Last updated: April 24, 2026
This policy summarizes how Canopy PM handles, protects, and limits access to data used by our mobile apps, manager tools, resident tools, websites, and backend services.
Depending on your role and enabled workflows, Canopy PM may process account information, property records, lease and resident information, maintenance requests, listing workflow data, operational messages, support history, documents, payment status metadata, and app activity needed to provide the Service.
Canopy PM uses HTTPS/TLS for network traffic between apps, browsers, APIs, and hosted services. Users should not send sensitive information outside supported app and website workflows.
Production hosting, database, and object-storage providers are expected to protect stored data using industry-standard access controls and encryption-at-rest capabilities. Credentials, tokens, and other sensitive secrets are not intended to be stored in client-side source code.
Accounts are authenticated before private data is returned. Manager and resident access is scoped by account role, property assignment, resident assignment, and operational permissions. The manager app is designed for invited or provisioned users, not anonymous public access.
Canopy PM limits data access to the workflows needed for app functionality, support, operations, security, and legal/accounting obligations. Internal access should be limited to authorized operators and service providers with a legitimate need.
Where payment workflows are enabled, payment card entry and payment processing are handled by third-party payment processors such as Stripe. Canopy PM apps should not directly collect or store raw payment card numbers.
Documents, receipts, photos, and attachments are processed only when uploaded or attached through supported workflows. Access to these files is controlled by account scope and backend authorization.
Canopy PM retains information while needed to operate the Service, maintain business records, resolve disputes, prevent fraud or abuse, satisfy legal obligations, and support active customers. Users may request account deletion or use available in-app deletion controls where provided.
If we identify a security incident affecting personal information, we will investigate, take appropriate containment steps, and provide notices where legally required.
Canopy PM may rely on third-party providers for hosting, storage, payments, email, AI/automation, and operational tooling. These providers are used to deliver app functionality and are expected to maintain their own security and privacy controls.
This policy supplements the Privacy Policy and Terms of Service. If you have questions, contact [email protected].