Privacy Policy

Last updated: January 29, 2026

1. Introduction

BrokerOS ("we," "our," or "us") is committed to protecting your privacy and the privacy of your clients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mortgage broker platform and services.

2. Information We Collect

2.1 Client Information

We collect client information that you provide, including but not limited to:

  • Personal identification information (name, date of birth, address)
  • Contact information (email, phone number)
  • Financial information (income, employment details, property information)
  • Documentation related to mortgage applications

2.2 ID Document Scanning

When you use our ID scanning feature to extract client information from government-issued identification documents (driver's licenses, passports, provincial ID cards), the following applies:

  • In-Memory Processing Only: ID documents are processed entirely in memory. The document image or PDF is never stored on our servers, in our database, or in any persistent storage.
  • Third-Party AI Processing: To extract information from ID documents, we use Google Gemini AI service. Your client's ID document is securely transmitted to Google's servers for processing.
  • Data Transmission: Documents are sent to Google via encrypted HTTPS connections.
  • Immediate Discard: After information extraction is complete, the document is immediately discarded from memory. Only the extracted text data (name, address, date of birth, etc.) is retained in your application records.
  • Google's Data Retention: Google may retain the document data for up to 18 months according to their privacy policy. We recommend reviewing Google's privacy policy for details on their data handling practices.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our mortgage broker platform services
  • Process mortgage applications and calculate financial ratios
  • Match clients with appropriate lenders
  • Generate submission documents and reports
  • Improve our services and user experience
  • Comply with legal obligations and regulatory requirements

4. Third-Party Services

4.1 Google Gemini AI

We use Google Gemini AI to extract information from ID documents. When you upload an ID document:

  • The document is sent to Google's servers for AI-powered text extraction
  • Google processes the document according to their privacy policy and terms of service
  • We do not control Google's data retention or usage policies
  • You can review Google's privacy policy at:https://policies.google.com/privacy

4.2 Other Third-Party Services

We may use other third-party services for hosting, analytics, and other operational purposes. All third-party services are required to maintain appropriate security measures and comply with applicable privacy laws.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (HTTPS) and at rest
  • Access Controls: Multi-tenant architecture with Row-Level Security (RLS) ensures data isolation between organizations
  • Authentication: Secure authentication and authorization mechanisms
  • Audit Logging: All sensitive operations are logged for security and compliance
  • No Local Storage of IDs: ID documents are never stored on our servers - they are processed in memory only and immediately discarded

6. Data Retention

We retain your application data and client information for as long as necessary to provide our services and comply with legal obligations. ID document images are never stored - only the extracted information is retained in your application records.

7. Your Rights (PIPEDA Compliance)

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to:

  • Access your personal information
  • Request correction of inaccurate information
  • Withdraw consent for data processing (subject to legal and contractual obligations)
  • File a complaint with the Privacy Commissioner of Canada

To exercise these rights, please contact us at the information provided below.

8. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

BrokerOS Privacy Team

Email: privacy@brokeros.com

Address: [Your Business Address]

Important Notice About ID Scanning

When you use our ID scanning feature, your client's identification document is processed by Google Gemini AI. The document is never stored on our servers - it is processed entirely in memory and immediately discarded after information extraction. However, Google may retain the document data according to their privacy policy. By using this feature, you acknowledge and consent to this third-party processing.