Privacy Policy

We process personal information in two roles:

• Account data (we are the controller): your name, email, and authentication details when you create an account.
• Corporation data (we process it on behalf of the strata/condo corporation): owner and council contact details, memberships and units, financial ledgers and payments, meeting records and votes, maintenance requests, and uploaded documents.

We use this information to operate the service: authenticate you, run your corporation’s compliance calendar, financials, governance, and document features, and send operational communications you or your corporation have consented to. We do not sell personal information.

Your corporation’s data is stored in Canada (a Montreal-region data centre). Access is isolated per corporation by row-level security, and governance and financial actions are recorded in an immutable audit trail.

Some processing happens outside Canada. In particular, the AI features below send the relevant text to a provider in the United States to generate results, and our payment and email/SMS providers may also operate outside Canada. We use these providers under contracts requiring protection comparable to PIPA/PIPEDA, and we remain accountable for your information while it is in their care.

We use Google Analytics to understand how the site is used — pages visited and high-level actions such as creating an account, requesting access, or running a feature — so we can improve the product. This data is aggregated and product-focused: we do not send your name, your corporation’s records, or financial details to it. Google processes analytics data outside Canada (primarily the United States) as our service provider.

Analytics cookies are off by default. When you first visit, a banner asks for your consent, and we only enable Google Analytics if you choose “Accept” (Google Consent Mode). You can decline, and you can later clear the choice through your browser’s site settings to be asked again. The strictly necessary cookies used for signing in and security are always required and do not depend on this consent.

AI features (document Q&A, red-flag surfacing, classification, minute drafting, reserve-study extraction) are assistive and human-in-the-loop: outputs are grounded in your own documents, cited to their source, and require a person to review or approve them.

To generate these results, the relevant document text is sent to our AI provider, which processes it in the United States. It is used only to produce your result — not to train the provider’s models — and is not retained by the provider for other purposes.

We share data only with providers needed to run the service, under appropriate safeguards — for example, our Canadian-region database and authentication host, our payment processor (Stripe) for online strata fees, our AI gateway, and email/SMS delivery providers for communications. Each receives only what is necessary for its function.

Providing contact details to a corporation implies consent to receive its operational communications. You can withdraw email or SMS consent at any time from your owner portal’s communication preferences; certain statutory notices may still be sent as required by law.

Statutory records (minutes, financials, the audit trail) are retained for the periods required by law, including BC Strata Property Act minimums. Other records, such as the communications log, are retained on a configurable schedule and then purged.

We protect personal information with safeguards appropriate to its sensitivity: encryption in transit (TLS) and at rest, per-corporation isolation enforced by database row-level security, role-based access (owner, council, manager), an append-only audit trail, and passwords handled by our authentication provider (we never see or store them). No information is perfect against every risk, but we work to keep these safeguards current.

We maintain a process to detect, assess, and respond to security incidents. If a breach of security safeguards creates a real risk of significant harm, we will report it to the Office of the Privacy Commissioner of Canada and notify affected individuals as required by PIPEDA, and we keep records of breaches as the law requires.

Subject to applicable law, you may request access to, or correction of, your personal information, and may withdraw consent (see Communications & consent). Much of your information is directly viewable and editable in the app. For requests about corporation data, we may direct you to your strata corporation as the controlling party. You may also complain to the Office of the Privacy Commissioner of Canada (or the BC Office of the Information and Privacy Commissioner).

We are accountable for the personal information in our care, including information handled by our service providers. Our Privacy Officer can be reached at privacy@managestrata.ca for any privacy question, access/correction request, or complaint.

This policy is a general description and may be updated; material changes will be reflected by the “last updated” date above.