Grizzly Asset Holdings Inc.

Privacy Policy

Effective date: 2026-04-14 Contact: support@grizzlyassetholdings.com

This Privacy Policy explains how GrizzlyRadar handles account, payment, referral, uploaded lease, AI-output, and security-related information, with a PIPEDA-aligned tone and practical specificity.

24-hour document deletion

Uploaded lease files and generated report artifacts are deleted within 24 hours, while certain account, payment, refund, and security records may be kept longer when needed.

Payments and providers

Stripe processes payments, and transactional or service email is handled by the configured delivery provider. Infrastructure providers may also process data needed to run GrizzlyRadar.

Privacy requests

For access, correction, or deletion requests, contact support@grizzlyassetholdings.com. We may need to verify identity and may retain limited records where law or legitimate business needs require it.

Section 1

1. Overview

This Privacy Policy explains how Grizzly Asset Holdings Inc. collects, uses, discloses, stores, and deletes personal information in connection with GrizzlyRadar and LeaseProtect.

It is written to reflect the actual operation of the service, including account creation, verified-email checkout, payment processing, uploaded lease analysis, AI-generated outputs, refund workflows, referral tracking, Mortgage Entry Engine intake, partner portals, attribution tracking, broker handoff, booking CTA tracking, partner dashboards, campaign analytics, and short retention windows for lease files and report artifacts.

Section 2

2. Personal Information We Collect

Depending on how you use GrizzlyRadar, we may collect personal information that you provide directly, information generated through your use of the service, and limited information received from service providers involved in operating the platform.

  • Account details such as full name, email address, password hash, account status, and email verification state.
  • Policy acceptance records, including terms version, privacy version, acceptance time, IP address, and user agent.
  • Support, refund, and account-management information you submit through the service or by email.
  • Uploaded lease files, extracted lease text, generated report artifacts, and related analysis metadata.
  • Mortgage intake data such as mortgage goal, payment assumptions, income and debt figures, property and refinance context, document readiness signals, route labels, Mortgage Entry Score, Document Readiness Score, primary blockers, missing document summaries, and broker-ready summaries.
  • Broker handoff contact data such as name, email, phone, province, selected partner, consent status, and consent timestamp when you submit a consented handoff request.
  • Partner and campaign attribution such as partner key, campaign slug, source, medium, landing page, anonymous session id, consent state, and first-party tracking events.
  • Booking CTA click records used to understand whether a consented lead clicked through to a partner booking link.
  • Payment and entitlement records associated with purchases and account ownership.
  • Referral information, device/session information, and operational security logs.
  • Approximate country, region/province/state, and optional city derived from request-time IP metadata where a coarse geolocation provider is configured. We do not collect exact GPS coordinates or precise addresses for this purpose.

Mortgage Intake, Partner Attribution, and Broker Handoff

The Mortgage Entry Engine may preserve essential first-party partner and campaign routing so the correct partner-branded flow, dashboard, and handoff context can work. This routing can include partner slug, partner key, campaign slug, source, medium, landing path, and an anonymous session id.

Before explicit broker handoff consent, GrizzlyRadar is designed to track only anonymous session, campaign, and funnel events for mortgage analytics where permitted by your tracking preferences. These analytics events are not intended to contain borrower contact details.

When analytics is permitted and a coarse geolocation provider is configured, those anonymous events may include approximate country, region/province/state, and optional city for attribution and aggregate performance review.

If you submit a broker handoff form and provide the required consent, GrizzlyRadar may attach attribution to the resulting lead and share the lead information with the selected or attributed broker partner so that a licensed mortgage professional can follow up.

Partner dashboards are designed so partners can access only their own leads. Admin users may review partner, campaign, funnel, and attribution records to operate the platform, support partners, prevent misuse, and understand aggregate performance.

Section 3

3. How We Use Information

We use personal information to operate, secure, maintain, and improve GrizzlyRadar. That includes authenticating users, protecting accounts, verifying purchases, generating outputs, managing report access, administering referrals, handling refunds, responding to support requests, preventing misuse, and meeting legal, accounting, and operational obligations.

We may also use contact information to send transactional and service-related messages, such as verification emails, purchase confirmations, account notices, deletion workflow notices, and support responses. If you opt in, we may also send product updates and service emails.

Section 5

5. Account and Authentication Data

When you create or use an account, we process authentication and security information such as login sessions, password reset events, email verification tokens, IP addresses, device or browser user-agent data, and rate-limit or abuse-prevention records.

For account security and fraud prevention, GrizzlyRadar may store approximate signup country, region/province/state, and optional city derived from request-time IP metadata if a coarse geolocation provider is configured. These values are labelled approximate and are not exact location, coordinates, Wi-Fi location, or email-to-location enrichment.

Verified email is required before checkout so the service can connect purchases and entitlement recovery to the correct account.

Section 6

6. Uploaded Lease and Report Data

When you upload a lease or generate a report, we process the lease file, extracted text, derived analysis fields, generated outputs, and related operational metadata needed to deliver the service.

Uploaded lease files and generated report artifacts are deleted within 24 hours. This short retention rule is part of the product design. Some related account, entitlement, refund, and operational records may remain after that deletion window because they are needed to maintain account history, auditability, security, or legal compliance.

Section 7

7. Payment and Transaction Data

Payment processing is handled by Stripe. We do not store full payment card numbers in the GrizzlyRadar application database.

We do store transaction-related information needed to confirm purchases, deliver entitlements, investigate payment issues, evaluate refunds, and maintain accounting and operational records. That may include Stripe customer identifiers, checkout session identifiers, payment intent identifiers, product type, price, currency, entitlement status, and refund workflow data.

Section 8

8. Referral Data

If you use or share referral links or codes, we may collect referral codes, anonymous session linkage, attribution records, and related purchase or entitlement data so that the referral system can operate and abuse can be reviewed.

Section 9

9. Cookies and Session Handling

GrizzlyRadar uses cookies or similar session technologies to maintain login state, CSRF protection, basic account security, and continuity across requests. We may also store limited local state needed to support product workflows, such as temporary browsing context or interface state.

Essential cookies and sessions support account security, form protection, referral continuity, mortgage partner routing, campaign attribution needed for partner-branded flows, and consent preference storage.

Anonymous analytics events may be used to understand visits, mortgage goal selections, intake starts, intake completions, result views, consented handoffs, booking CTA clicks, dashboard views, and lead status movement when permitted by your tracking preference.

If analytics is allowed and a coarse geolocation provider is configured, anonymous analytics may include approximate country, region/province/state, and optional city for security, fraud prevention, attribution, and aggregate analytics. GrizzlyRadar does not collect exact location or coordinates for this purpose.

Marketing or retargeting cookies or pixels are not intended to run unless marketing consent is granted. You can accept, reject, or manage preferences through the privacy preferences control.

Section 10

10. Retention and Deletion

We retain personal information only for as long as reasonably necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Lease files and generated report artifacts are deleted within 24 hours. Account deletion requests trigger a delayed purge workflow for account-linked private data. Some financial, entitlement, fraud-prevention, policy acceptance, security, or other operational records may be retained longer where required by law or where reasonably necessary for legitimate business purposes such as dispute handling, auditability, or enforcing our terms.

Section 11

11. Safeguards and Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, disclosure, alteration, and loss. This includes access controls, session controls, and encrypted storage for sensitive artifacts where applicable within the system architecture.

No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

Section 12

12. Third-Party Processors

We use service providers to help operate GrizzlyRadar. Current processors and service-provider categories may include Stripe for payment processing, the configured email delivery provider for transactional and service email, and infrastructure or storage providers used to host and run the service.

Mortgage lead notifications may be sent through configured email delivery providers such as Postmark or a similar transactional email provider. Those notifications are used to operate the consented handoff workflow and should not be treated as marketing consent.

Broker partners receive borrower information only through consent-based handoff or other authorized workflows. We may share aggregate or de-identified partner and campaign performance analytics that do not identify individual borrowers.

We expect service providers to process information on our behalf for authorized business purposes, subject to contractual and operational controls we consider appropriate in the circumstances.

We do not sell personal information.

Section 13

13. Cross-Border Processing

Depending on the location of GrizzlyRadar, Stripe, email providers, hosting providers, or other service providers, your information may be processed or stored outside your province, territory, or country.

When information is processed in another jurisdiction, it may be subject to the laws of that jurisdiction and may be accessible to courts, regulators, or law-enforcement authorities in accordance with applicable law.

Section 14

14. Access, Correction, and Deletion Rights

Subject to applicable law, you may request access to personal information we hold about you, ask us to correct inaccurate information, or request deletion of certain account-linked information.

We may need to verify your identity before acting on a request. We may also retain information that we are legally required to keep or reasonably need for legitimate business purposes such as fraud prevention, financial recordkeeping, or dispute resolution.

Section 15

15. Changes to Policy

We may update this Privacy Policy from time to time to reflect changes in the service, legal requirements, or operational practices. The updated Policy will take effect when posted unless we state a later effective date.

Section 16

16. Contact Information

For privacy questions, access requests, correction requests, or deletion requests, contact Grizzly Asset Holdings Inc. at support@grizzlyassetholdings.com.