Privacy First Policy

Last Updated: December 23, 2025

1. Introduction

Welcome to mPro Digital Edge ("we," "our," "us," or "mPro"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered platform designed for the multifamily property management industry.

By accessing or using our platform, including our AI writing tools, chat assistants, video production features, document intelligence, and other services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

Information You Provide Directly

• Account Information: Name, email address, phone number, company name, job title, and professional role within the multifamily industry
• Property Information: Property names, addresses, amenity details, and community descriptions you input for content generation
• Content & Communications: Text, images, documents, and other content you submit to our AI tools; support inquiries and correspondence
• Brand Voice Settings: Customized brand guidelines, tone preferences, and communication styles you configure
• Payment Information: Billing details processed through our secure payment providers (we do not store full credit card numbers)

Information Collected Automatically

• Usage Data: Features accessed, AI tools utilized, timestamps, session duration, and interaction patterns
• Device Information: Browser type, operating system, device identifiers, and IP address
• Log Data: Server logs, error reports, and performance metrics
• Cookies & Similar Technologies: Session identifiers, preferences, and authentication tokens

Information from Third-Party Integrations

• Social Media Platforms: Data from Facebook, Instagram, and other connected accounts
• Property Management Systems: Data you authorize us to access from integrated PMS platforms
• AI Service Providers: We may receive metadata related to AI processing from our provider partners

3. How We Use Your Information

All data processing is conducted in accordance with applicable laws, including GDPR, CCPA, and Meta Platform Terms.

4. Sharing & Disclosure

We may share information only in the following limited circumstances:

• AI Service Providers: Data is transmitted to our AI partners (OpenAI, Anthropic, Google, HeyGen, Synthesia, ElevenLabs, and others) solely for processing your requests. All providers are contractually bound to data protection obligations.
• Infrastructure Providers: Cloud hosting (Microsoft Azure), security services, and technical infrastructure necessary to operate our platform.
• Professional Services: Auditors, legal counsel, and consultants bound by confidentiality agreements.
• Legal Requirements: When required by law, court order, or government authority, or to protect rights, safety, or property.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

5. AI Data Processing

mPro Digital Edge integrates with multiple AI providers to deliver our services. Understanding how your data is processed by AI systems is important:

How AI Processing Works

• Input Processing: Content you submit is transmitted to appropriate AI providers based on the tool you're using
• No Model Training: Your content is NOT used to train AI models. We use enterprise API agreements that explicitly prohibit training on customer data.
• Transient Processing: AI providers process your requests in real-time and do not retain your content after generating outputs
• Output Monitoring: Generated content passes through our Fair Housing compliance filters before delivery

AI Provider Categories

6. Security Measures

We implement comprehensive security controls aligned with SOC 2 Trust Service Criteria:

Technical Safeguards

• Encryption in Transit: TLS 1.2+ for all data transmission; HTTPS enforced across all endpoints
• Encryption at Rest: AES-256 encryption for stored data in our Azure infrastructure
• Access Controls: Role-based access control (RBAC), principle of least privilege, multi-factor authentication
• Network Security: Firewalls, intrusion detection systems, DDoS protection, and network segmentation

Application Security

• Authentication: Bcrypt password hashing, optional SAML SSO for enterprise customers
• CSRF Protection: Framework-level tokens for all form submissions
• SQL Injection Prevention: Parameterized queries and input validation throughout
• Session Management: Secure session tokens with configurable timeout (default: 2 hours)

Operational Security

• Monitoring: 24/7 system monitoring, automated alerting, and anomaly detection
• Vulnerability Management: Regular security assessments, penetration testing, and patch management
• Employee Training: Security awareness training for all personnel; background checks for employees with data access
• Vendor Management: Security assessments for all third-party providers; Data Processing Agreements in place

7. Data Retention & Disposal

We retain personal data only as long as necessary for the purposes described in this policy or as required by law:

Upon account deletion, personal data is removed from live systems immediately. Backup copies are purged within 30 days.

8. Cookies & Tracking Technologies

Cookies We Use

Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain platform features. We honor Do Not Track browser signals for non-essential tracking.

9. Your Privacy Rights

Depending on your location, you may have the following rights under GDPR, CCPA, and other privacy laws:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Restrict Processing: Request limitation of how we process your data
• Object: Object to processing based on legitimate interests

Exercising Your Rights

To exercise any of these rights, contact us at Info@mProDigitalEdge.com with subject line "Privacy Rights Request." We will verify your identity and respond within 30 days (or as required by applicable law).

Right to Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to lodge a complaint with your local data protection authority.

10. Facebook & Social Media Platform Data

When you connect your Facebook or Instagram accounts, you authorize us to collect the specific fields and scopes you approve:

Permissions We May Request

• Basic Profile: Name, email, profile picture
• pages_show_list: List of Facebook Pages you manage
• pages_manage_posts: Create, edit, and delete posts on your Pages
• pages_read_engagement: Engagement metrics (reactions, comments, shares)
• read_insights: Page and post analytics (reach, impressions, clicks)
• business_management: Manage Business Manager assets you own
• instagram_basic: Basic Instagram Business Account profile
• instagram_content_publish: Publish posts and Reels on your behalf

How We Use Social Media Data

• Display and manage your Pages and accounts within our dashboard
• Schedule, publish, and edit content on your behalf
• Provide detailed insights and analytics for performance measurement
• Authenticate and personalize your experience

You can revoke permissions at any time in your Facebook account's Settings → Business Integrations or within our platform settings. This policy does not supersede Meta's Platform Terms or Facebook's Data Policy.

11. Security Incident Response

We maintain a comprehensive incident response program aligned with SOC 2 requirements:

Our Incident Response Process

1. Detection & Analysis: Continuous monitoring systems detect potential security events; our security team analyzes and classifies incidents
2. Containment: Immediate steps to limit impact and prevent further unauthorized access
3. Investigation: Thorough investigation to determine scope, cause, and affected data
4. Notification: Affected individuals and relevant authorities notified as required by law
5. Recovery: Systems restored to secure operation with enhanced safeguards
6. Post-Incident Review: Analysis and documentation to prevent recurrence

Reporting Security Concerns

If you discover a potential security vulnerability or have concerns about data security, please report it immediately to Info@mProDigitalEdge.com with subject line "Security Concern."

12. Data Deletion Requests

You maintain control over your data. When you delete your account or specific content, we take immediate action:

Account Deletion

All personal profile information, posts, generated content, comments, and uploaded media are removed from live systems immediately upon deletion confirmation.

Individual Content Deletion

Specific posts, documents, or other content and related metadata are purged immediately upon deletion.

Assistance with Deletion

If you believe any data remains after deletion or need assistance:

1. Email us at Info@mProDigitalEdge.com with subject "Data Deletion Assistance"
2. Include your username and registered email address
3. We will investigate and confirm complete removal within 5 business days

Note: For compliance and fraud prevention, we retain anonymized logs that contain no personally identifiable information. These logs are automatically purged after 30 days.

13. Subprocessors & Third-Party Services

We engage trusted third-party service providers (subprocessors) to help deliver our services. All subprocessors are contractually bound to data protection obligations equivalent to this policy.

A complete list of subprocessors is available to enterprise customers upon request.

14. International Data Transfers

mPro Digital Edge is headquartered in the United States. If you access our services from outside the United States, your data will be transferred to and processed in the United States.

Transfer Mechanisms

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs): EU-approved contractual safeguards with our subprocessors
• Supplementary Measures: Technical and organizational measures to ensure adequate protection
• Data Protection Agreements: Contractual commitments from all AI and service providers

By using our services, you consent to the transfer of your information to the United States and other countries that may have different data protection rules than your country.

15. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors.

How We Notify You

• Minor Changes: Updated policy posted here with new "Last Updated" date
• Material Changes: Email notification to registered users at least 30 days before changes take effect
• In-App Notice: Prominent notification within the platform for significant updates

Your continued use of our services after changes become effective constitutes acceptance of the revised policy.

16. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your data, please contact us:

This Privacy Policy was last reviewed for SOC 2 compliance on July 13, 2025.