Is this legal advice?

No — ComplainAI is a letter writing tool. We generate templates based on the relevant consumer protection laws for your jurisdiction. We are not lawyers and this is not legal advice.

Does it work in Canada?

Yes — we cover all provinces and territories with their specific consumer protection laws, from the Ontario Consumer Protection Act to the BC Business Practices and Consumer Protection Act.

What if the company ignores it?

You can escalate with our "Final Warning" tone which references small claims court options, regulatory agencies, and ombudsman offices specific to your jurisdiction.

How is this different from ChatGPT?

We know exactly which laws apply to your situation, province/state, and complaint category. ChatGPT gives generic advice. Our letters cite the specific consumer protection acts and regulatory bodies for your jurisdiction.

Privacy Policy — ComplainAI

Summary

We collect only what we need to generate your complaint letter and process payment.
We do not sell your data to third parties. Ever.
Your complaint details are stored in our database and used only to generate and retrieve your letters.
You can request deletion of your account and data at any time.

1. Who we are

ComplainAI (“we”, “us”, “our”) operates the website complainai.ca and the ComplainAI service. We help travellers generate professional complaint letters. For privacy inquiries, contact us at privacy@complainai.ca.

2. Information we collect

2.1 Account information

When you create an account, we collect:

Email address (required for login and payment receipts)
Full name (optional, used to personalize your letters)
Password (hashed — we never store it in plain text)

2.2 Complaint details

To generate your letter, you provide:

Complaint category (e.g., flight delay, hotel overcharge)
Company name
Jurisdiction (country and province/state)
Description of what happened and your desired outcome
Flight number, booking reference, incident date, and amount (if applicable)
Any documents you optionally upload for context

This information is stored in our database and used to generate and store your letter. We do not share it with third parties other than as described in Section 5.

2.3 Payment information

Payments are processed by Stripe. We do not store your credit card number, CVV, or banking details. We only receive a payment confirmation token and your Stripe customer ID to associate payments with your account.

2.4 Usage data

We automatically collect basic usage data including: IP address, browser type, pages visited, and the time of your visit. This is used for security monitoring and improving the service.

2.5 Cookies

We use essential cookies required for authentication (session cookies) and to remember your preferences. We do not use advertising cookies or sell cookie data to third parties.

3. How we use your information

We use your information to:

Generate and store your complaint letters
Process payments and maintain your subscription or credit balance
Send you transactional emails (payment receipts, password resets)
Improve the accuracy and legal quality of our AI letter generation
Detect fraud and maintain the security of our service
Comply with legal obligations

We do not use your complaint details for advertising, sell your data to data brokers, or share it with the companies you are complaining about.

4. Legal basis for processing (GDPR)

For users in the European Economic Area (EEA) and the United Kingdom, our legal bases for processing are:

Contract performance: To provide the letter generation service you signed up for.
Legitimate interests: To improve service quality, maintain security, and prevent fraud.
Legal obligation: To comply with applicable laws and regulations.
Consent: For any optional communications (e.g., newsletters), where we will always give you the option to opt out.

5. Data sharing

We share your data only with:

Supabase — our database and authentication provider. Your data is stored in Supabase's infrastructure. Supabase is SOC 2 Type 2 certified.
Stripe — our payment processor. Stripe handles all payment data and is PCI DSS Level 1 compliant.
Anthropic — our AI provider. The complaint details you enter are sent to Anthropic's Claude API to generate your letter. Anthropic does not use your data to train its models under our API agreement. See Anthropic's privacy policy at anthropic.com/privacy.
Vercel — our hosting provider. Vercel processes web requests and may temporarily handle your data in transit. Vercel is ISO 27001 certified.

We do not sell, rent, or trade your personal information with any other third parties.

6. Data retention

Account data is retained for the duration of your account and for up to 2 years after deletion (for fraud prevention and legal compliance).
Generated letters are stored so you can access them from your dashboard. You can delete individual letters at any time from your account.
Payment records are retained for 7 years to comply with tax and accounting regulations.

7. Your rights

Depending on your jurisdiction, you may have the right to:

Access — request a copy of the personal data we hold about you
Correction — request correction of inaccurate data
Deletion — request deletion of your account and associated data
Portability — receive your data in a machine-readable format
Objection — object to processing based on legitimate interests
Restriction — request restriction of processing in certain circumstances
Withdraw consent — for any processing based on consent

To exercise any of these rights, email us at privacy@complainai.ca. We will respond within 30 days. Canadian users may also contact the Office of the Privacy Commissioner of Canada (OPC) with complaints. EU/UK users may contact their national supervisory authority.

8. Security

We implement industry-standard security measures including:

TLS encryption for all data in transit
Encrypted storage for all data at rest
Row-level security in our database (users can only access their own letters)
Hashed and salted passwords (we never store passwords in plain text)

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to security@complainai.ca.

9. PIPEDA compliance (Canada)

ComplainAI complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). Canadian users have the right to access, correct, and request deletion of their personal information at any time. Contact us at privacy@complainai.ca to exercise these rights. Unresolved complaints may be referred to the Office of the Privacy Commissioner of Canada.

10. International transfers

ComplainAI is operated from Canada. Our service providers (Supabase, Stripe, Anthropic, Vercel) may process your data in the United States or other countries. Where applicable, we rely on standard contractual clauses or adequacy decisions to ensure appropriate protection for transfers outside the EEA.

11. Children

ComplainAI is not directed at persons under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a minor, contact us immediately at privacy@complainai.ca.

12. Changes to this policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or by displaying a notice on our website before the change takes effect. The “last updated” date at the top of this page indicates when the policy was last revised.

13. Contact

For questions, data requests, or privacy concerns, contact us at:

ComplainAI

Email: privacy@complainai.ca

Website: complainai.ca