Privacy Policy — full text

Elevate Compliance helps commercial property managers track compliance-related requirements, inspections, vendors, documents, greenhouse gas and energy reporting records, audit-readiness workflows, and portfolio risk signals.

This document describes the types of information Elevate may collect, how it may be used, and the providers that may process it. It is intended for customers and pilot prospects evaluating Elevate’s data handling practices.

Account data: user name, business email, organization name, role, authentication identifiers, account settings, and login-related metadata.

Organization data: customer organization name, account configuration, subscription or pilot status, billing contact details, team membership, and administrative preferences.

Property and building data: property names, addresses, city, province, postal code, square footage, building type, year built, ownership or management context, notes, module activation, and portfolio-level data.

Equipment data: fire, elevator, HVAC, or other equipment records; equipment type; location; serial or identifier fields; inspection cadence; assigned vendors; notes; and linked requirements.

Vendor and contact data: vendor names, trade types, contact names, email addresses, phone numbers, websites, service notes, insurance or license metadata, WCB or safety-related metadata, and property or equipment assignments.

Inspection and compliance records: inspection due dates, completion dates, statuses, assigned vendors, requirements, notes, deficiencies, linked equipment, linked documents, and audit-readiness records.

Uploaded documents and certificates: uploaded inspection reports, certificates, maintenance logs, vendor records, insurance documents, license documents, energy reports, greenhouse gas submission records, and related metadata such as document type, issue date, expiry date, status, file name, and storage path.

GHG and energy reporting data: reporting years, reporting thresholds, report status, submission deadlines, submitted dates, energy or emissions-related records, and linked supporting documents.

Support communications: emails, messages, call notes, support requests, bug reports, pilot feedback, screenshots, and other communications with Elevate.

Billing metadata through Stripe: Stripe processes payment information directly. Elevate may receive billing metadata such as customer ID, subscription status, invoice records, payment status, billing email, and partial payment method details. Elevate does not store full card numbers when payments are processed through Stripe.

Usage, log, and device data: timestamps, IP address, browser or device information, session events, page visits, feature usage, error logs, audit logs where available, security logs, and system diagnostics.

Elevate may use information to:

• provide, operate, secure, and support the platform;
• authenticate users and manage organization-scoped access;
• display property, equipment, inspection, vendor, document, and reporting records;
• generate reminders, dashboards, action queues, gap reports, audit-readiness exports, and workflow views;
• process uploads and store documents;
• suggest metadata or extraction outputs when AI-assisted processing is enabled;
• process billing and manage subscriptions or pilot accounts;
• respond to support requests and troubleshoot issues;
• improve reliability, usability, security, and product quality;
• detect misuse, prevent unauthorized access, and protect customer data;
• comply with legal obligations and enforce agreements.

Elevate does not use customer documents or customer-specific compliance records for unrelated purposes, advertising, or model training.

Customers are responsible for ensuring they have the right to upload, store, process, and share property records, vendor information, certificates, reports, and other documents in Elevate Compliance. Customers are responsible for reviewing data quality, verifying extracted metadata, and deciding whether information is appropriate for their compliance, operational, audit, legal, insurance, or lender workflows.

Elevate uses third-party subprocessors for database, authentication, storage, hosting, payment processing, transactional email, AI processing, source-code operations, business email, support, analytics, and security operations.

The current subprocessor list — including provider, purpose, data categories, and region status — is published at /subprocessors.

Elevate Compliance uses OpenAI API services for AI-assisted document date and field extraction. When AI extraction is used on a customer document, the document content (uploaded file, images, or extracted text) and limited metadata such as the document type may be sent to OpenAI for the sole purpose of returning extraction suggestions.

AI-assisted outputs are suggestions that require human review and confirmation before they become saved records. Elevate does not use AI extraction to certify compliance, verify legal obligations, or guarantee document accuracy. AI extraction is assistive — customers may enter inspection and document dates manually if they prefer not to send a file to OpenAI.

OpenAI processes data sent to its API in accordance with its own privacy and data-handling terms. Elevate does not use customer documents or extraction results for advertising or model training.

Elevate uses Supabase for database, authentication, and private document storage; Vercel for application hosting; Stripe for billing; and OpenAI for AI extraction. Provider regions and processing locations are listed at /subprocessors.

Elevate does not currently make a Canadian data residency claim. Customers requiring guaranteed Canadian-only data processing should contact info@elevatefacilityservices.ca before uploading sensitive documents.

Elevate is designed around organization-scoped access. Users access only the organizations and records they are authorized to use. The architecture uses Supabase Auth and Supabase / PostgreSQL row-level security to restrict tenant-scoped data by organization membership.

Private customer documents are stored in private storage and accessed only through authenticated application workflows or time-limited signed URLs.

Elevate personnel and authorized contractors access customer data only when needed to provide support, troubleshoot issues, maintain security, fulfill contractual obligations, or perform customer-authorized services. Customer documents are treated as confidential and are not moved into unapproved tools, personal accounts, or unmanaged communication channels.

Customer data is retained for as long as needed to provide the service, satisfy contractual obligations, comply with legal or accounting requirements, resolve disputes, enforce agreements, and maintain security.

Customers may request export or deletion of data, subject to identity verification, technical limitations, legal retention requirements, backup retention, billing record retention, and any applicable agreement. Requests may be sent to info@elevatefacilityservices.ca.

Under BC PIPA, PIPEDA, and other applicable privacy law, individuals may have rights to access, correct, delete, restrict, or obtain information about personal information processed by Elevate. Elevate will respond to verified privacy requests within 30 days where required by law.

Privacy requests may be sent to:
Elevate Facility Services Ltd
250-997 Seymour Street
Vancouver, British Columbia V6B 3M1
info@elevatefacilityservices.ca

Elevate maintains a process for investigating suspected security incidents, mitigating harm, preserving evidence, communicating with affected customers where appropriate, and satisfying legal notification obligations. Detailed security practices are described at /security.

Elevate Compliance is a business software product for commercial property operations. It is not intended for children or for personal household use.

Elevate may update this policy as the product, providers, legal requirements, or operating practices change. Material changes will be communicated to registered users by email where practicable.

Privacy questions or requests may be sent to:

Elevate Facility Services Ltd
250-997 Seymour Street
Vancouver, British Columbia V6B 3M1
info@elevatefacilityservices.ca