Privacy Policy

• Privacy Officer: The Privacy Officer of Pixel Perfect Software Inc. is responsible for our compliance with privacy legislation and oversight of personal information handling practices

• Privacy Contact: [email protected]

• Mailing Address: Pixel Perfect Software Inc., Nova Scotia, Canada (full registered address available upon request)

• Customer Support: [email protected]

• Response Time: We respond to all privacy requests within 30 calendar days, as required by PIPEDA

• For urgent privacy concerns, please mark your email subject as "URGENT PRIVACY REQUEST"

• Account information: Name, email address, phone number, mailing address

• Payment information: Billing address and payment method type. Full credit card numbers are processed and stored by Stripe, not by TenantSee

• Identity verification documents: Government-issued ID and proof of business registration, where required for KYC/AML compliance

• Property information: Property addresses, unit details, rental rates, property documents, photos

• Tenant information: Tenant names, contact information, rental history, lease agreements, move-in/move-out dates. You represent that you have lawful authority to provide tenant data and have obtained necessary consents

• Communications: Email and in-platform messages with our support team, stored for quality assurance and service improvement

• Device information: IP address, browser type, operating system, device identifiers

• Usage data: Pages viewed, features used, time spent on platform, search queries within the application

• Cookies and tracking technologies: Session identifiers, preference settings, analytics data

• Payment verification data from Stripe (transaction status, payment confirmations)

• Identity verification results from our KYC verification processes

• Providing rental management services — Contractual necessity

• Payment processing — Contractual necessity and legal obligation

• Identity verification (KYC/AML) — Legal obligation under PCMLTFA and FINTRAC

• Fraud prevention and platform security — Legitimate business interest and legal obligation

• Customer support — Consent and contractual necessity

• Service-related notifications and security alerts — Contractual necessity

• Platform improvement via anonymized analytics — Legitimate business interest with appropriate safeguards

• Marketing communications — Express consent (opt-in), with opt-out available at any time

• We create anonymized, aggregated statistics that cannot reasonably be used to re-identify individual users. We do not sell identifiable user data.

• We do not sell, rent, or trade your personal information to third parties for marketing purposes

• We share data with the following processors under strict data processing agreements:

• Stripe Inc. — Payment processing (Name, email, payment information, transaction amounts) — USA

• Amazon Web Services (AWS) — Data storage and hosting (All platform data, encrypted) — Canada (primary)

• Plunk — Transactional emails (Name, email, notification content) — USA

• Google Analytics — Anonymized usage analytics (IP address anonymized, page views, session data) — USA

• We may disclose information when required by law, court order, subpoena, or warrant

• Anonymous, aggregated data may be used for research, analytics, and business development

• In the event of a business transfer, we will notify you at least 30 days before the transfer and ensure the acquiring entity protects your information

• We implement security measures aligned with industry frameworks including encryption at rest and in transit, access controls, and regular security assessments

• All data transmission is encrypted using SSL/TLS protocols (minimum TLS 1.2)

• Payment information is processed through PCI DSS compliant payment processors (Stripe)

• We conduct regular security assessments and vulnerability testing

• Access to personal information is restricted to authorized personnel only on a need-to-know basis

• All employees and contractors undergo privacy and security training and are bound by confidentiality agreements

• We maintain comprehensive backup and disaster recovery procedures

• Landlord and tenant data is logically segregated to prevent unauthorized cross-account access

• In the event of a data breach involving a real risk of significant harm, we will notify affected users within 72 hours of discovery

• We will report data breaches to the Privacy Commissioner of Canada and applicable provincial privacy commissioners as required

• Breach notifications will include: nature of the breach, types of information involved, steps taken to address the breach, and recommended actions for users

• We maintain a data breach response plan and conduct regular breach response exercises

• All breaches are recorded and retained for 24 months as required by PIPEDA

• You can report suspected data breaches to our privacy team at [email protected]

• Right to Access: Request a copy of your personal information. We respond within 30 calendar days

• Right to Correction: Request correction of inaccurate information within 10 business days

• Right to Deletion: Request deletion of your account and data within 30 days (subject to legal retention requirements)

• Right to Data Portability: Request your data in machine-readable format (CSV or JSON)

• Right to Withdraw Consent: Withdraw consent for non-essential processing at any time

• Right to Object: Object to processing based on legitimate interests

• Right to Lodge a Complaint: File a complaint with us or the Privacy Commissioner of Canada (1-800-282-1376 or www.priv.gc.ca)

• Right to Restrict Processing: Request restriction while we verify data accuracy

• Right to data portability in a commonly used technological format

• Right to de-indexing of certain personal information

• Right to be informed of any automated decision-making affecting you

• Right to object to commercialization of personal information (we do not commercialize personal information)

• As a federally incorporated Canadian company, we comply with PIPEDA and adhere to the ten Fair Information Principles

• Quebec — Law 25: We have designated a Privacy Officer, conduct Privacy Impact Assessments, maintain a privacy incident registry, and provide French-language privacy notices

• Alberta — PIPA: Alberta residents are covered by substantially similar provincial privacy law. We respond to access requests within 45 calendar days

• British Columbia — PIPA: BC residents are covered by substantially similar provincial privacy law. We respond to access requests within 45 calendar days

• Nova Scotia: PIPEDA applies directly to our operations in Nova Scotia

• CASL: We comply with Canada's Anti-Spam Legislation for all electronic messages, requiring express consent for marketing communications

• We primarily store and process data within Canada using Canadian data centres

• Some service providers (such as Stripe and Google Analytics) may process data in secure facilities in the United States with adequate protection measures

• Any international transfers are protected by appropriate safeguards including contractual data protection obligations with service providers

• We maintain a record of all international data transfers and the safeguards applied

• Canadian residents can request information about where their data is processed by contacting our privacy team

• Essential cookies: Platform functionality, login sessions, security features — No consent required

• Analytics cookies: Understanding user interaction patterns (Google Analytics with IP anonymization) — Consent required

• Performance cookies: Improving platform speed and functionality — Consent required

• You can control non-essential cookie settings through your browser preferences or our cookie consent mechanism

• We do not use cookies for targeted advertising or share cookie data with advertising networks

• Third-party cookies are limited to essential service providers only

• Quebec users: Prior express consent is required for non-essential cookies. You may refuse non-essential cookies as easily as accepting them

• Active account data: Retained for duration of account activity

• Personal information after account closure: Deleted within 30 days

• Financial transaction records: 7 years (Income Tax Act)

• Communication records: 3 years (quality assurance and legal compliance)

• Identity verification records: As required by FINTRAC

• Breach records: 24 months (PIPEDA mandatory breach recordkeeping)

• Usage analytics: Retained in anonymized form

• We conduct quarterly reviews of retained data and purge information that is no longer needed

• Banking information should only be stored when necessary for payment processing. Use our integrated payment features via Stripe

• Credit and screening information should be limited to what is necessary and deleted after the required retention period

• Medical or disability information must be treated with the highest sensitivity and stored only when necessary for accommodations

• Landlords are responsible for obtaining tenant consent, using data only for legitimate purposes, and collecting only the minimum information necessary

• We may disclose information in response to valid court orders, subpoenas, warrants, or law enforcement requests with proper legal authority

• We verify the legitimacy of all legal requests and notify affected users unless legally prohibited

• You can export your data through Account Settings or request certified records by contacting [email protected]

• TenantSee is not a party to landlord-tenant disputes and does not provide legal opinions on data or transactions

• TenantSee is not intended for use by individuals under 18 years of age

• We do not knowingly collect personal information from children under 18

• If we become aware that we have collected personal information from a child under 18, we will delete such information promptly

• Parents or guardians who believe their child has provided personal information to us should contact our privacy team immediately

• Account holders must be of legal age to enter into rental agreements in their jurisdiction

• We may use automated systems for fraud detection and risk assessment in payment processing (such as velocity checks and pattern analysis)

• Automated decisions that significantly affect you will include human review

• You have the right to request human review of any automated decision affecting your account

• We do not use automated decision making for rental application approvals or tenant scoring

• All significant account decisions involve human oversight and review

• Liability for privacy-related claims is limited to the greater of: (a) the amount paid in the 12 months preceding the event, or (b) CAD $500

• This limitation does not apply to gross negligence, willful misconduct, fraud, or liabilities that cannot be limited by law

• Our liability is limited to the extent permitted by applicable consumer protection and privacy legislation

• Nothing limits our liability for negligent data handling, statutory damages under privacy legislation, or liabilities that cannot be limited by law

• We acknowledge our accountability under PIPEDA for the data handling practices of our service providers

• You are responsible for maintaining account credential confidentiality and obtaining appropriate consents from tenants

• We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements

• Material changes will be communicated via email and prominent notice at least 30 days before they take effect

• If changes materially expand how we use personal information, we will obtain fresh consent from affected users

• Previous versions of this Privacy Policy are available upon request

• We maintain a version history with change summaries for transparency

• You will be notified of any changes that affect your rights or how your data is processed

• This Privacy Policy is governed by Canadian federal privacy laws (PIPEDA) and the provincial laws of Nova Scotia

• Where you reside in a province with substantially similar privacy legislation (Quebec, Alberta, British Columbia), that provincial legislation also applies

• Any disputes arising from this Privacy Policy will be resolved in accordance with Canadian law

• If any provision is deemed invalid, the remaining provisions shall remain in full force and effect

• You retain the right to file complaints with privacy commissioners regardless of this dispute resolution clause