Privacy Policy

← Back to Home

1. Data Controller

The data controller for personal data processed through the Hijaaz Latheef platform is:

• Entity: Hijaaz Latheef Corp.
• Address: 8500 Shoal Creek Blvd, Suite 4C, Austin, TX 78757
• Email: privacy@hijaazlatheef.com
• Phone: +1 (512) 843-7291
• Privacy Officer: Hijaaz Latheef

2. Data We Collect

We collect and process the following categories of personal data in the course of delivering our property operations platform:

2.1 Account Data

Information provided during registration or account setup: full name, business email address, organization name, role/title, phone number, and billing information (processed by our payment sub-processor).

2.2 Tenant & Recipient Data

Data imported by our clients (property management firms) about their tenants: name, email address, unit/property association, lease dates, and notification preferences. This data is processed on behalf of our clients, who act as data controllers for their tenants' information.

2.3 Usage Data

Interaction data generated through platform use: login timestamps, feature usage patterns, notification delivery and open events (aggregated), and API request logs.

2.4 Technical Data

Automatically collected information: IP address, browser type and version, operating system, referring URL, session identifiers, and device type. Collected via strictly necessary cookies only.

3. How We Use Data

Personal data is processed for the following purposes:

• Service delivery: Providing the platform's core functionality — tenant communications, maintenance workflows, and lease management
• Transactional notifications: Sending system-generated emails triggered by real events (payment confirmations, maintenance updates, lease alerts, security notifications)
• Billing and invoicing: Processing subscription payments and maintaining financial records
• Security & fraud prevention: Detecting unauthorized access, monitoring for abuse, and maintaining platform integrity
• Legal compliance: Meeting regulatory obligations including CAN-SPAM, GDPR, CCPA, and CASL requirements
• Service improvement: Analyzing aggregated, anonymized usage patterns to enhance platform functionality (no individual profiling)

We do not use personal data for advertising, behavioral profiling, or marketing campaigns.

4. Legal Bases for Processing (GDPR)

For individuals in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:

Purpose	Legal Basis
Service delivery	Performance of contract (Art. 6(1)(b))
Transactional notifications	Performance of contract (Art. 6(1)(b))
Security monitoring	Legitimate interest (Art. 6(1)(f))
Billing	Performance of contract (Art. 6(1)(b))
Legal compliance	Legal obligation (Art. 6(1)(c))
Service improvement (aggregated)	Legitimate interest (Art. 6(1)(f))

5. No Data Selling

We do not sell, rent, lease, or trade personal data to any third party. This commitment applies to all data categories — account data, tenant data, usage data, and technical data. We have never sold personal data and have no plans to do so.

For California residents: under the CCPA's broad definition of "sale," we confirm that we do not sell personal information and do not share it for cross-context behavioral advertising.

6. Sub-Processors

We use the following sub-processors to deliver specific components of our Service. Each is bound by a Data Processing Agreement (DPA) with contractual obligations equivalent to those in this policy:

Sub-Processor	Purpose	Location
Amazon Web Services (AWS)	Cloud infrastructure hosting, data storage, compute	US (us-east-1, N. Virginia)
Mailgun (Sinch)	Transactional email delivery (SMTP relay)	US / EU
Stripe	Payment processing and subscription billing	US

We will notify clients at least 30 days before engaging any new sub-processor that handles personal data.

7. International Data Transfers

When personal data is transferred outside the EEA, UK, or Switzerland, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs): Approved by the European Commission (2021 version), executed with all relevant sub-processors
• EU-US Data Privacy Framework: Where applicable, transfers to US-based sub-processors certified under the DPF
• UK International Data Transfer Agreement: Addendum to SCCs for UK-origin transfers

Transfer impact assessments are conducted annually and are available to clients upon request.

8. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

Data Category	Retention Period
Account data (active clients)	Duration of service agreement + 90 days
Account data (terminated clients)	90 days after termination, then deleted unless legally required
Tenant/recipient data	Managed by the client; deleted within 30 days of client request or termination
Email delivery logs	90 days
Access and authentication logs	12 months
Billing and financial records	7 years (legal obligation)
Suppression list entries	Indefinite (to prevent re-sending)

9. Your Rights — GDPR

If you are in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure (right to be forgotten): Request deletion of your data, subject to legal retention requirements
• Right to restriction: Request temporary restriction of processing while a dispute is resolved
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interest
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, contact us at privacy@hijaazlatheef.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local Data Protection Authority.

10. Your Rights — CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by the CPRA):

• Right to know: Request disclosure of the categories and specific pieces of personal information we have collected
• Right to delete: Request deletion of personal information we have collected, subject to permitted exceptions
• Right to opt-out of sale: We do not sell personal information. No opt-out is necessary, but you may submit a request for confirmation at any time
• Right to non-discrimination: We will not discriminate against you for exercising any CCPA rights
• Right to correct: Request correction of inaccurate personal information
• Right to limit use of sensitive personal information: We do not use or disclose sensitive personal information beyond what is necessary to provide the Service

To submit a verifiable consumer request, contact us at privacy@hijaazlatheef.com or call +1 (512) 843-7291. We will respond within 45 days.

11. Cookies

We use strictly necessary cookies only. These cookies are essential for the platform to function and cannot be disabled:

Cookie Name	Purpose	Duration
session_id	Session management — maintains your authenticated state	Session
csrf_token	Cross-site request forgery protection	Session
hl_cookies_accepted	Records your acknowledgment of this cookie notice	1 year

We do not use advertising cookies, analytics trackers, or third-party tracking pixels. No personal data is shared with advertising networks.

12. Data Security

We implement comprehensive technical and organizational measures to protect personal data:

• Encryption in transit: All data transmitted to and from our platform is encrypted using TLS 1.3
• Encryption at rest: All data stored on our servers is encrypted using AES-256
• Access controls: Role-Based Access Control (RBAC) ensuring employees only access data necessary for their role
• Multi-factor authentication: Required for all staff accounts and API key management
• Vulnerability management: Regular vulnerability scanning, penetration testing, and dependency auditing
• Incident detection: 24/7 intrusion detection and automated alerting for anomalous activity
• Employee training: Annual privacy and security awareness training for all staff

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes:

• We will provide at least 30 days' notice before the changes take effect
• Notice will be sent via email to the primary contact on your account and posted on our website
• Your continued use of the Service after the effective date constitutes acceptance of the updated policy

14. Contact — Privacy Inquiries

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact:

• Privacy Officer: Hijaaz Latheef
• Email: privacy@hijaazlatheef.com
• Phone: +1 (512) 843-7291
• Address: Hijaaz Latheef Corp., 8500 Shoal Creek Blvd, Suite 4C, Austin, TX 78757

For general support inquiries, visit our Contact & Support page.