Privacy Policy
Effective date: July 8, 2026
This Privacy Policy explains how Cairn Signal ("Cairn Signal," "we," "us," or "our") collects, uses, discloses, and safeguards information in connection with the Cairn Signal asset management software and related websites and services (collectively, the "Service"). Cairn Signal licenses the Service to organizations ("Customers") such as housing owners and operators, who make it available to their authorized personnel and board members ("Authorized Users").
Cairn Signal generally acts as a service provider / data processor on behalf of the Customer that licenses the Service. The Customer is the party that decides what information is uploaded and is responsible, as the data controller, for that information. If you are an Authorized User with questions about your data, please contact your organization's administrator.
1. Information we collect
We collect the following categories of information:
- Account information. Name, email address, assigned role (administrator, staff, or board member), and authentication credentials. Passwords are managed through our authentication provider and are stored only in hashed, salted form; Cairn Signal does not have access to your plaintext password.
- Customer Content. Files, reports, financial data, and other materials that Authorized Users upload or enter into the Service. Customer Content may include information about third parties (for example, resident or tenant names, balances, and related records contained in property management reports). This information is provided and controlled by the Customer.
- Usage and log data. Technical information generated when you use the Service, such as IP address, browser type, device information, pages viewed, and timestamps, used to operate and secure the Service.
- Cookies and local storage. We use strictly necessary cookies and browser storage to keep you signed in and remember basic preferences. We do not use the Service to serve advertising.
2. How we use information
- Provide, operate, maintain, and secure the Service;
- Authenticate users and enforce role-based access controls;
- Respond to support requests and communicate about the Service (including invitations and account notices);
- Monitor, troubleshoot, and improve performance, reliability, and features;
- Detect, prevent, and address security incidents, fraud, or misuse; and
- Comply with legal obligations and enforce our agreements.
3. How information is shared
We do not sell personal information. We share information only as follows:
- Service providers. We use trusted third parties to host and operate the Service, including Google Firebase and Google Cloud Platform (hosting, database, file storage, and authentication) and our email delivery provider (to send account and invitation emails). These providers process information on our behalf under contractual confidentiality and security obligations.
- Within your organization. Information is accessible to Authorized Users of your organization according to their assigned roles.
- Legal and safety. When required by law, subpoena, or to protect the rights, property, or safety of Cairn Signal, our Customers, or others.
- Business transfers. In connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
4. Data storage and security
Customer Content and account data are stored on Google Cloud / Firebase infrastructure in the United States. We use administrative, technical, and organizational safeguards designed to protect information, including encryption in transit and at rest, role-based access controls, and restricted file access. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
5. Data retention
We retain account and Customer Content for as long as the Customer's license is active and as needed to provide the Service, and thereafter as required to comply with legal obligations, resolve disputes, and enforce agreements. Upon termination, Customer Content is deleted or returned in accordance with the Customer's license agreement.
6. Your choices and rights
Depending on your location and role, you may have rights to access, correct, or delete personal information, or to restrict certain processing. Because much of the information in the Service is controlled by the Customer, we will generally direct such requests to the relevant Customer and assist them in responding. California residents may have additional rights under the California Consumer Privacy Act (CCPA/CPRA); we do not sell or share personal information as those terms are defined under California law.
7. Children's privacy
The Service is intended for business use by adults and is not directed to children under 13, and we do not knowingly collect personal information directly from children through the Service. Customer Content may reference individuals of any age as part of housing records; such information is controlled by the Customer.
8. Third-party links
The Service may link to third-party websites or services that we do not control. This Policy does not apply to those third parties, and we encourage you to review their privacy practices.
9. Changes to this Policy
We may update this Policy from time to time. Material changes will be indicated by updating the effective date above and, where appropriate, by additional notice. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
10. Contact us
Questions about this Policy may be directed to Cairn Signal at privacy@cairnsignal.com.