Legal
Privacy Policy
Last updated on June 22, 2026
Welcome!
Welcome to BRDG. We hope that you will enjoy using our "Services", which include: (i) visiting our website at https://brdg.ca, including all subpages and subdomains, present and future (the "Website"); and (ii) the use of our Web-based application (our "Solution") which provides our users (each, a "User") with access to an AI-powered construction project optimization platform and agent. The Solution is available to Users of our enterprise customers and integrates with Users' project communications and management tools to facilitate and optimize construction-finance workflows.
BRDG takes your privacy and the security of personal data very seriously. We are providing this Privacy and Data Protection Policy (the "Policy") to tell you about who we are, what personal data we collect from you and about you, and what we do with your personal data, all while you use the Services or otherwise interact with us online. The Policy also explains your rights under applicable law, how you can contact us and the relevant authorities to enforce those rights. We ask that you please read it carefully.
Key Elements of this Policy
Here are the key elements of this Policy so that you can know the important parts right away to make an informed decision about your consent for our collection, use, and disclosure of your personal data. By submitting any personal data to us via any means, you consent to such collection, use, and disclosure. You can find the details in the rest of the Policy.
| Personal data we collect from you but only with your consent | What we do with it | Types of third parties we share it with |
|---|---|---|
| Contact Information | Respond to your inquiries and communicate with you | Companies that provide the technical infrastructure for the Website |
| User Account Information | Create and verify your account | Companies that provide the technical infrastructure for the Website and the Solution |
| Conversational Data (Inputs) and AI Outputs | Process inputs and generate, display, and review AI outputs to allow you to fully benefit from the Solution | Companies that process your inputs, uploaded documents, project records, retrieved context and related outputs to allow you to use the Solution |
Some Terms
Before we get started with the details, here are a few terms we think you should know as you read this Policy.
"Data Protection Laws" refers to the laws that are designed to protect your personal data and privacy in the place where you live. BRDG is committed to adhering to all Data Protection Laws that apply to its activities. BRDG currently makes the Services available initially in Canada and the United States, and references in this Policy to European Union, European Economic Area or United Kingdom laws apply only to the extent those laws become applicable to BRDG's activities. Depending on the jurisdiction you are in and the Services made available to you, Data Protection Laws may include:
- The "GDPR", the European Data Protection Law which stands for "General Data Protection Regulation", with the official name Regulation (EU) 2016/679 of the European Parliament and of the Council;
- The "UK GDPR" which applies to our activities in the United Kingdom; please note that when this Policy refers only to the "GDPR", this includes the UK GDPR, as applicable;
- "PIPEDA" (Personal Information Protection and Electronic Documents Act), which is the Canadian Data Protection Law that applies to our activities in Canada;
- Quebec's Act Respecting the Protection of Personal Information in the Private Sector (the "Quebec Privacy Act"), as amended by Law 25, that applies to our activities in Quebec;
- The "CCPA" (California Consumer Privacy Act), Cal. Civ. Code § 1798.100 (2018) et seq., as amended by the California Privacy Rights Act; and
- Any other state privacy laws in force in the United States, such as those which are currently in force in Colorado, Connecticut, and Virginia.
(in each case as amended, consolidated, re-enacted or replaced from time to time).
"Personal data" means any information that we collect from you or about you and that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identifiable individual. This may include simple information such as your name or your email, or more complex information, such as an online identifier that can be associated with you. Personal data may also include AI-generated outputs where those outputs contain, reproduce, summarize, derive or infer information relating to an identifiable individual. Accordingly, any reference in this Policy to "personal data" shall also be interpreted as referring to "personal information."
About Us & Contacting Us
BRDG Technology Solutions Inc. ("BRDG"), which owns and operates the Website and the Solution, is a Quebec corporation located in the province of Quebec, Canada. Where this Policy refers to "BRDG", it may refer to BRDG Technology Solutions Inc. and/or its affiliates, and their respective shareholders, officers, directors, employees, agents, partners, principals, representatives, successors and assigns (collectively, "Representatives"), depending on the context.
Where the GDPR applies, BRDG may be a "data controller", which means we collect personal data directly from you and determine the purpose and means of "processing" that data. In certain circumstances, BRDG may act as "data processor", for example when we get personal data from our enterprise customers and process it on their behalf.
If you have any questions about this Policy, our privacy and data practices, or if you wish to exercise any of your privacy rights, you may contact us at:
BRDG Privacy and Data Protection Officer
Email: info@brdg.ca
Mailing address: 154 St-Paul Est., Montreal QC, H2Y 1G6
Your Rights
You have certain rights regarding the personal data held by BRDG. Please note that not necessarily all of these rights may be available to you; this depends on where you are located and the Data Protection Laws that apply to you.
Your rights may include the following:
- The right to withdraw your consent for BRDG to process your personal data at any time;
- The right to have your personal data erased from BRDG's records;
- The right to have your name de-indexed from the Website or the Solution (where we have linked it to information about you);
- The right to access your personal data and to obtain information about how it is processed and used;
- The right to receive a copy of your personal data given to you in an easy-to-read format so that you can transfer it to another organization;
- The right to have your personal data corrected or updated if you believe it is inaccurate or out of date;
- The right to opt out of email marketing communications we send you, at any time;
- The right to know whether BRDG shares your personal data (and if so, who gets it);
- The right to demand that BRDG not sell your personal data. Please note that BRDG does not sell your personal data;
- The right to restrict the processing of your personal data if it is inaccurate or if our processing or use of it is against the law; and
- The right to object to the use of your personal data for marketing or advertising purposes.
Please note that if you request the deletion of your personal data, we will do so to the extent possible. BRDG reserves the right to retain certain data for a reasonable period of time in order to comply with certain legal obligations or for the purposes of any legal proceedings.
Limited Personal Data Collected from You and What We Use It For
BRDG limits the personal data we collect to what is necessary and appropriate for the identified purposes. We will not use or disclose your personal data for purposes other than those for which it was collected, except with your consent or as permitted or required by applicable law.
In the table below, please find all the categories of personal data we may collect from you directly, the purposes for which we use this data, and, where the GDPR applies, the legal basis for us having and processing this personal data. Under PIPEDA, the Quebec Privacy Act and the CCPA, the applicable legal basis is your informed consent.
| Location | Personal data category | Personal data processed | What we use it for | Legal basis (GDPR) |
|---|---|---|---|---|
| Website | Contact Information | Name, email address, phone number, company name, and role | 1. Respond to your inquiries for demo scheduling 2. Respond to general inquiries and communicate with you | Your consent in giving us this information |
| Solution | Account Information | Name, email address, phone number, company name, role, preferred language, password credentials/reset data, SSO provider identifiers, login profile data, account identifiers, encrypted refresh tokens, and IP addresses | 1. Creating and verifying your Solution account 2. Delivering and improving Services 3. Security, monitoring, and fraud prevention 4. Account management and authentication | Your consent in giving us this information |
| AI interaction and conversational data | Names, email addresses and other contact information of project participants; personal data contained in project records; data in uploaded documents; extracted text and metadata; usage and AI-interaction data linked to users including IP addresses, device and session information, logs, chat messages, prompts, AI outputs, and embeddings/search indexes | 1. Processing inputs and producing requested outputs 2. Project delivery, document/report generation, debugging, security, quality assurance, and performance improvement of the Solution | Your consent in giving us this information |
Personal Data Collected About You from Third Parties
We may obtain personal data about you from third parties, or third parties may collect it on our behalf and use it. These third parties include external sources authorized by you, project participants, connected storage accounts, email replies and inbound email providers, and integrated providers.
Under PIPEDA and the Quebec Privacy Act, the legal basis for our collection, use and disclosure of such personal data is your informed consent. None of this data is obtained from publicly available sources.
| Location | Personal data category | Who collects the personal data | What we do with it |
|---|---|---|---|
| Website | Contact information | Service providers for calendar scheduling, such as Google (through its Google Meet service) | To host and operate the Website and related Services, including hosting and storage, database management, authentication |
| Solution | Account information | Collected from SSO providers (Google, Microsoft), connected storage accounts, uploaded documents, inbound emails, and project participants through integrations. Third-party service providers for integrations such as QuickBooks (only when you expressly consent) | Used for authentication, document collection and synchronization, processing personal data in documents, reporting, collaboration, notifications, AI-assisted features, audit, and customer support |
| Inferred Personal Information in AI outputs from third-party AI model providers | Third-party AI model providers and AI-adjacent service providers used to process prompts, uploaded documents, project records, chat histories, retrieved context and related outputs | Used to generate, display, evaluate, audit and improve AI-assisted features; outputs may contain, reproduce, summarize, derive or infer personal data where the relevant prompts or context contain personal data | |
| Analytical identifiers and related information including IP address | BRDG collects or generates this data through the Solution; third-party AI model providers process inputs and context to return outputs | Provide us with analysis on how the Solution is used, generate statistics, improve Services |
Who We Transfer Your Personal Data To
We may share your personal data with third parties identified in the table below, along with what they do with it. Each type of third party identified below is under a contractual obligation not to (1) transfer or sell your personal data; or (2) use your personal data for any purpose other than the purpose identified in the table below.
We will share personal data with law enforcement authorities, regulators or other governmental bodies if: (1) we are required by applicable law in response to lawful requests; (2) we believe it is necessary to investigate, prevent, or take action regarding illegal activities or fraud; (3) we believe it is necessary to investigate situations involving abuse of the Website, the Solution infrastructure or the internet in general; or (4) we are required to do so under any applicable law.
We may also share personal data: (1) to a parent company, subsidiaries, joint ventures, or other companies under common control with BRDG for purposes consistent with this Policy; or (2) if BRDG merges with another entity, is subject to a reorganization, sells or transfers all or part of its business or shares.
We will not share your personal data with other third parties, except under these circumstances or as otherwise permitted under applicable Data Protection Laws. We do not sell or rent your personal data to any third party for direct marketing purposes or any other purpose.
| Location | Category of personal data | Types of third parties we share it with | What they do |
|---|---|---|---|
| Solution | Account information | Infrastructure and hosting providers, including Amazon Web Services (AWS) | To operate and improve the Platform, including hosting and infrastructure management, authentication and access control, document storage and processing |
| AI interaction and conversational data | Companies that process your inputs and produce requested outputs, such as AI foundational model providers including OpenAI, Anthropic (Claude), AWS Bedrock, Microsoft and Azure Document Intelligence. Third-party service providers for integrations, such as QuickBooks | Process your inputs, uploaded documents, project records, retrieved context and outputs to allow you to fully benefit from the Solution, and support debugging, security, quality assurance, internal evaluation, regression testing, AI safety, audit and performance improvement | |
| Analytical identifiers and related information including IP address | Companies providing data analytics for the Solution, specifically AWS | Provide us with analysis on how the Solution is used, generate statistics, improve Services |
Sensitive Personal Information
We do not intentionally collect any of what the Data Protection Laws consider sensitive personal information from you when you visit the Website or the Solution's platform page, unless you voluntarily submit it to us, which we encourage you not to do.
Limited Gathering of Information for Statistical, Analytical and Security Purposes
BRDG automatically collects certain limited information using the "Third-Party Analytics Program", to help us understand more about our Website visitors and Users and how they use the Website and the Solution, but none of this information identifies you personally, except via an alphanumeric string. For example, each time you visit the Website or use the Solution's platform page, we automatically collect your IP address, browser and computer or device type, access times, the web page from which you came, and the web page(s) or content you access.
We use information collected in this manner only to better understand your needs and the needs of Website visitors or Users in the aggregate. Your IP address and other relevant information we collect using the Third-Party Analytics Program may be used in order to trace any fraudulent or criminal activity.
Tracking Technology ("Cookies") and Related Technologies
BRDG uses tracking technologies, including "cookies" and similar technologies (such as tags, pixels and web beacons), on the Website and in connection with the Solution. Cookies are small text files placed on your computer or device when you visit a website or an application. Essential cookies and similar technologies may be used where necessary for session management, login, CSRF protection, security, language or preferences, OAuth/social login flows and core functionality. Non-essential cookies or trackers, such as analytics or marketing cookies, are not enabled by default and will be used only if enabled and, where required by applicable law, after you have provided consent through the cookie banner or cookie management tools presented to you.
Specifically, we use cookies and related technologies for the following functions:
- to authenticate your identity, maintain your session, ensure security (including fraud prevention), and enable access to the Solution and its core features;
- to provide general analytics and internal statistics on the usage of the Website and the Solution, conduct research to improve the content of the Website and the Solution, and monitor performance using the Third-Party Analytics Program, where such analytics cookies or trackers are enabled and consented to when required by applicable law; and
- to help detect, prevent, and investigate suspected fraudulent, unauthorized, or unlawful activity.
You can configure your browser to refuse cookies or to delete cookies after they have been stored. Instructions for managing cookies are typically available in your browser's help settings. Please note that disabling, refusing, or deleting cookies may affect your user experience with the Solution and may even prevent certain functions of the Solution from working at all.
How We Protect Your Personal Data & Manage Incidents
We have implemented strict technical and organizational measures to ensure that, by default, only personal data necessary for each specific processing purpose is processed. These measures are designed to protect your personal data from loss, or unauthorized access.
BRDG uses only industry best practices (in terms of equipment, electronics and procedures) in keeping any data collected (including personal data) secure. In addition, we use third-party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to operate the Website and the Solution. In particular, BRDG's infrastructure is hosted primarily on AWS, including services such as storage (S3), databases (RDS/PostgreSQL), caching (Redis/ElastiCache), application hosting (ECS/ALB), monitoring (CloudWatch), and email delivery (SES).
These safeguards include HTTPS/TLS in production to protect data in transit, authentication and account security controls, logical data segregation, encrypted storage for connected-account refresh tokens, and logging/monitoring, including planned audit trails for agent actions.
We also have procedures in place to deal with any suspected data security breach. BRDG maintains operational processes to identify, escalate, triage, and respond to suspected security incidents involving personal data. We will notify you and any applicable supervisory authority of a suspected data security breach where the Data Protection Laws require us to do so, and within the time frame required by the applicable Data Protection Law.
In addition, BRDG maintains and continues to develop internal procedures and governance practices relating to the management of personal data, including:
- A framework for the keeping and destruction of personal data, including where we may keep anonymized data;
- Defining and describing the roles and responsibilities of the members of BRDG's personnel throughout the life cycle of the personal data;
- A process for dealing with individual complaints and requests for personal data and exercising of an individual's rights under Data Protection Laws; and
- A management and IT policy and procedure for addressing potential data breach incidents involving personal data in the custody of BRDG.
Transfer of Your Personal Data Outside of the European Economic Area (EEA) and the U.K.
For our European users, we endeavour to keep the personal data of the Users or Website visitors inside the EEA or the U.K. (as applicable).
In those circumstances, due to the nature of our operations and reliance on third-party service providers that are located in other countries, your personal data may be transferred to and processed in jurisdictions outside the EEA or the U.K., including:
- Canada. We transfer personal data to our operations in Canada, but Canada has been determined to have an "adequate level of protection" for your personal data under European data protection law.
- The United States. Where the GDPR or UK GDPR applies, your personal data is transferred to companies in the United States that: (1) have signed agreements with us or have informed us that they are compliant with the GDPR standards; and (2) have concluded the Standard Contractual Clauses for the transfer of personal data outside the EEA and the U.K.
You have the right, however, to refuse to have your personal data transferred outside the EEA or the U.K. Please contact our Privacy and Data Protection Officer to make the request.
Transfer of Your Personal Data Outside of Quebec
For our Quebec Users and Website visitors, we endeavour to keep your personal data in Quebec. However, certain of our third-party service providers are in other provinces or countries where your personal data may be transferred. When this happens, we do the following to safeguard your personal data:
- We will perform what the Quebec Privacy Act calls an "Assessment of the privacy-related factors" (a "Privacy Impact Assessment," or "PIA") prior to the personal data leaving Quebec. If the PIA does not meet our standards and the standards required by the Quebec Privacy Act, we will not transfer your personal data to such a service provider; and
- If the PIA allows us to transfer the personal data to such a service provider outside Quebec, we will sign a "Data Processing Agreement," or DPA, with the service provider, which protects the personal data transferred to them and limits their use of it to what we have contracted with them to do. This DPA will adhere to the requirements of the Quebec Privacy Act.
Supervisory Authorities and Complaints
If you are in the EEA or the U.K. and the GDPR or UK GDPR applies to BRDG's processing of your personal data, you have the right to make a complaint to the appropriate supervisory authority. If you are not satisfied with the response received or the actions taken by our Privacy and Data Protection Officer, or if you would like to make a complaint directly about BRDG's data practices, we invite you to contact the supervisory authority in your country.
If you are in Canada and you are not satisfied with the response received or the actions taken by our Privacy and Data Protection Officer, you can make a complaint to the Office of the Privacy Commissioner of Canada. If you are in Quebec, you can make a complaint to the Commission d'accès à l'information.
Data Retention and Anonymization
Your personal data will only be kept for as long as it is necessary for the purpose needed for that processing. For example, we will retain your account information for as long as you have an account with us to access and use the Solution.
We may have to keep your data for a longer period of time to satisfy our requirements under any applicable law, including anti-spam laws, or to protect our legal interests. In some cases, where permitted by the Data Protection Laws, we may keep personal data that has been anonymized, for our legitimate business purposes.
Automated Decision-Making
BRDG does not use any fully automated decision-making processes with regard to your personal data in providing the Website or the Solution.
Artificial Intelligence & Agent
When you interact with the agent part of the Solution, the data you submit (such as prompts, messages, uploaded documents, project records, chat histories, retrieved context and related metadata), whether personal data or not, are processed by BRDG's systems and, where applicable, by third-party AI service providers (such as AWS, OpenAI, Anthropic (Claude), Microsoft Azure and Azure Document Intelligence) for the purpose of allowing you to fully use the Solution.
AI outputs may contain, reproduce, summarize, derive or infer personal data where your prompts, uploaded documents, project records, chat histories or retrieved context contain personal data. We do not use customer content submitted to and processed by our AI agent (inputs) or content generated by our AI agent (outputs) to train or fine-tune BRDG proprietary or foundation models, or to improve third-party providers' general models, unless you or the relevant enterprise customer expressly consents to or authorizes that use.
Our technical environments are designed to ensure strict logical separation of data between different enterprise customers. Inputs to and outputs from our AI agent relating to the use of the Solution by one enterprise customer are not accessible to, nor exploitable by, another enterprise customer.
Your employer (or client, when you act as an independent contractor) may, in its capacity as administrator of the Solution, have access to certain content you submit or generate within the Solution (including documents, communications, or activity logs), in accordance with applicable law and the relevant contractual arrangements.
As part of our privacy commitments, we retain activity logs relating to interactions with our AI agent (e.g., timestamps, user identifiers, session durations). These logs are not used to individually assess any Users for disciplinary purposes, performance evaluation, or any other automated decision-making producing legal or similarly significant effects.
Children's Privacy Statement
Our Services are only intended for persons who have reached the age of majority in their respective jurisdiction.
We do not knowingly collect any personal data from a person under the minimum ages required by Data Protection Laws. If we become aware that we have inadvertently received or collected personal data from a person under the minimum ages through the Website or the Solution, we will take appropriate steps to delete such information from our records.
Changes to This Privacy Policy
The date at the top of this page indicates when this Policy was last updated. Because Data Protection Laws are constantly evolving, every now and then we will have to update this Policy. You can always find the most updated version at this same URL. We will post a prominent notice on the Website and the Solution's platform page if we make significant changes to the Policy.
Thanks for reading! Please keep your personal data safe; we promise to do the same.
© (under license) Brdg Inc., 2026. All rights reserved.
