Privacy Policy
Last Updated: June 29, 2026
Reede Systems Inc.("Reede", "we", "us", or "our") operates the Reede service from British Columbia, Canada. This policy describes the personal information we collect from users of the service, how we use it, who we share it with, where it is stored, how long we keep it, and the rights you have over it under Canadian privacy law.
Reede is a legal-workflow platform for paralegals and lawyers. It provides guided workflows for legal matters, record and document management, document generation, and in-app document signing. Corporate workflows are live today — including minute book review, entity records (directors, officers, shareholdings, Transparency Register, annual filings), and document generation — with more practice areas rolling out. This policy applies across the full service.
1. Who we are
Reede is operated by Reede Systems Inc., a corporation incorporated in British Columbia, Canada on May 21, 2026.
You can contact us about this policy or about your personal information at privacy@reede.ca.
2. What this policy covers
This policy explains:
- What personal information we collect when you use Reede;
- Why we collect it and how we use it;
- Who we share it with and why;
- Where it is stored;
- How long we keep it;
- How we protect it;
- The rights you have over it under Canadian privacy law.
This policy applies to the Reede website at reede.ca and the Reede service accessed through it. It does not apply to third-party services we link to, which have their own privacy policies. This policy applies to information collected from individuals in Canada. Reede is currently available only to users in Canada.
3. What we collect
We collect the following categories of personal information:
a. Account information
- Your email address (used to log in and receive service communications)
- A password, stored only in hashed form by our authentication provider — we never see, store, or have access to your actual password
- The name of your firm or company
- The date and time your account was created
b. Content you upload
When you use Reede on a matter, you upload documents and files — for example a minute book, a contract, an instruction letter, a will, or a registry document. These uploads often contain personal information about the individuals named in them — clients, directors, officers, shareholders, beneficiaries, and other parties to the matter.
For each upload, we collect the file itself, the original filename, the file size, and the MIME type.
A document uploaded for a one-time review (such as a minute book review) is deleted from our systems shortly after we generate your report unless you choose to save the matter or entity to your account for ongoing management. See Section 7 (How long we keep your information).
c. Reports and entity records
When Reede produces a report from a document you upload, we store the structured report, the timestamp it was generated, and a link to your user account.
If you save a review as an "entity" in Reede or create one manually, we store the structured corporate facts you (or AI extraction) enter or confirm: entity identification, registered and records office addresses, directors and officers, share classes and shareholdings, significant individuals (Transparency Register entries under Part 4.1 of the Business Corporations Act (BC)) — which contain sensitive information including residential address, date of birth, citizenship, and tax residency — free-form notes, and annual filing records.
d. Documents and signatures
You may upload additional documents to an entity's minute book (PDF, DOCX, XLSX, JPG, or PNG, up to 50 MB). For each we store the file, the category, filename, size, MIME type, and upload timestamp.
Documents generated by Reede (cover letters, invoices, registers) are stored as PDFs alongside a SHA-256 hash for tamper-evidence and the input parameters used to generate them. When a document is signed, we store the signature image (PNG), the signer's name at signing, the signer's user ID (if a Reede user), the method (typed, drawn, or uploaded), the date and time, the IP address, SHA-256 hashes of the unsigned and signed PDF for tamper-evidence, and the signed PDF itself.
e. AI features (assistant, Ask Reede, drafting, and extraction)
Reede uses AI to assist your work: the Reede assistant (where you describe a task in chat), Ask Reede (research questions), document drafting (such as resolutions, cover letters, and invoices), and extraction of structured facts from documents you upload. When you use any of these features, the relevant content — your typed request or question, the document or the matter/entity context it concerns, and a prompt instructing the AI — is sent to our AI service provider (see Section 5). AI output is a draft returned to you for review, and inputs and outputs are not used to train AI models (see Section 5).
f. Activity logs
We keep an append-only audit log of significant actions: user ID, timestamp, action type, IP address, and file metadata (filename, size — never file contents).
g. Billing information
If you subscribe to a paid plan we store your Stripe customer ID, subscription status, and plan tier. We do not collect, see, or store your credit card or banking information— payment details are entered directly into Stripe's hosted checkout.
h. Server logs
Our hosting provider keeps standard server access logs (records of requests made to our servers). These logs are retained for approximately 30 days and used solely for security monitoring and troubleshooting. They do not contain the contents of your uploads or reports.
i. Pre-launch interest leads
If you submit your email through one of Reede's pre-launch landing pages, we store the email, optional name and firm, role, and an IP address and user agent string for spam prevention. We use this information solely to follow up about the relevant product. Leads are not added to any general marketing list.
j. The Reede Room (practice resources) and Ask Reede
The Reede Room is a subscription library of practice resources (precedents, guides, and checklists). The resources are Reede's own content; browsing or downloading them does not involve sharing your matter or client data with us. If you submit a request for a resource you can't find, we store the text of your request and your account details so we can respond and, where appropriate, prepare and publish the resource. When you use Ask Reede to ask a practice question, the text of your question is stored on your account and sent to our AI provider (see Section 5) to generate an answer — so please do not include client-confidential details in a question.
k. What we do NOT collect
We deliberately do not collect analytics data, marketing or advertising tracking pixels, third-party cookies, phone numbers, physical addresses, or information about you from external sources.
4. How we use your information
We use the information we collect for these purposes only:
- To provide the service: processing the documents you upload, running your matter workflows, generating your documents and reports, delivering them to you, and storing them for your future reference
- To operate your account: authentication, account management, and service communication
- To bill you: processing subscriptions through Stripe
- To meet our security obligations: maintaining the audit log, monitoring for abuse, responding to incidents
- To comply with legal obligations: if we receive a valid legal order requiring disclosure
- To improve the service: in aggregated, anonymized form only — never using identifiable personal information from your uploads
We do not use your documents, records, or reports to train AI models. See Section 5 for the contractual posture governing our AI service provider.
We do not sell your personal information. We do not share it for advertising purposes.
5. Third-party service providers
Reede uses a small number of carefully selected service providers to deliver the service. We share personal information with these providers only to the extent necessary for them to perform their function. Each is bound by contract to handle your information in accordance with applicable privacy laws.
| Service provider | Role | What they receive |
|---|---|---|
| Anthropic, PBC (United States) | AI processing | The content you send to Reede's AI features — your typed requests and questions to the Reede assistant and Ask Reede, the documents you submit for analysis, drafting, or extraction, and the related matter/entity context — together with the prompt instructing how to process them. Reede accesses Anthropic's API under Anthropic's Commercial Terms, which prohibit Anthropic from using customer inputs or outputs to train models. Anthropic retains API inputs and outputs for up to 30 days for trust and safety purposes, after which they are deleted. |
| Supabase (Montreal, Canada) | Authentication, database, file storage | Your account information, uploaded files (until deletion), generated reports, audit logs. |
| Stripe (US/Canada) | Payment processing | Your billing information and payment details (entered directly into Stripe). We do not see card numbers. |
| Vercel (US, Canadian edge regions) | Frontend hosting | Standard server access logs (no upload contents). |
Amazon Web Services (Montreal, Canada — ca-central-1) | Transactional email delivery (SES) | Outbound email addresses and message contents for service emails (signing links, password resets, etc.). |
| Groq, Inc. (United States) | Voice-to-text transcription | Short audio clips you record using the optional voice-input button in the Reede chat, sent to be transcribed to text. Audio is sent only when you use voice input; Reede does not store it. |
A current and authoritative list is maintained at reede.ca/subprocessors.
Cross-border data transfer:AI processing of the content you submit happens on servers operated by Anthropic in the United States; payment processing involves Stripe infrastructure in the United States and Canada; and application hosting and server logs run on Vercel in the United States. By using Reede, you consent to these transfers. Personal information sent outside Canada is subject to the laws of the country where it is processed, and while there it may be accessed by the courts, law enforcement, and national-security authorities of that country in accordance with their laws. We limit this exposure by contract: our agreement with Anthropic includes a Data Processing Addendum incorporating the European Commission's Standard Contractual Clauses, and our providers are bound to protect personal information to a standard comparable to that required under Canadian law.
The parts of the service Reede directly controls — account data, uploaded files, reports, audit logs, and transactional email — are held with vetted infrastructure providers. Where each provider stores and processes data is described in the Subprocessor List and may change as our infrastructure evolves; we do not guarantee storage in any particular country or region.
Other disclosure: We will disclose personal information without your consent only if required by law or to protect the rights, property, or safety of Reede, our users, or others. If we receive a legally binding demand (such as a subpoena, warrant, or court order) for personal information we hold on your behalf, we will notify the affected user or firm before disclosing it where we are legally permitted to do so, so you have an opportunity to respond.
6. Where your information is stored
Where your information is stored depends on our infrastructure providers and the regions they are configured to use, which may change over time. We do not guarantee that your data is stored in any particular country or region.
Under our current configuration: account information, uploaded files, generated reports, entity records, generated documents, signed PDFs, audit logs, and outbound transactional email metadata are stored with providers in Canada (Montreal, ca-central-1); content sent for AI processing is handled by Anthropic in the United States (retained by Anthropic for up to 30 days for trust and safety, then deleted, and never used to train models); payment information is held by Stripe (United States / Canada); and application hosting and server access logs run on Vercel (United States, with global edge). The current, authoritative list is the Subprocessor List.
7. How long we keep your information
- Uploaded documents (one-time review path): automatically deleted shortly after report generation, in any case within 24 hours, unless you save the matter or entity to your account.
- Entity records and entity-document uploads: retained while the entity remains in your account. You may delete any record or document at any time.
- Generated documents and signatures: retained for as long as the underlying entity remains in your account. Once signed, the audit row cannot be modified.
- Signing links sent to clients/signers: per-document sign-off links expire 14 days after issuance; client-signing links for an annual or transaction matter expire 60 days after issuance. All are single-use; expired or consumed links are retained alongside the document for audit completeness.
- Pre-launch interest leads: retained until we contact you about the relevant product, or for 24 months, whichever comes first.
- Generated reports: kept indefinitely on your behalf. You may request deletion at any time using the details in Section 13.
- Account information: retained while your account is active. You may request deletion at any time using the details in Section 13.
- Audit logs: 12 months.
- Server logs: approximately 30 days.
- Billing records: 7 years from the date of the transaction, per Canadian tax record-keeping requirements.
8. How we protect your information
- Encryption in transit: TLS 1.2 or higher.
- Encryption at rest: AES-256 by our hosting provider.
- Authentication: verified email address and password.
- Two-factor authentication (2FA): available on your account (authenticator app), with recovery codes.
- Access controls: access is enforced on every request, with row-level security enabled at the database as an additional layer; internal access by Reede personnel is limited and logged.
- Audit logging: all significant actions recorded.
- Server-side validation: uploads validated server-side before processing.
- Source-file deletion: uploaded PDFs deleted shortly after processing.
- Vendor due diligence: service providers selected for security posture and bound by contract.
If we become aware of a security incident affecting your personal information that creates a real risk of significant harm, we will notify you and the Office of the Privacy Commissioner of Canada without unreasonable delay, in accordance with PIPEDA's breach notification requirements. We keep a record of every breach of security safeguards for at least 24 months, as those regulations require.
9. Your rights
Under PIPEDA and applicable provincial privacy legislation (including British Columbia's Personal Information Protection Act), you have the right to:
- Access the personal information we hold about you
- Correct information that is inaccurate or incomplete
- Withdraw your consent to our processing, subject to legal and contractual restrictions and reasonable notice
- Delete your account and all associated personal information
- Lodge a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or your provincial privacy regulator (for example, if you are a BC resident, the Office of the Information and Privacy Commissioner for BC, oipc.bc.ca)
To exercise any of these rights, contact us using the details in Section 13. We will respond to verified requests within 30 days; if a request is complex we may extend that by up to a further 30 days and will tell you why. Access is provided at no charge for standard access or correction requests, normally in a commonly used electronic format.
How we obtain and rely on consent. You consent to the collection, use, and disclosure described in this policy when you accept our Terms of Service and use the service. You may withdraw your consent at any time, subject to legal and contractual restrictions and reasonable notice — but because the service depends on processing this information, withdrawing consent may mean we can no longer provide some or all of Reede to you. If we ever intend to use your personal information for a materially new purpose, we will describe it and obtain your consent before doing so.
10. Cookies
Reede uses only essential, first-party cookies required for authentication. We do not use third-party cookies, marketing tracking, or analytics. Because we use only strictly necessary cookies, no cookie consent banner is required under Canadian privacy law.
11. Intended audience
Reede is a professional tool intended for paralegals, lawyers, and other legal professionals. The Reede Terms of Service require users to be at least 18 years of age. We do not knowingly collect personal information from individuals under 18.
12. Changes to this policy
We may update this policy from time to time. The "Last Updated" date at the top of this policy will indicate when it was last changed. For material changes, we will notify users by email and through a notice in the service before the change takes effect.
13. Contact our Privacy Officer
Reede Systems Inc. has designated a Privacy Officer, as required by Principle 4.1 of Schedule 1 to the Personal Information Protection and Electronic Documents Act (PIPEDA). For any questions about how we handle your personal information, to exercise your rights of access or correction (see Section 9), or to file a complaint, contact:
Privacy Officer
Reede Systems Inc.
Email: privacy@reede.ca
We will respond to all privacy-related requests within 30 days as required by PIPEDA. If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca).