement SMS-based two-factor authentication, tiered MFA challenges for high-assurance signing, hash-chained audit ledgers with replay protection, and rate-limiting protections for account and signing actions
• Legal Compliance: Comply with applicable laws, regulations, and legal processes

3. Client Registration & Verification

To access features such as favouriting listings, saving searches, requesting tours, and signing transaction documents, you must create an account. Our verification model is risk-tiered:

• Email Verification: A 4-digit verification code is sent to your email address to confirm ownership
• Phone Verification: A 4-digit SMS verification code is sent to your phone number via our Twilio-powered messaging system
• Two-Factor Authentication (Login): Each time you log in, a new SMS code is sent to your phone for security. Sessions expire after 24 hours of inactivity
• Phone Number Changes: Updating your phone number on the My Account page requires SMS verification to the new number before the change takes effect
• Tiered MFA for Electronic Signatures: The signing pipeline applies progressively stronger identity proofs depending on the document risk level — Basic (email OTP) for non-binding acknowledgements, Intermediate (SMS OTP) for routine forms, Advanced (knowledge-based authentication) for binding agreements, and Maximum (biometric liveness check) for high-value or FINTRAC-triggering transactions. The signing operation is gated on a successfully verified challenge of the appropriate tier

Each email address and phone number can only be registered to one account.

4. Messaging Channels

We may communicate with you through the following channels, subject to your consent:

• SMS (Short Message Service): For verification codes, login authentication, tour confirmations, signing-envelope invitations, and direct communication
• MMS (Multimedia Messaging Service): For sharing listing photos with saved-search notifications
• WhatsApp: For messaging if you have opted in and provided a WhatsApp-enabled number
• RCS (Rich Communication Services): Enhanced messaging with rich cards and action buttons where supported by your device, with automatic fallback to SMS
• Email: For verification, saved-search notifications, tour confirmations with calendar attachments, signing-envelope invitations and reminders, completed-document delivery, invitations, and direct communication
• Voice Calls: Our agents may contact you via phone call for tour coordination or in response to your inquiries. Calls may be recorded for quality assurance and training purposes

All messages sent and received through our platform are logged and stored as part of our client relationship management system.

5. Consent Under CASL

In accordance with Canada’s Anti-Spam Legislation (CASL):

• Implied Consent: When you create an account, submit inquiries, request a tour, become a party to a signing envelope, or interact with our services, you provide implied consent to receive transactional and service-related communications (e.g., verification codes, login alerts, tour confirmations, signing invitations and reminders, system notifications)
• Express Consent: We obtain your express consent before sending commercial electronic messages, such as new-listing alerts from saved searches. You choose which notification channels to enable (Email, SMS, WhatsApp, RCS) on a per-search basis. You may opt in or out of these notifications at any time through your saved-searches settings on the My Favourites page
• Unsubscribe: Every commercial electronic message includes an unsubscribe mechanism. You can also withdraw consent by modifying your saved-search notification settings, deleting your saved searches, or contacting us directly

6. TRREB Virtual Office Website (VOW) Consent & Audit Log

Some listing data we receive from the Toronto Regional Real Estate Board (TRREB) through the PropTx AMPRE feed is classified as VOW (Virtual Office Website) data — including sold and closed prices, days-on-market history, the listing-history timeline, and additional broker-furnished disclosures. Under §5 of TRREB’s F168 Authorized Agreement, this data may only be displayed to logged-in registered users who have explicitly accepted the TRREB VOW Terms of Use.

• One-Time Consent Modal: The first time you attempt to view VOW-restricted data, a modal will present the TRREB VOW Terms of Use. You must check the agreement box and click “Accept & Unlock VOW Data” to proceed. Your acceptance is recorded with a timestamp, your IP address, your user-agent string, and the terms version in force at acceptance
• What VOW Restricts: Without VOW consent, public IDX fields remain visible (active list price, address, public description, public photos, room counts, etc.). With VOW consent, the additional fields above are revealed for TRREB-sourced listings only
• VOW Access Audit Log: As required by §5 of the F168 Authorized Agreement and the PROPTX Information Security Policy 2024, we record every access to VOW-restricted fields (timestamp, your user identifier, IP address, the listing key viewed, and the field tier accessed) in a tamper-evident audit log
• Public Search-Engine Snippets: VOW data is never embedded in publicly cacheable structured data (e.g., JSON-LD served to search-engine crawlers), even when you are logged in — the JSON-LD schema is treated as permanently public and IDX-only
• 90-Day Sold-Listing Window: Per §5 of F168 and §5 of the PROPTX Information Security Policy 2024, TRREB sold and closed listings cease to be publicly browsable 90 days after their status-change timestamp. The detail page returns HTTP 404 from that point forward, and search engines de-index the URL over time
• Withdrawal of VOW Consent: You may withdraw your VOW consent at any time by emailing [email protected]. Withdrawal will immediately revoke your access to VOW-restricted data; existing audit-log entries are retained for the regulatory minimum (see §9 below) but no new VOW field access will be recorded against your account
• Terms Versioning: If TRREB updates the VOW Terms of Use, the terms-version constant is bumped on our side and you will be re-prompted to review and re-accept the new version on your next visit

7. Electronic Signatures, FINTRAC & Deposit Handling

BuyRealty.ca operates an Ontario-real-estate-focused electronic-signature platform that lets clients and realtors execute Offers to Purchase, Status Certificate requests, OREA Forms (100 / 101 / 801), and other transaction documents from any browser. Our handling of the data inside these workflows is governed by Ontario’s Electronic Commerce Act, 2000, the federal Personal Information Protection and Electronic Documents Act (PIPEDA), the Trust in Real Estate Services Act (TRESA) and the RECO Code of Ethics, and (where applicable) the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (FINTRAC PCMLTFA).

• Encryption at Rest: Uploaded documents are encrypted at rest using AES-256-GCM envelope encryption with per-document data keys; data keys are themselves wrapped by a Key Management Service (KMS) master key. Documents in our object storage are subject to write-once / Object-Lock semantics so that signed evidence cannot be silently mutated
• Encryption in Transit: All communications between your browser, our servers, our payment processor, our timestamp authority, and any integrated regulator endpoint occur over TLS 1.2+ HTTPS
• Tamper-Evident Audit Ledger: Every envelope event is appended to a hash-chained ledger so that any retroactive modification is detectable. Inbound webhooks are signed with HMAC-SHA256 and protected against replay through a UNIQUE-constrained nonce store
• Long-Term Validation Signatures: Final signed PDFs are signed using PAdES B-LTA (Long-Term Archive) profile, embedding RFC 3161 trusted timestamps and revocation evidence sufficient to verify the signature decades after issuance
• TRESA / RECO Compliance Guards: The platform enforces the Information Guide gate, detects Multiple Representation, and validates RECO-required advertising titles before generating client-facing documents
• FINTRAC Identity Records: Where a transaction triggers a FINTRAC obligation, we collect and retain the identity-verification record required by the PCMLTFA. These records are kept under tightened access controls and are released only to FINTRAC under a lawful demand, or to a court under judicial process
• Deposit Handling: Refundable deposits taken through the platform are processed by our PCI-DSS-compliant payment provider (Stripe). We never see or store full payment-card numbers; we receive only an opaque payment-method token, the authorization status, and the capture / refund / chargeback history. The deposit state machine is itself audit-logged
• Bulk Send & Templates: Where a single document is sent to many recipients (e.g., a brokerage-wide policy acknowledgement), each recipient’s signing thread is audit-isolated — one recipient’s actions are never visible to another recipient
• Wet-Signature Hybrid Path: If a recipient cannot sign electronically, the platform supports a hybrid wet-signature export with HMAC-bound tracking codes so that the returned scanned PDF can be cryptographically reconciled against the originally exported document

8. Data Sharing & Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: We use trusted third-party services to operate our platform:
  • Twilio Inc. — for SMS, MMS, WhatsApp, RCS messaging, voice calls, and call recording (verification codes, notifications, and communications)
  • Google Workspace / SMTP — for email delivery
  • Google OAuth / Microsoft OAuth — for agent calendar integration (Google Calendar and Microsoft Outlook) to facilitate tour scheduling
  • OpenStreetMap / Leaflet — for map display
  • IP Geolocation APIs — for approximate location determination from IP addresses
  • Toronto Regional Real Estate Board (TRREB) / PropTx — for the AMPRE OData v4 listing feed used to populate Greater Toronto Area listings; data flow is read-only inbound to BuyRealty.ca and governed by the F168 Authorized Agreement and the PROPTX Information Security Policy 2024
  • Apryse Software — for server-side PDF rendering, OCR, form-field auto-recognition, and signature placement when the Apryse adapter is enabled
  • Stripe Payments Canada Ltd. — for PCI-DSS-compliant processing of refundable deposits and platform fees
  • OREA WebForms — for the Ontario Real Estate Association forms backbone (Form 100, Form 101 Status Certificate, Form 801 trust ledger, and related transaction templates)
  • Teranet Inc. — for Ontario electronic land-registration data integration where required by a transaction
  • RFC 3161 Trusted Time-Stamp Authority (TSA) — for cryptographic timestamps embedded in PAdES B-LTA signatures
  • Amazon Web Services (S3 / KMS) — for encrypted document storage with Object Lock semantics and cloud-managed master keys (when the AWS adapter is enabled)
  • FINTRAC (Financial Transactions and Reports Analysis Centre of Canada) — for mandatory transaction and identity reporting under the PCMLTFA
• Assigned Realtors: When you request a tour or become a party to a signing envelope, your contact information, tour preferences, and signing-status updates are shared with the assigned realtor and the brokerage transaction coordinator on our team to facilitate the transaction
• Counter-Parties to a Transaction: Where you sign a multi-party document (e.g., an Agreement of Purchase and Sale), the other named parties to that envelope — and their representing brokerages — will receive a copy of the executed document, including your signature evidence, as is standard real-estate practice
• Legal Requirements: When required by law, regulation, legal process, or governmental request — including FINTRAC reporting obligations and RECO inspections
• Protection of Rights: When necessary to protect our rights, safety, or property, or that of our users or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction

9. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Where regulators set a minimum retention period, we observe at least that minimum. Specifically:

• Account Data: Retained until you request account deletion
• Favourited Listings: Retained until you remove them or delete your account
• Saved Searches: Retained until you delete them or delete your account
• Tour Requests: Retained for up to 2 years for scheduling history and service improvement
• Family Member Links: Retained until you or the family member requests removal, or until your account is deleted
• Browsing Activity (views): Retained for analytical and service improvement purposes for up to 2 years
• Communication Logs: SMS, WhatsApp, RCS, and other message logs are retained for up to 2 years for customer service and compliance purposes
• Call Recordings: Voice call recordings are retained for up to 2 years for quality assurance and dispute resolution
• Verification Codes: Automatically expire and are deleted after 10 minutes
• Listing Revision History: Property listing change history (price changes, status changes, feature updates) is retained for up to 2 years
• VOW Access Audit Log: Retained for at least 365 days — aligned with both PIPEDA’s general retention principle and the 12-month minimum required by §5 of the TRREB F168 Authorized Agreement; pruned daily by an automated job thereafter
• TRREB Sold / Closed Listings (Public Browsing): Withdrawn from public browsing 90 days after the status-change timestamp, per §5 of F168 and §5 of the PROPTX Information Security Policy 2024
• Signed Document Envelopes & Audit Ledgers: Retained for at least 7 years from envelope completion, in accordance with the Statute of Limitations and standard Ontario real-estate-transaction record-keeping practice; the hash-chained audit ledger is retained for the same period to support legal non-repudiation
• FINTRAC Identity Records: Retained for at least 5 years from the transaction date as required by §69 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act regulations
• Deposit / Trust-Account Records: Retained for at least 6 years as required by RECO under TRESA
• Realtor Personal Documents (RECO License, ID, etc.): Retained at the realtor’s discretion; deleted on request, on departure from the brokerage, or 12 months after the realtor’s RECO registration lapses, whichever comes first
• RECO Brokerage & Roster Cache: Refreshed daily from publicly available RECO data; cached locally for as long as the brokerage remains registered, then purged within 30 days of de-registration

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Secure server infrastructure with firewall protection and a managed Web Application Firewall
• Dual-channel two-factor authentication (email and SMS) for account registration and login
• Tiered MFA challenges (email OTP, SMS OTP, knowledge-based authentication, biometric liveness) gating high-assurance signing operations
• Automatic session expiry after 24 hours of inactivity
• Encrypted communication channels (HTTPS / TLS 1.2+) for all data transmission
• AES-256-GCM envelope encryption at rest for uploaded signing documents, with KMS-managed master keys and Object-Lock-protected storage
• Hash-chained, append-only audit ledgers with HMAC-signed inbound webhooks and replay-protection nonce stores
• AES-256 encryption at rest for high-value API tokens (e.g., the TRREB / PropTx OAuth bearer token), with the raw token never logged or rendered to the admin UI
• Per-realtor private credential vaults protected by deny-all server rules and per-user access checks
• Rate limiting on verification requests, signing-challenge attempts, and account actions to prevent abuse
• Access controls limiting personal-data access to authorized personnel only, with role-based separation between brokerage administrators, realtors, and support staff

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Your Rights Under PIPEDA

As a user in Canada, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct any inaccurate or incomplete personal information
• Deletion: Request that we delete your personal information and account, including any linked family member associations. You may also contact us to have your account and all associated data removed. Note that signed documents, FINTRAC records, deposit records, and the VOW access audit log are subject to the regulator-mandated minimum retention periods set out in §9 above and cannot be deleted before those minimums expire
• Withdraw Consent: Withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. VOW consent specifically may be withdrawn by emailing [email protected] — doing so immediately revokes your access to VOW-restricted data
• Complaint: File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated

12. Cookies

We use cookies and similar technologies to:

• Maintain your login session and authentication state
• Remember your search preferences and filter settings
• Store map viewport state for a seamless browsing experience
• Persist signing-envelope routing context across multi-step verification flows
• Improve site performance and user experience

You can control cookies through your browser settings. Disabling cookies may limit your ability to use certain features of our site, such as saving favourites, completing a signing envelope, and maintaining a logged-in session.

13. Third-Party Links & Social Sharing

Our website includes social sharing features that allow you to share listings via Facebook, X (formerly Twitter), LinkedIn, WhatsApp, Telegram, Reddit, Pinterest, and your device’s native sharing options. When you use these features, you may be redirected to third-party platforms governed by their own privacy policies. We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies independently.

14. Children’s Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information.

15. Compliance Frameworks

This Privacy Policy and our handling of your personal information are designed to comply with the following Canadian and Ontario regulatory frameworks:

• PIPEDA — Personal Information Protection and Electronic Documents Act (federal)
• CASL — Canada’s Anti-Spam Legislation (federal)
• TRESA — Ontario’s Trust in Real Estate Services Act, 2002, including the RECO Code of Ethics and Information Guide / Multiple Representation disclosure rules
• PCMLTFA — Proceeds of Crime (Money Laundering) and Terrorist Financing Act (FINTRAC reporting and identity-record retention)
• Electronic Commerce Act, 2000 — Ontario electronic-signature legal-effect statute
• F168 Authorized Agreement — Toronto Regional Real Estate Board’s IDX / VOW data-display authorization
• PROPTX Information Security Policy 2024 — the technical and audit-logging requirements TRREB applies to AMPRE / PropTx data consumers
• CRTC Unsolicited Telecommunications Rules — including National Do Not Call List (DNCL) compliance for any voice or SMS marketing

16. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Changes will be effective immediately upon posting to this page. We will update the “Last Updated” date at the top of this policy. Material changes affecting how we handle TRREB VOW data, electronic-signature documents, or FINTRAC records will additionally be communicated to active users by email. We encourage you to review this page periodically. Continued use of the site after changes constitutes acceptance of the revised policy.

17. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how your information is handled, please contact us:

• General Privacy Inquiries: [email protected]
• Client Services: [email protected]
• Phone: (647) 691-6364
• Mail: 401 Magnetic Drive, Unit 12, Toronto, ON M3J 3H9

You may also contact the Office of the Privacy Commissioner of Canada if you have unresolved privacy concerns.