Cornerstone ContractsBack to home

Privacy Policy

Last updated: April 21, 2026

1. Introduction

Cornerstone Contracts Inc. ("we", "us", or "our") operates the Cornerstone Contracts platform at cornerstonecontracts.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our service, in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

2. Information We Collect

We collect the following categories of personal information:

  • Account information: Email address, password (hashed), company name or full name, and role (contractor or subcontractor).
  • Professional profile: Trade specialties, certifications, insurance details, preferred regions, crew size, bonding capacity, and other details you provide during onboarding.
  • Usage data: Pages visited, features used, and interaction timestamps for improving the service.
  • Device data: IP address, browser type, and operating system collected automatically via server logs.

3. How We Use Your Information

  • AI matching: We use your professional profile to match you with relevant bid opportunities using artificial intelligence. Your profile data is sent to third-party AI services (Google Gemini) for this purpose.
  • Proposal generation: For high-confidence matches, we generate draft bid proposals using AI based on your profile and the job posting details.
  • Communications: We send transactional emails including daily match digests and account notifications via our email provider (Resend).
  • Service improvement: We analyze usage patterns to improve the platform.

4. Third-Party Services

We use the following third-party services that may process your data:

  • Supabase: Authentication and database hosting (SOC 2 Type 2-certified platform, data stored in Canadian/US data centers).
  • Stripe: Payment processing for Pro and Enterprise subscriptions (billing information is transmitted directly to Stripe and not stored by us).
  • Anthropic (Claude) & Google Gemini AI: AI-drafted proposal generation. Only the specific match and your relevant profile fields are sent per request.
  • Resend: Transactional email delivery (daily match digests, account notifications).
  • Vercel: Application hosting and serverless functions.
  • Upstash: Rate limiting to protect against abuse.
  • Sentry: Error monitoring and performance telemetry (IP, user agent, stack traces; no profile data).
  • PostHog & Google Analytics: Product analytics, loaded only after you accept our cookie banner. Anonymous page views, feature usage, and aggregated funnels.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our services. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention).

6. Your Rights

Under PIPEDA and applicable provincial legislation, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Withdraw consent for non-essential data processing.
  • Request deletion of your account and associated data.
  • Opt out of marketing communications at any time via your account settings.

7. Cookies

Essential cookies are required for authentication and session management and cannot be disabled. Analytics cookies (PostHog, Google Analytics) are loaded only after you accept the cookie banner on your first visit and can be cleared from your browser or revoked by settinglocalStorage['cookie-consent'] = 'declined' and reloading. We do not use third-party advertising cookies.

8. Security

We implement industry-standard security measures including encrypted connections (TLS), hashed passwords, row-level security on our database, rate limiting, and timing-safe secret comparisons to protect your data.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy questions or to exercise your rights under PIPEDA, contact our Privacy Officer at contact@cornerstonecontracts.com. We respond within 30 days as required by PIPEDA.

Cornerstone Contracts Inc.
Privacy Officer, c/o Joseph Morrison
Edmonton, Alberta, Canada