Privacy Policy

Effective Date: January 1, 2025

At H2L Marketing Inc., we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the Ellipse platform.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide when you:

  • Create an Account: Name, email address, phone number, company name, and password
  • Set Up Properties: Property names, addresses, unit counts, amenities, and management details
  • Configure Services: Phone numbers for virtual phone system, CRM credentials, reporting email addresses
  • Process Payments: Billing information (processed securely through Stripe)
  • Contact Support: Communications and information shared with our support team
  • Use AI Services: Prompts, configurations, and customizations for AI assistants

1.2 Information from Property Management Activities

When you use Ellipse to manage properties, we process:

  • Prospect Information: Names, phone numbers, email addresses, and communication preferences of rental prospects
  • Communication Data: Call logs, SMS messages, emails, and chat conversations
  • Lead Data: Source, status, follow-up information, and conversion metrics
  • Application Data: Information from rental applications if integrated with your systems

1.3 Automatically Collected Information

We automatically collect certain information when you use our platform:

  • Usage Data: Features used, actions taken, time spent, and frequency of use
  • Device Information: Browser type, operating system, IP address, and device identifiers
  • Log Data: Access times, pages viewed, clicks, and navigation paths
  • Performance Data: System performance metrics and error reports

1.4 Information from Third-Party Integrations

If you connect third-party services, we may receive:

  • Data from property management systems (Appfolio, Knock, etc.)
  • Calendar information for scheduling
  • Communication data from integrated phone/SMS providers

2. How We Use Your Information

2.1 To Provide and Improve Our Services

  • Operating the Ellipse platform and its features
  • Processing and managing rental inquiries
  • Facilitating communication between property managers and prospects
  • Generating reports and analytics
  • Improving AI responses and accuracy

2.2 For Account Management

  • Creating and managing your account
  • Authenticating users and ensuring security
  • Processing payments and billing
  • Sending service-related notifications

2.3 For Communication

  • Responding to your inquiries and support requests
  • Sending updates about new features or changes
  • Providing training and onboarding assistance

2.4 For Legal and Safety Purposes

  • Complying with legal obligations
  • Protecting rights, property, and safety
  • Detecting and preventing fraud or abuse
  • Enforcing our Terms of Service

2.5 With Your Consent

For any purpose disclosed to you at the time we request your consent.

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who help us operate our platform:

  • Stripe: Payment processing
  • AWS: Cloud hosting and storage
  • Vonage: Phone and SMS services
  • OpenAI: AI language processing (anonymized data only)
  • BoldSign: Digital contract signatures
  • Google Places API: Location services

These providers are contractually obligated to protect your information and use it only for providing services to us.

3.2 At Your Direction

We share information when you explicitly instruct us to, such as:

  • Integrating with your property management system
  • Sharing reports with designated recipients
  • Connecting with third-party tools you authorize

3.3 Legal Requirements

We may disclose information if required by law or if we believe such action is necessary to:

  • Comply with legal obligations or respond to lawful requests
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the safety of users or the public

3.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

3.5 Aggregated Information

We may share aggregated, anonymized information that cannot identify you for research, marketing, or other purposes.

4. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy.

4.1 Specific Retention Periods

  • Account Information: Retained for the duration of your subscription plus 90 days after termination
  • Property Data: Retained for the duration of your subscription plus 90 days
  • Communication Logs: Retained for 2 years for compliance with business records requirements
  • Billing Records: Retained for 7 years for tax and accounting purposes
  • Support Tickets: Retained for 3 years for service improvement
  • AI Training Data: Anonymized and retained indefinitely for model improvement
  • Analytics Data: Retained for 3 years in aggregated form

4.2 Data Deletion

After the retention period, we securely delete or anonymize your information. You may request earlier deletion, subject to legal requirements.

4.3 Legal Holds

We may retain information longer if required by law, legal proceedings, or governmental request.

5. Data Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction.

5.1 Security Measures Include:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access controls and authentication requirements
  • Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Regular Audits: Security assessments and penetration testing
  • Employee Training: Regular security and privacy training for our team
  • Incident Response: Established procedures for responding to security incidents
  • Two-Factor Authentication: Available for all user accounts
  • Secure Development: Security-by-design principles in our development process

5.2 Data Breach Response

In the event of a data breach affecting your personal information, we will notify you within 72 hours and take immediate steps to mitigate harm.

5.3 Your Responsibilities

You are responsible for maintaining the security of your account credentials and for any activities under your account.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to access your personal information and receive a copy in a structured, commonly used format.

6.2 Correction

You can update or correct your information through your account settings or by contacting us.

6.3 Deletion

You may request deletion of your personal information, subject to legal requirements and legitimate business needs.

6.4 Restriction of Processing

You can request that we limit how we use your information in certain circumstances.

6.5 Object to Processing

You have the right to object to certain types of processing, including processing for direct marketing.

6.6 Withdraw Consent

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

6.7 Opt-Out of Communications

You can opt-out of marketing communications using the unsubscribe link in emails or by contacting us. Service-related communications cannot be opted out of while you maintain an account.

6.8 Do Not Track

Our platform does not currently respond to Do Not Track signals, but you can configure your browser to refuse cookies.

7. Cookies and Tracking Technologies

7.1 What We Use

We use cookies and similar technologies to:

  • Keep you logged in to your account
  • Remember your preferences and settings
  • Analyze platform usage and performance
  • Provide security features

7.2 Types of Cookies

  • Essential Cookies: Required for platform functionality
  • Performance Cookies: Help us understand how you use the platform
  • Preference Cookies: Remember your settings and choices

7.3 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may impact platform functionality.

8. Third-Party Services

8.1 Integrations

When you connect third-party services, you are subject to their privacy policies. We recommend reviewing their policies before integration.

8.2 Links to Other Sites

Our platform may contain links to external sites. We are not responsible for their privacy practices or content.

8.3 Third-Party Data

If you provide us with personal information about others (e.g., team members, prospects), you must have their consent to do so.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard contractual clauses approved by regulatory authorities
  • Ensuring recipients maintain adequate security measures
  • Compliance with applicable data protection laws

10. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 13, we will delete it promptly.

11. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

11.1 Right to Know

You have the right to request information about:

  • Categories of personal information we collect
  • Sources of personal information
  • Business purposes for collecting information
  • Categories of third parties we share information with
  • Specific pieces of personal information we have about you

11.2 Right to Delete

You may request deletion of your personal information, subject to certain exceptions.

11.3 Right to Opt-Out

We do not sell personal information. If our practices change, we will provide an opt-out mechanism.

11.4 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

11.5 Authorized Agents

You may designate an authorized agent to make requests on your behalf.

11.6 Shine the Light

California residents may request information about disclosure of personal information to third parties for direct marketing purposes.

12. GDPR Rights (European Users)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

12.1 Legal Basis for Processing

We process your information based on:

  • Contract: To provide our services to you
  • Legitimate Interests: To improve and secure our services
  • Consent: Where you have explicitly agreed
  • Legal Obligations: To comply with applicable laws

12.2 Additional Rights

  • Right to lodge a complaint with a supervisory authority
  • Right to withdraw consent at any time
  • Right to object to processing based on legitimate interests
  • Right to data portability
  • Right not to be subject to automated decision-making

12.3 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at privacy@ellipseleasing.com

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new policy on our platform
  • Updating the "Effective Date" at the top
  • Sending you an email notification (for material changes)

Your continued use of the platform after changes indicates acceptance of the updated policy.

14. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

H2L Marketing Inc.
Attn: Privacy Team
Email: privacy@ellipseleasing.com
Website: https://ellipseleasing.com

To Exercise Your Privacy Rights:

  1. Email us at privacy@ellipseleasing.com
  2. Include "Privacy Rights Request" in the subject line
  3. Provide sufficient information to identify you
  4. Specify the right(s) you wish to exercise

We will respond to your request within 30 days (or as required by applicable law).

For Security Concerns:

If you discover a security vulnerability, please email privacy@ellipseleasing.com immediately.

Last Updated: January 1, 2025

Version: 1.0

This Privacy Policy is available in PDF format upon request.