Effective date: 30 July 2025 — supersedes all prior versions
1 Who we are & scope
Cerasia Holdings Inc. (“Cerasia,” “we,” “our”) operates the website cerasiaholdings.com (the “Site”) and the mobile application “Cerasia Holdings” for Android & iOS (the “App”). This unified Privacy Policy explains how we collect, use, share, and protect data when you use either the Site or the App (together, the “Services”).
2 Information we collect
| Category | Examples | Purpose | Applies to |
|---|---|---|---|
| Account data | Name, e-mail, phone, postal address, unit / lease info, password hash | Authenticate user, display correct records | Agents & Tenants |
| Payment data | Stripe / Forte tokens, invoices, payment history | Process rent & service payments | Tenants |
| User-generated content | Maintenance tickets, chat messages, inspection notes, photos | Ticketing, collaboration, compliance evidence | Agents & Tenants |
| Photos & media (permission-based) |
Images taken in-app for work orders or inspections | Document issues & attach evidence | Agents & Tenants |
| Microphone / audio (permission-based) |
Voice recordings in VoIP calls or inspections | Attach dictation; connect VoIP | Agents (Desk) |
| Device & diagnostics | Device model, OS version, unique ID, Crashlytics logs | Stability monitoring & bug fixing | All users |
| Usage logs | IP address, pages/screens viewed, clicks, timestamps | Capacity planning, security analytics | All users |
| Cookies / local storage | Session ID, CSRF token, theme preference | Keep you signed in; secure forms | Site only |
| Push-notification token | Firebase Cloud Messaging device token | Deliver alerts you opt into | All users |
Permissions: The App requests camera, microphone, storage, and notification permissions only when the related feature is first used. Denying a permission disables that feature but the rest of the App continues to work.
3 How we use information
- Provide core services – account access, maintenance workflows, payment processing.
- Real-time communications – push alerts for rent due, inspection schedules, ticket replies.
- Media & VoIP (Agent Desk) – link photos and voice notes to inspection records.
- Analytics & quality – diagnose crashes, measure feature adoption, improve UX.
- Security & fraud prevention – detect unauthorised access, enforce policies.
We do not use your data for third-party advertising or behaviour profiling.
4 Sharing & disclosure
We never sell personal data. We share it only with service providers who process data on our behalf under contracts that forbid secondary use:
- Google LLC – Firebase hosting, authentication, push, crash analytics
- Twilio Inc. – VoIP calls, SMS (Agent Desk only)
- Stripe Inc. / Forte LLC – Payment processing
- U.S. hosting & backup partners – encrypted data storage
We may disclose data to comply with law, protect rights, or as part of a business transfer (you will be notified).
5 Retention
| Data type | Retention period | Reason |
|---|---|---|
| Account, transactional, tax & financial records | 7 years after relationship ends | Statutory bookkeeping & audit |
| Crash & analytics logs | 24-month rolling window | Product quality & security |
| Push-notification tokens | Deleted on sign-out or uninstall | N/A |
| Photos, audio & other attachments | Kept with associated ticket until archival/deletion schedule | Operational history & proof of work |
You may request earlier deletion where legally permissible, but statutory obligations may require retention for the full period. When full deletion is impossible, we will pseudonymise or anonymise data.
6 Security measures
- End-to-end TLS; HSTS enforced on the Site
- AES-256 encryption at rest for databases & backups
- Role-based access control (least privilege) with quarterly reviews
- Annual penetration testing & continuous vulnerability monitoring
7 Your choices & rights
- Access / correction / portability – e-mail privacy@cerasiaholdings.com
- Deletion / restriction – same e-mail (subject to §5 retention)
- Notification opt-out – device settings ▸ Notifications ▸ Cerasia Holdings
- Permission controls – device settings ▸ Apps ▸ Cerasia Holdings ▸ Permissions
- Cookie control – adjust browser settings (Site only)
- GDPR / CCPA – state jurisdiction in your request; we comply
- Account closure – Tenants after lease settled; Agents via HR
8 Children’s privacy
The Services are intended for users 18 years or older. We do not knowingly collect data from children under 13.
9 Cookies (Site)
We use first-party cookies for session management, CSRF protection, and remembering preferences. We do not use third-party advertising cookies. See our separate Cookie Notice for details.
10 International transfers
Data are hosted in the United States. By using the Services you consent to transfer and processing in the U.S. and other jurisdictions with appropriate safeguards (e.g., EU SCCs).
11 Emergency-services disclaimer (VoIP)
App VoIP features are not a substitute for 911 or other emergency services. Use a conventional phone in an emergency.
12 Changes to this Policy
Material changes will be announced via in-app notice or e-mail at least 14 days before they take effect. The effective date at the top of this document always shows the latest version.
13 Contact us
Cerasia Holdings Inc.
74 Bleecker Street, Gloversville NY 12078, USA
Phone: +1 (518) 714-1212
E-mail: living@cerasiaholdings.com
By using the Site or App you acknowledge that you have read, understood, and agreed to this Privacy Policy.
