Privacy Policy
Last updated: July 23, 2025
This privacy policy describes how AppNFlat (operated by 15186170 Canada Inc.) (“we,” “us,” “our,” or “AppNFlat”) collects, uses, stores, and protects your personal information when you use our property management platform and related services (“Services”).
Table of Contents
- User Types and Information Categories
- Information We Collect
- How We Use Your Information
- Legal Basis for Processing
- Information Sharing
- Third-Party Service Providers
- Data Security
- Data Retention
- International Data Transfers
- Your Privacy Rights
- Cookies and Tracking Technologies
- Children’s Privacy
- Changes to This Policy
- Contact Information
Our Services serve two primary user types, each with different data processing needs:
1.1 Professional Users
Who they are: Property management professionals, building administrators, and syndicate managers who manage buildings and have administrative access.
Data they control: Professional Users act as data controllers for building-related information and may process personal information of building occupants. They are responsible for obtaining necessary consents and ensuring compliance with applicable privacy laws when handling resident data.
1.2 Resident Users
Who they are: Unit owners, tenants, and residents who access limited features related to their specific units or buildings.
Data access: Resident Users typically access Services through invitations from Professional Users and have limited account creation options. Their data access is controlled by the building’s Professional Users.
Important Note for Resident Users: Your access to the Services and your data may be affected if your building’s Professional User terminates their account or removes your access permissions.
For All Users:
- Name, email address, phone number
- Account credentials and authentication information
- Communication and message content within the platform
For Professional Users:
- Business and organization information
- Building management credentials and certifications
- Financial information for property management (condo fees, budgets, reserves)
- Banking details for payment processing and resident fee collection
- Comprehensive property details (units, common areas, facilities)
- Legal documents and building governance materials
- Resident and tenant information (as data controllers)
For Resident Users:
- Unit and occupancy information
- Personal contact preferences
- Maintenance requests and communications
- Personal account information as permitted by building administrators
- Payment information for personal fees and charges
Technical Information (All Users):
- IP address and approximate location
- Browser type, operating system, device information
- Usage patterns, features accessed, time spent
- Log files, error reports, and performance data
Platform Activity:
- Login times and access patterns
- Feature usage and interaction data
- Communication history within your building community
3.1 For Professional Users
Property Management Services:
- Comprehensive building administration and tenant management
- Financial management, reporting, and budget tracking
- Processing resident payments and managing accounts
- Maintenance coordination and vendor management
- Legal compliance and governance support
- Building communication and community management
Business Operations:
- Account management and administrative access
- Advanced reporting and analytics
- Integration with third-party property management tools
- Customer support and training services
3.2 For Resident Users
Resident Services:
- Access to building-specific information and communications
- Maintenance request submission and tracking
- Personal account and payment information access
- Participation in building community features (as enabled by administrators)
- Communication with building management and other residents
Limited Processing:
- Basic account management within permissions set by Professional Users
- Customer support for resident-specific issues
3.3 General Uses (All Users)
Service Improvement:
- Analyze usage patterns to enhance functionality
- Develop new features and improve user experience
- Provide customer support and technical assistance
Legal and Security:
- Comply with legal obligations and regulations
- Prevent fraud and ensure platform security
- Enforce our terms of service
4. Legal Basis for Processing
4.1 For Professional Users
- Contract Performance: To provide comprehensive property management services
- Legitimate Interests: To improve services, prevent fraud, ensure security, and support business operations
- Legal Obligations: To comply with property management, financial, tax, and regulatory requirements
- Consent: Where explicit consent is provided for specific processing activities
4.2 For Resident Users
- Contract Performance: To provide resident-focused services within your building community
- Legitimate Interests: To facilitate building community operations and communications (balanced against your privacy rights)
- Legal Obligations: To comply with applicable regulations
- Consent: Where explicit consent is provided, particularly for optional community features
Important: Much of the processing for Resident Users is controlled by your building’s Professional Users, who act as data controllers for building-related information.
We Never Sell Your Data. We may share your information only in these limited circumstances:
For Professional Users:
- Full access to building-related data necessary for property management
- Ability to share information with other authorized building administrators
- Access to resident information as data controllers
For Resident Users:
- Other residents and building administrators may see information relevant to building operations (e.g., unit owner names, contact details for building communications)
- Your building’s Professional Users have administrative access to your building-related information
- Information sharing is limited to what’s necessary for building community operations
5.2 Service Delivery and Legal Requirements
Service Providers: With third-party service providers who help us operate our platform (see Section 6)
Payment Processing: With payment processors for financial transactions
Legal Requirements:
- When required by law, court order, or government request
- To protect our rights, safety, or the rights and safety of others
- In connection with a business transfer or acquisition
6. Third-Party Service Providers
We work with these categories of service providers:
Primary Service Providers:
- Google Cloud Platform: Data hosting, cloud infrastructure and analytics
- Stripe: Payment processing and financial services
- Otonom Solution: Canadian banking integration for pre-authorized payments
- SendGrid (Twilio): Email delivery and communication services
- Cloudflare: Content delivery network and security services
Additional Service Categories:
- Error monitoring and application performance services
- Analytics providers (with anonymized data)
- Customer support and communication tools
- Security and fraud prevention services
For a complete list of all processors and subprocessors, contact us by one of the methods specified in Section 14.
7. Data Security
We implement industry-standard security measures appropriate for both user types:
Technical Safeguards:
- Encryption in transit and at rest
- Multi-factor authentication for Professional User accounts
- Regular security audits and vulnerability assessments
- Secure cloud infrastructure with role-based access controls
Enhanced Protection:
- Financial data receives additional encryption layers
- Access to sensitive information is logged and monitored
- Different security levels based on user type and data sensitivity
8. Data Retention
8.1 Professional Users
Active Accounts: For as long as your account remains active and as needed to provide comprehensive property management services
Closed Accounts:
- Building and property data: 7 years for legal compliance
- Financial records: 7 years for tax and audit purposes
- Legal documents and governance records: As required by applicable property law
8.2 Resident Users
Active Access: For as long as you have access to your building’s services
When Access Ends:
- Personal account data: 3 years after access termination
- Building-related communications: Retained as part of building records (controlled by Professional Users)
- Financial records related to your unit: 7 years for legal compliance
Important: If your building’s Professional User terminates their account, this may affect the retention of your building-related data.
9. International Data Transfers
Our primary data processing occurs in Canada. However, some service providers may process data in:
- United States
- European Union
- Other countries where our service providers operate
When we transfer data internationally, we ensure adequate protection through:
- Adequacy decisions by relevant authorities
- Standard contractual clauses
- Service provider certifications and safeguards
For Professional Users: International transfers may include comprehensive building and financial data necessary for service delivery.
For Resident Users: International transfers are limited to data necessary for providing resident services and building community operations.
10. Your Privacy Rights
10.1 Rights for All Users
Depending on your location, you may have the right to:
Access and Portability:
- Request a copy of your personal information
- Receive your data in a portable format
Correction and Control:
- Correct inaccurate information
- Update your preferences and settings
Deletion and Restriction:
- Request deletion of your personal information (subject to legal requirements and building management needs)
- Restrict certain processing activities
10.2 Special Considerations for Resident Users
Limited Control: Some of your information may be controlled by your building’s Professional Users as part of property management operations. In such cases, you may need to contact your building administrator for certain requests.
Building-Related Data: Information necessary for building operations (such as unit ownership records or building communications) may not be deletable while you remain part of the building community.
To exercise these rights, contact us using the methods in Section 14. We will respond within 30 days and may require identity verification.
11. Cookies and Tracking Technologies
We use cookies and similar technologies for:
Essential Functionality:
- Keeping you logged in
- Remembering your preferences and user type
- Providing appropriate security features for your user level
Analytics:
- Understanding platform usage patterns
- Improving performance and user experience for both user types
You can control cookies through your browser settings, though disabling essential cookies may affect functionality.
12. Children’s Privacy
Our Services are designed for adults (18+) and property management professionals. We do not knowingly collect information from children under 18. If we discover we have collected such information, we will delete it promptly.
13. Changes to This Policy
We may update this privacy policy to reflect changes in our practices or legal requirements. We will:
- Update the “Last updated” date
- Notify Professional Users via email and platform notification
- Notify Resident Users through their building’s communication channels or direct notification where possible
- Post the updated policy on our website
Continued use of our Services after changes constitutes acceptance of the updated policy.
For privacy-related questions, complaints, or to exercise your rights, please contact us at the email address below. We will respond to your inquiry within 30 days. We are committed to resolving any concerns promptly and fairly.
Note for Resident Users: For some building-related data matters, you may also need to contact your building’s Professional Users who act as data controllers for that information.
Data Protection Officer:
Name: Jacques Gaubil
Title: Product Director
Email: [email protected]