Privacy Policy
Sterling Authority Last updated: [Date TBD] Effective date: [Date TBD]
1. Introduction
This Privacy Policy explains how Sterling Authority (“Sterling Authority,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you use our website, contractor application process, homeowner service request forms, contractor dashboard, email and SMS communications, and related services (together, the “Services”).
Sterling Authority operates a referral, matching, and routing platform. We help connect homeowners who submit service requests with independent contractors who participate in our network. We use platform rules to route requests and offer opportunities to contractors based on service type, geographic area, availability, and rotation — not to perform home services ourselves.
Important: Sterling Authority is not a contractor and does not perform home services. Contractors in our network are independent businesses. They are not our employees, agents, or partners. If you choose to hire a contractor, any service agreement is between you and that contractor — not with Sterling Authority.
This Privacy Policy applies to visitors, contractors, homeowners, guest review participants, and others who interact with Sterling Authority through the Services.
Other documents may govern separate matters, such as platform terms or service-specific consent. Where those documents exist, they apply in addition to this Privacy Policy.
Our Services are intended for use in Canada, with an initial focus on Ontario. We handle personal information in accordance with applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) where it applies.
If you do not agree with this Privacy Policy, please do not use the Services or provide personal information to us.
2. Information We Collect
We collect personal information depending on how you use the Services.
Website visitors
- Anonymous session identifiers, page paths, event names, and city/market context (first-party analytics)
- First-touch marketing parameters (such as UTM tags or referrer URL) on certain pages
- We do not intentionally collect your name, email, or phone number through analytics
Contractors
- Contact and business information: name, business name, email, phone, postal code, trade/service type, experience, and related application responses
- Self-reported compliance information: WSIB, insurance, and licence answers you provide — we do not independently verify these through this policy or represent them as confirmed
- Network and operational records: application status, routing activity, job offers and responses, communications, and platform dispute records where applicable
- Account information: login credentials managed through our authentication provider
- Application drafts may be stored temporarily in your browser (localStorage) before submission
- In some markets, we may store contact snapshots from incomplete application flows for operational follow-up
Homeowners
- Contact information: name, phone number, email address
- Location and service details: postal code or FSA, service type, job description, and related intake fields collected on the form
- Operational records: acknowledgment emails and routing records
Requests may be submitted through a public form or entered by a Sterling Authority operator through internal intake tools.
Guest review participants
- Name, email, phone, company, professional title, profile links, program notes, and access records where you participate in our confidential review program
Communications and SMS
- Email addresses, phone numbers, message content, and delivery metadata when you communicate with us or when we send operational messages (including contractor job-offer SMS and YES/NO replies)
Authentication
- Email address, hashed password (via our authentication provider), session cookies, and signed cookies used for limited access flows such as application status pages
3. How Information Is Collected
- Directly from you — forms, applications, service requests, login, and support messages
- Automatically — first-party analytics, session storage, cookies, and server logs
- From service providers — email and SMS delivery and receipt on our behalf
- From operators — when authorized staff enter or process information in internal intake or platform workflows
We do not use third-party advertising or analytics platforms identified in our current platform configuration.
4. How We Use Information
We use personal information to:
- Operate the referral, matching, and routing platform
- Process contractor applications for network participation — not to certify, endorse, or guarantee contractor qualifications
- Route homeowner service requests and manage offers, acceptances, and rotation
- Send operational emails and SMS (applications, opportunities, acknowledgments, support)
- Authenticate users and protect platform access
- Analyze anonymous funnel activity and improve the Services
- Follow up on incomplete applications where contact snapshots are used
- Manage guest review and partnership outreach programs where applicable
- Maintain consent and legal acceptance records where recorded
- Detect abuse, respond to lawful requests, and manage platform-related disputes
We do not use personal information to guarantee contractor quality, licensing, insurance, workmanship, or project outcomes. Information collected in applications and intake is used to operate platform routing — not as a public statement that any contractor is verified, endorsed, or approved for safety or compliance purposes.
5. Sharing and Disclosure
We do not sell personal information.
A. Sharing between homeowners and contractors (routing)
Sterling Authority routes homeowner requests through the network. Sharing depends on the stage of routing:
During routing and offers: We may share limited job context with a contractor who is offered an opportunity — for example, service type and general location information needed to decide whether to respond. In current platform workflows, full homeowner contact details are generally provided after a contractor accepts an opportunity, so the contractor can contact you about that specific request.
What may be shared after acceptance: Name, phone number, email address, service details, and location information relevant to the job.
What we do not do: Sharing information through the platform does not mean Sterling Authority endorses, guarantees, or verifies the contractor, their licence, insurance, or work quality.
Homeowner communications from Sterling Authority: We may email you about your request (for example, an acknowledgment that we received it).
Contractor communications with homeowners: If you choose to engage a contractor, that contractor may contact you directly. That relationship is between you and the contractor.
Contractors who receive homeowner information are independent businesses responsible for their own use of that information and compliance with applicable law.
B. Service providers
We use service providers to host and operate the Services. They process personal information on our behalf:
| Service provider | Role |
|---|---|
| Supabase | Database, authentication, and file storage |
| Vercel | Website and application hosting |
| Resend | Outbound email delivery |
| Twilio | SMS send and receive (contractor job offers and replies) |
| Mailgun | Inbound email capture where configured |
These providers may process information in Canada, the United States, or other jurisdictions where they operate. We use contractual and organizational measures intended to protect personal information processed on our behalf. Processor locations and agreements are subject to confirmation before final publication.
C. Internal access
Authorized operators may access personal information to operate the platform, including application processing, routing, communications, and administration.
D. Legal and safety
We may disclose information when required by law or when we believe disclosure is necessary to protect rights, safety, security, or integrity of the Services.
E. Business transactions
Personal information may transfer as part of a merger, acquisition, or sale of assets, subject to applicable law.
6. Cookies and Analytics
We use authentication cookies, signed status cookies (where applicable), and first-party analytics via sessionStorage (anonymous session ID, page paths, limited attribution data).
We do not currently use third-party advertising cookies or third-party analytics platforms identified in our codebase.
You can control cookies through browser settings. Clearing session or local storage may affect login, analytics, or unsaved application drafts.
7. Retention
We retain personal information only as long as reasonably necessary for the purposes in this policy, unless law requires a longer period.
Formal retention periods are not yet finalized. Until an approved schedule is published, we apply these principles:
| Data category | Retention principle | Owner decision status |
|---|---|---|
| Contractor applications and network records | Active participation + reasonable post-exit period | Period TBD |
| Homeowner requests and routing records | Operational, support, and audit needs | Period TBD |
| Email and SMS ledgers | Support and operational audit needs | Period TBD |
| Analytics (anonymous sessions) | Internal reporting needs | Period TBD |
| Guest review / partnership records | Program duration + reasonable follow-on period | Period TBD |
| Legal acceptance records | Audit and compliance history | Period TBD — counsel input |
| Authentication accounts | While active + reasonable inactivity period | Period TBD |
When information is no longer needed, we delete, anonymize, or securely isolate it in accordance with internal practices and applicable law.
8. Security
We use reasonable administrative, technical, and organizational measures to protect personal information, including access controls and restricted access to sensitive operational data.
No system is completely secure. If you believe your information has been compromised, contact us using Section 11.
9. Privacy Accountability and Complaints
Sterling Authority is responsible for personal information under our control, consistent with PIPEDA’s accountability principle.
Privacy contact: [Privacy contact name/title TBD] Email: support@sterlingauthority.com *(or dedicated privacy address — owner decision)* Mailing address: [Registered mailing address TBD]
How to raise a privacy concern
1. Contact us using the details above with enough information to identify you and describe your request or concern. 2. We will review and respond within a reasonable timeframe as required by applicable law. *(Specific response SLA — owner/counsel decision.)* 3. If your concern is not resolved to your satisfaction, you may contact the Office of the Privacy Commissioner of Canada:
Office of the Privacy Commissioner of Canada Website: [https://www.priv.gc.ca](https://www.priv.gc.ca)
Data breaches
If a breach of security safeguards creates a real risk of significant harm, we will notify affected individuals and take other steps as required by applicable law. *(Detailed breach procedures — internal; not a public compliance program.)*
We require service providers that process personal information on our behalf to protect it through appropriate contractual and security measures, subject to confirmed processor agreements.
10. Your Rights and Choices
Under PIPEDA and applicable Canadian privacy law, you may have the right to:
- Request access to personal information we hold about you
- Request correction of inaccurate information
- Withdraw consent where we rely on consent, subject to legal or operational limits
- Ask questions about our privacy practices
Contact us using Section 11. We may verify your identity before responding.
Service choices:
- You choose what information to submit in applications and service requests.
- Email and SMS opt-out mechanisms for commercial messages will be implemented where required before related features launch. See our Electronic Communications Consent / CASL Notice when published.
- Withdrawal of consent may limit your ability to use certain features (for example, job-offer SMS for contractors).
We may retain certain information where required by law or for legitimate purposes such as fraud prevention or dispute resolution.
Children: The Services are not directed to individuals under 18. We do not knowingly collect personal information from children.
11. Contact Information
Sterling Authority — Privacy Inquiries Email: support@sterlingauthority.com Mailing address: [Registered mailing address TBD]
12. Policy Updates
We may update this Privacy Policy from time to time. We will post the updated version and revise the “Last updated” and “Effective date” above.
Material changes may be communicated as required by law or as otherwise appropriate.
Your continued use of the Services after an updated policy becomes effective constitutes acceptance, except where further consent is required by law.
End of Privacy Policy Draft V2 — draft only, not for publication.