Quebec Law 25 Compliant

Privacy Policy

Last Updated: May 14, 2026 · Sourri.com

Notice: This policy is a foundational draft tailored to Quebec's Law 25 and standard SaaS protections. It reflects the data mapping, AI architecture, and tiered business model of Sourri.

This Privacy Policy outlines how Sourri ("we," "us," or "our") collects, uses, and protects personal information in accordance with the Act respecting the protection of personal information in the private sector (Quebec's Law 25) and other applicable Canadian privacy legislation.

1. Information We Collect

Account Data

When you create an account or sign in, we collect your name, email address, billing information, and access credentials necessary to provide our Standard and Premium services.

AI Inputs

Information entered into our AI marketing generator, including property features and contextual data. Users are strictly prohibited from entering sensitive third-party personal information into any AI input field.

Usage & Technical Data

Application logs, interactions with external data services (GIS, Census, Address Validation), system telemetry, browser type, device information, and API endpoint usage metrics collected automatically when you access the platform.

Cookies

We use essential cookies only — HttpOnly, Secure cookies to maintain your authenticated session. We do not use tracking, analytics, or advertising cookies. Cookie consent preferences are stored in browser localStorage.

2. How We Process AI Data (Automated Processing)

Sourri employs artificial intelligence (via enterprise-grade APIs) to assist in generating real estate marketing descriptions. By using these features, you acknowledge that:

Your inputs are processed using large language models.
No Model Training: Your data and AI inputs are never used to train the underlying foundation models. We utilize enterprise API agreements to ensure your data remains isolated.
Data Retention (TTL): Chat logs and AI interaction histories are retained strictly for Quality Assurance and system auditing purposes. These logs are automatically deleted after 30 days.

3. Data Storage & Cross-Border Transfers

To provide our services, Sourri securely hosts its databases on Amazon Web Services (AWS) servers located outside the province of Quebec, specifically in Virginia, United States. By using our platform, you acknowledge and consent that your information will be transferred to, stored, and processed in this jurisdiction. We have conducted a Privacy Impact Assessment (PIA) to ensure that your data receives adequate legal and technical protection while hosted in this jurisdiction, equivalent to the standards required by Quebec's Law 25. We utilize enterprise-grade security, including encryption in transit and at rest, to safeguard your information. Our application servers operate out of Toronto, Ontario. By using Sourri, you consent to the transfer of your data outside the Province of Quebec.

We have conducted a Privacy Impact Assessment (PIA) to ensure that your data receives adequate legal and technical protection while hosted in this jurisdiction, equivalent to the standards required by Quebec's Law 25.

4. Your Rights (Law 25)

Under Quebec law, you hold the following rights regarding your personal information:

Right to Access: Request a copy of the personal information we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete information.
Right to Deletion (De-indexing): Request the deletion of your personal information.
Right to Data Portability: Request your data in a structured, portable format.
Right to Withdraw Consent: Withdraw consent for non-essential data processing at any time.

To exercise any of these rights, or to reach our designated Privacy Officer, please email: privacy@sourri.com.

5. Data Security

We implement appropriate technical and organizational safeguards, including:

Encryption: All data in transit is encrypted via TLS/SSL.
Password Protection: Passwords are hashed using industry-standard bcrypt.
Access Controls: Strict role-based access controls limit internal data access.
Regular Audits: Periodic security audits and vulnerability assessments.
Secure Infrastructure: Servers hosted on professionally managed, hardened infrastructure.

We do not sell, trade, or rent your personal information to third parties. Disclosure is limited to service providers under confidentiality obligations, legal requirements, or business transfers.

6. Cookies

We use essential cookies only. No third-party tracking, advertising, or analytics cookies are deployed on Sourri.com.

Authentication cookies are HttpOnly and Secure, preventing client-side script access.

7. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a child, contact us immediately at privacy@sourri.com.

8. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be communicated by updating the "Last Updated" date above and, where appropriate, via email notification to registered users.

Continued use of Sourri after changes are posted constitutes acceptance of the updated policy.

9. Contact & Privacy Officer

For questions, concerns, or to exercise your rights under Law 25, contact our Privacy Officer:

Email: privacy@sourri.com

Website: sourri.com

You may also file a complaint with the Commission d'accès à l'information (CAI) at cai.gouv.qc.ca.