Sign In
Start Home Assessment

Cobnect Privacy Policy

Effective date: October 6, 2025

Applies to: Cobnect Inc. websites, applications, and related online services (the “Services”).

Cobnect Inc. (“Cobnect”, “we”, “us”, “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information in Canada, including under the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial private-sector laws in Québec, British Columbia, and Alberta.

About Cobnect:  Cobnect Inc. is a Canadian technology company providing web-based tools that, with the help of AI and machine learning, help homeowners and professionals evaluate and improve residential home performance in terms of energy, comfort, and sustainability indicators and, where requested, connect with contractors, suppliers, utilities, and incentive programs.

1)Who we are & how to contact us

Organization: Cobnect Inc.

Privacy Officer: Saman Sakhaei
Privacy Officer Email Address: info@cobnect.com

Cobnect’s Privacy Officer is responsible for compliance with this Policy and applicable privacy laws.

2) Scope and legal framework

This Policy explains how we collect, use, disclose, store, and protect personal information in connection with the Services.

  • Primary law: PIPEDA (Personal Information Protection and Electronic Documents Act) applies to Cobnect’s private-sector activities and to interprovincial/international data flows.
  • Province-specific: For activities occurring within the provinces of Québec, British Columbia, and Alberta, Cobnect also complies with those provinces’ private-sector privacy laws (Québec’s private-sector law as amended by Law 25; BC PIPA; AB PIPA).
  • If any provision of this Policy conflicts with applicable law in your jurisdiction, the law prevails.
  • For information about the EnerGuide status of Cobnect outputs and eligibility for incentives, see our Terms of Use.

3) Definitions

  • “Personal information” means information about an identifiable individual and includes information that can reasonably be linked to an individual (e.g., a specific property address provided by a user). Name, title, business address, business telephone number, and business email used solely to communicate with an individual in their employment, business, or professional capacity is not personal information under PIPEDA.
  • “Service provider” means third-party vendors, consultants, hosting providers, analytics providers, and other organizations engaged by Cobnect to process personal information strictly on Cobnect’s behalf and under Cobnect’s instructions.
  • “Partner” means third-party entities that collaborate with Cobnect but determine their own purposes and means in certain activities. Independent Partners are not under Cobnect’s control and may process personal information in accordance with their own privacy practices. Examples include municipalities, licensed real estate brokerages and their affiliated platforms, utilities, and program administrators responsible for incentives and rebates.

4) What we collect

Depending on how you use the Services, we may collect:

  1. Identification & contact — name, email, province, account credentials.
    B. Property & household — street address, postal code, dwelling type, year built, number of storeys, equipment and building-envelope attributes and retrofit history.
    C. Utility & usage — self-reported bills; where you authorize, consumption/interval data from utilities or connected devices; incentive eligibility inputs.
    D. Images & media — photos/video you upload for remote assessment (e.g., equipment nameplates, attic/basement).
    E. Device & technical — IP address, device/browser/OS, pages viewed, timestamps, approximate geolocation derived from IP, and cookie identifiers (see Section 10).
    F. Communications — emails, messages, support tickets, survey responses, and call recordings where notice is given.
    G. Transactional — subscriptions, purchases; Cobnect does not store full payment card numbers (payments are processed by PCI-compliant providers).
    H. Professional/B2B Information — Real estate agents and brokerages, contractor and supplier business details (licenses, service areas), business contact information.

We collect personal information (i) directly from you; (ii) automatically from your device/browser; (iii) from service providers; and (iv) from third-party data sources and APIs with your authorization or as permitted by law (e.g., municipal/assessment records, utility interfaces, smart-home platforms, building-permit/open-data registries, mapping/geo datasets, and licensed data providers). When such data relates to an identifiable individual, we treat it as personal information.

5) Purposes and legal basis

Cobnect collects and uses personal information only for purposes a reasonable person would consider appropriate, including to:

  1. Provide and maintain the Services — account creation, identity/authentication, reports/dashboards, benchmarks, troubleshooting.
  2. Generate indicators and recommendations — statistical/AI models produce informational outputs to help you understand a property and potential upgrades.
  3. Marketplace & matching (at your request) — connect you with contractors, suppliers, energy advisors, utilities, and program administrators; share only what is necessary to obtain quotes, validate incentives, schedule, or perform work.
  4. Support & communications — respond to inquiries, send service notices and policy updates; marketing communications only with consent (see Section 13).
  5. Security & integrity — prevent, detect, and investigate fraud, abuse, and security incidents; protect accounts and our platform.
  6. Compliance — meet legal, tax, accounting, and regulatory obligations; manage disputes; enforce agreements.
  7. Research & product development — de-identify and aggregate information to improve models and features (see Section 9).

Consent: We rely on your consent (express or implied, depending on context/sensitivity). You may withdraw consent at any time, subject to legal/contractual restrictions and reasonable notice; we will explain the likely consequences of withdrawal (e.g., certain features may no longer function).

6) Disclosures (who we share with and why)

Cobnect does not sell or rent personal information. We disclose personal information only as follows:

  1. a) Service providers: Hosting/cloud, analytics, email and communications tools, payment processors, customer support, security and logging. These providers act on Cobnect’s instructions under written terms that require appropriate safeguards and prohibit secondary use.
  2. b) Newsletters and mailing lists: If you subscribe to newsletters or similar communications, your name and email may be shared with a third-party provider that manages our mailing lists and delivers emails on our behalf.
  3. c) Strategic partnerships: We may cooperate with municipalities, brokerages, utilities, program administrators, or similar partner organizations to deliver incentives or products, collect voluntary survey insights, or conduct joint outreach/education. We disclose only what is necessary and only with your consent or as otherwise permitted by law. You may opt out of partner marketing at any time (see Section 13).
  4. d) API providers and data licensors. Where we retrieve house characteristics or usage data via an API or licensed feed (e.g., assessment attributes, energy usage, device telemetry), the provider may act (i) as our service provider (processing under contract) or (ii) as an independent organization (processing under its own privacy policy). We limit requests to the minimum fields needed and keep audit logs of access. We prohibit uses inconsistent with this Policy. Where feasible, we identify the API provider at the time of connection. We do not disclose raw third-party data onward except (i) to provide the Services you request, (ii) to our service providers under contract, or (iii) as required or permitted by law.
  5. e) Contractors and suppliers at your request. When you ask us to connect you with a contractor/supplier/energy advisor/utility/program administrator, we disclose only the information required to fulfill your request.
  6. f) Legal and regulatory. Courts, regulators, or law enforcement where required or permitted by law (e.g., subpoenas, lawful requests, protection of rights, safety, and security).
  7. g) Corporate transactions. In a merger, acquisition, financing, or sale, personal information may be transferred under confidentiality obligations and only as permitted by law.

7) Third-party APIs & connected accounts

  1. Authorization and revocation. Where required, we will request your authorization before connecting to third-party APIs or data feeds. You may revoke access at any time; upon revocation we cease further pulls and invalidate tokens, subject to legal/operational retention requirements.
  2. Minimization and purpose limitation. We request only the minimum fields needed for the stated purpose (e.g., generating a report, validating incentives) and do not use API data for unrelated purposes.
  3. Security of credentials. We do not store your third-party account passwords. Tokens are encrypted, access-controlled, rotated as appropriate, and logged.
  4. Accuracy and corrections. If you dispute the accuracy of third-party data, contact us. We will annotate or update our records and, where feasible, help direct you to the source or transmit a correction request.
  5. Independent organizations. Where the API provider is an independent organization, its privacy policy governs how it handles data. Cobnect limits its own use and disclosure to the purposes described in this Policy.

8) Google Sign-In & OAuth Data

  • What we receive: If you choose Continue with Google, we receive basic Google account information you authorize (e.g., Google user ID, name, email address, and profile image).
  • Purpose: To authenticate you, create/manage your Cobnect account, and personalize your experience.
  • Storage & retention: We store your Google user ID and email to maintain your account while it is active. If you disconnect Google or close your account, we cease further access and delete or de-identify OAuth-derived data not required for legal, tax, security, or fraud-prevention purposes.
  • Sharing: We do not sell your Google user data. We share it only with our service providers to operate the Services or as required by law.
  • Revocation: You can revoke Cobnect’s access at any time in your Google Account permissions and by contacting info@cobnect.com to disconnect or delete your Cobnect account.
  • Sensitive scopes: If Cobnect ever requests sensitive Google scopes (e.g., Gmail, Drive, Calendar), we will (i) seek your explicit consent, (ii) use such data only to provide or improve user-facing features, (iii) comply with Google’s User Data Policy (Limited Use), (iv) prohibit selling or serving ads based on such data, and (v) limit human access except as permitted (e.g., security, abuse, legal).
  • Use Limitations & Deletion Rights: We do not sell Google user data, do not use it for advertising, and limit human access to the narrow cases permitted by Google’s User Data Policy (e.g., security, abuse, legal). We use Google profile/email only to authenticate and personalize your account. You can delete your account anytime at Settings.

9) De-identified and aggregated information

We may de-identify or aggregate information for analytics, research, and product development. We take measures to prevent re-identification and do not attempt to re-identify individuals. Where required by law (e.g., Québec), we will not re-identify or use de-identified information in a manner that would re-identify an individual.

10) Cookies and similar technologies

We use:

  • Necessary cookies for login, security, and core functionality;
  • Analytics cookies to understand usage and improve features;
  • Marketing cookies to understand user interests and deliver relevant content, promotions, and advertisements that better match your needs.

In most provinces (under PIPEDA and similar laws), non-essential cookies (analytics and marketing) may be set based on implied consent, provided we explain their use and give you an option to opt out. In Québec, under Law 25, non-essential cookies are disabled by default and will only be activated after you provide explicit consent through our cookie banner. You can withdraw consent at any time through “Cookie Settings”. You can manage cookies via your browser and, where available, our cookie settings tool. Some features may not function without certain cookies.

11) Data residency, transfers, and accountability

  • Canada-based hosting:  Cobnect stores and processes personal information in Canada-based data centres. Backups and disaster-recovery replicas are also maintained in Canada.
  • Cross-border access (if needed): If limited support access from outside Canada is required or if a provider processes data outside Canada, Cobnect remains accountable and will implement contractual, technical, and organizational safeguards.
  • Québec transfers. Before communicating personal information outside Québec, Cobnect conducts a transfer assessment and implements measures required by Law 25.

12) Security

We employ safeguards appropriate to the sensitivity of the information, including encryption in transit and at rest where feasible, role-based access controls, multi-factor authentication for administrative systems, network monitoring and logging, vulnerability management, personnel training, vendor due-diligence, and incident response procedures. No method of transmission or storage is absolutely secure; Cobnect strives to prevent loss, theft, misuse, and unauthorized access.

13) Marketing and your choices

We send commercial electronic messages only with consent (express or implied) and include identification details and a functional unsubscribe. You can:

  • Unsubscribe from Cobnect marketing at any time using the link in our emails;
  • Opt out of partner marketing (municipalities/utilities/programs) by contacting info@cobnect.com;
  • Manage cookies to control analytics/marketing technologies.

Withdrawing consent does not affect service or transactional notices.

We maintain records of marketing consents and unsubscribe requests in accordance with CASL.

14) Automated decision-making and profiling

Cobnect uses algorithms and statistical/AI models to generate informational outputs (e.g., energy scores, heat loss area, comfort sustainability indicators) and to help flag potential upgrade areas or incentives. These outputs are not, by themselves, determinative of legal or financial rights.

We will inform you at or before any decision made exclusively through automated processing that produces effects concerning you. On request, we will provide an explanation of the principal factors and parameters relied upon and how to correct information or contest the decision. Where applicable law provides additional rights (e.g., Québec), we will comply, including by enabling human review on request.

15) Access, correction, and other rights

Subject to limited exceptions, you have the right to:

  • Access your personal information and obtain information about how it has been used and disclosed;
  • Request corrections to incomplete or inaccurate information;
  • Withdraw consent to further collection, use, or disclosure (we will explain any implications);
  • Request source information for data originating from third parties, where feasible and lawful;
  • Request explanations for decisions made exclusively by automated processing that significantly affect you and seek human review where provided by law.
  • Delete your account and associated personal information. We will delete it unless we are required to retain certain records for legal, tax, accounting, fraud-prevention, or dispute-resolution purposes.

Requests should be directed to info@cobnect.com. Cobnect will respond within applicable statutory timelines (generally 30 days, with permitted extensions).

16) Retention

We retain Personal Information only as long as needed for the purposes described in this Policy or as required by law. Unless a longer period is required for legal, tax, accounting, fraud-prevention, or dispute-resolution purposes (or due to a legal hold), our standard retention periods are: (a) account, profile, and property data: account life and up to 24 months after closure or last activity; (b) communications and support records: 24 months; (c) transaction and billing records: 7 years; (d) web logs and analytics: 12–24 months (shorter for analytics, longer for security). When the original purposes have been achieved, we destroy the data or anonymize it in accordance with applicable law; anonymized (irreversibly non-identifiable) data may be retained without a fixed limit for research and statistical purposes.

17) Breach response and notification

Cobnect maintains incident-response procedures and keeps records of all security incidents.

  • Under PIPEDA, Cobnect reports to the federal privacy regulator and notifies affected individuals if a breach of security safeguards creates a real risk of significant harm, and it keeps required records.
  • Under Alberta PIPA, Cobnect notifies the Alberta regulator without unreasonable delay where there is a real risk of significant harm; the regulator may require notice to individuals.
  • Where other provincial requirements apply (e.g., Québec), Cobnect will comply with incident reporting and notification obligations.

18) Children’s privacy

The Services are not directed to children. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If we become aware that a child has provided personal information, we will delete it.

19) Third-party links and external services

The Services may link to third-party websites or applications. Those services are governed by their own privacy policies. Where you connect a third-party account or data source, Cobnect will explain the requested access and will use the data only as authorized and consistent with this Policy.

20) Changes to this Policy

We may update this Policy to reflect changes in our practices or legal requirements. The updated Policy will be posted with a new effective date. Where required, we will provide notice or seek renewed consent.

21) Complaints

If you have a question or concern about our privacy practices, contact info@cobnect.com. If your concern is not resolved, you may contact the Office of the Privacy Commissioner of Canada or, where applicable, your provincial privacy regulator.