Kasaloop Privacy Policy

1. Who We Are & How to Reach Us

Kasaloop is a Canadian company headquartered in British Columbia. We design software for property managers and residential buildings.

You may contact us at any time to request access to the personal information we hold about you, to correct inaccuracies, or to withdraw consent where applicable.

2. Personal Information We Collect

We collect only the information that is necessary to provide our products and services. This includes:

When you browse kasaloop.app

• Device information (browser type, operating system, screen size)
• IP address (used for security and approximate geolocation)
• Interaction analytics (pages viewed, scroll depth, time on page, clicks, feature interest)
• Traffic sources and campaign parameters (UTM tags) to understand how visitors find us

When you request a demo or contact us

• Name, work email, phone number, company/building details, unit counts, and interests
• Contextual analytics captured at submission (time on page, engagement score, maximum scroll depth, GA measurement ID, user agent, consent status)
• Any information you voluntarily provide in free-form fields

Within Kasaloop products (resident/concierge apps)

• Account credentials, role, building assignment, and activity logs
• Parcel, amenity, visitor, and communication data managed within the platform
• Support tickets and recorded consents (e.g., rental application approvals)

On rent.kasaloop.app (rental marketplace)

• Application details submitted by prospective residents, including identity verification information where required by law
• Payment information for deposits or services (processed by Stripe; Kasaloop does not store full credit card numbers)
• Authorization to run soft background or credit checks, where permitted and with consent

3. How We Use Personal Information

We use collected information for the following purposes:

• Service delivery: Provide, secure, and improve our building management platform.
• Customer support: Respond to inquiries, schedule demos, and fulfill requests.
• Demand forecasting & analytics: Measure interest in Kasaloop features, determine which channels drive demand, and forecast product usage. We rely on aggregated analytics rather than individual profiling.
• Marketing communications: Send product updates or onboarding resources only where permitted by CASL. Every email contains an unsubscribe link.
• Security & fraud prevention: Detect unauthorized access, maintain audit trails, and comply with legal or regulatory obligations.
• Rental marketplace operations: Process rental applications, payments, and background checks with consent through rent.kasaloop.app.

4. Consent & Opt-Out Options

We rely on express or implied consent depending on the context:

• Submitting a demo request or contact form constitutes consent for us to contact you regarding your request.
• Marketing communications require express consent under CASL, and consent can be withdrawn at any time using the unsubscribe link or by contacting us.
• Analytics cookies and session recordings are disclosed below; you can opt out via browser settings, privacy tools, or by contacting us.

You may withdraw consent for any optional use of your information at any time. We will honor your request unless legal or legitimate business requirements prevent us from doing so (e.g., security logs).

5. Analytics, Cookies & Tracking Technologies

We use the following services to understand how visitors use our website and to enhance user experience:

• Google Analytics 4 (Google LLC, USA) – anonymized traffic analytics, conversion tracking, and engagement metrics.
• Microsoft Clarity (Microsoft Corporation, USA) – heatmaps and session recordings to improve usability. Sensitive fields are automatically masked.
• Cloudflare Web Analytics (Cloudflare Inc., USA) – privacy-focused traffic statistics and bot detection.

These tools may set cookies or use similar technologies. Some data may be transferred to the United States. You can control cookies through your browser, use built-in tracking protection (e.g., Firefox ETP), or install opt-out add-ons from the providers.

Our website honors Do Not Track (DNT) and Global Privacy Control (GPC) signals where possible. When such settings are detected, analytics are not loaded.

6. Where We Store Information

• Kasaloop application data is hosted in Canadian data centres on Microsoft Azure Canada Central, with redundant backups in-region.
• Edge routing and performance are supported by Cloudflare services, which may temporarily process network metadata outside Canada. Data is cached in accordance with Cloudflare’s privacy program.
• Analytics providers (Google, Microsoft Clarity, Cloudflare Web Analytics) may process limited website telemetry in the United States or other jurisdictions. These vendors are contracted to provide adequate protections.
• Payment transactions and soft background checks on rent.kasaloop.app are facilitated by Stripe (headquartered in the USA). Stripe collects and stores credit card details on our behalf; Kasaloop only receives tokenized references.

7. Retention

We retain personal information only as long as necessary to fulfill the purpose for which it was collected:

• Demo requests and inquiries: 24 months after last interaction unless you request deletion sooner.
• Product usage data: As long as the customer account is active plus 12 months, unless required longer for contractual or legal reasons.
• Rental marketplace applications and credit soft-check consents: maintained for the duration of the leasing process and related statutory retention periods.
• Analytics data: GA4 (14 months), Microsoft Clarity (90 days), Cloudflare (30 days).

Data is securely deleted or anonymized once the retention period expires.

8. Sharing & Disclosures

We do not sell personal information. We only share information with:

• Service providers that help us deliver our platform (cloud hosting, analytics, customer support, payment processing, and identity verification). Each provider is bound by confidentiality and data processing agreements.
• Property managers or building administrators using Kasaloop, limited to the information required to deliver services to residents and staff.
• Law enforcement or regulators when required by law or to protect our rights, users, or the public.

9. Your Rights Under Canadian Law

You have the right to:

• Access the personal information we hold about you.
• Request corrections to inaccurate or incomplete information.
• Withdraw consent for non-essential processing, including marketing or analytics, subject to legal or contractual limitations.
• File a privacy complaint with us or with a privacy commissioner.

We will respond to access or correction requests within 30 days as required by PIPEDA.

10. How to Make a Complaint

If you believe your privacy rights have been violated, please contact us at privacy@kasaloop.app. We will investigate and respond promptly. You may also contact the appropriate privacy regulator:

• Office of the Privacy Commissioner of Canada (OPC)
  https://www.priv.gc.ca/en/report-a-concern/
• Quebec Commission d’accès à l’information (Law 25)
  https://www.cai.gouv.qc.ca/
• Office of the Information & Privacy Commissioner of British Columbia
  https://www.oipc.bc.ca/
• Office of the Information & Privacy Commissioner of Alberta
  https://www.oipc.ab.ca/
• Residents in other provinces may contact their provincial or territorial privacy commissioner.

11. Security Measures

• End-to-end encryption of data in transit (TLS 1.2+) and encryption at rest across Microsoft Azure Canada Central.
• Role-based access controls, audit logging, and least-privilege policies for staff.
• Regular security testing and monitoring of our Azure and Cloudflare infrastructure.
• Incident response procedures aligned with provincial breach notification requirements.

12. Changes to This Policy

We review this policy annually and when new features or regulatory obligations arise. Material changes will be posted on this page with an updated “last updated” date. Where legally required, we will seek renewed consent.