Privacy policy
StreamBuild provides an operations platform for non-profit funding agencies. This policy explains what we collect, why, and how we protect it, in line with PIPEDA.
1. What we collect
- Account data. Names, work email addresses, and sign-in records for agency staff and invited reviewers.
- Agency data processed on your behalf. The organizations, contacts, applications, documents, and email your agency manages in StreamBuild. Your agency is the controller of this data, and we process it under your instructions.
- Public form submissions. Information applicants submit through an agency's intake forms is collected for that agency and governed by that agency's own privacy practices in addition to this policy.
- Service telemetry. Logs and usage metrics needed to operate and secure the service.
2. Where data lives
Customer data is stored in Google Cloud's Canadian region in Toronto. Each agency's data is held in a physically separate database.
3. AI features
AI-generated drafts use Anthropic's API under a zero data retention arrangement: content sent for processing is not retained or used to train models. Every AI generation records which sources it read, and outputs require human review before they are filed.
4. Subprocessors
Google Cloud handles hosting in Canada. Anthropic handles AI processing. Cloudflare handles the website and network. We maintain a current list here as it changes.
5. Retention and deletion
Agency data is retained while an agreement is active. On termination, we provide a complete export and delete the agency's database after a grace period.
6. Your rights
To access, correct, or delete personal information, contact your agency for data it controls, or contact us directly. We respond to PIPEDA requests within 30 days.
This document is a working draft published for transparency during StreamBuild's development phase and will be reviewed by counsel before commercial launch.