Privacy Policy

We may collect the following categories of information when you visit our website, use ComplianceTracker, or communicate with us.

• Account information — name, email address, organization, role, login credentials, and identity provider details.
• Business and compliance information entered into the platform — shopping center records, tenant company records, tenant locations, inspection requirements, occurrences, verification records, provider information, uploaded documents, review notes, notification records, job records, and audit log activity.
• Technical information — IP address, browser type, device information, operating system, pages visited, timestamps, session information, authentication events, and diagnostic logs.
• Communications information — when you contact us, request access, submit support requests, or communicate with our team.

We use information to provide, operate, secure, and improve ComplianceTracker. Specific uses include:

• Authenticating users and managing accounts.
• Enforcing role-based access controls and displaying dashboards.
• Tracking compliance work, supporting verification reviews, sending notifications, generating reports, exporting records, monitoring operational jobs, and maintaining audit history.
• Responding to support requests, troubleshooting issues, and preventing misuse.
• Complying with legal obligations and communicating important service updates.

Business data entered into ComplianceTracker belongs to the organization or customer that controls the account. We process that data to provide the service and in accordance with the customer's instructions, applicable agreements, and applicable law.

Authorized users are responsible for ensuring that the information they upload or submit is accurate, lawful, and appropriate for use in the platform.

We do not sell personal information.

We may share information in the following circumstances:

• With service providers that help us operate the platform — including hosting, authentication, email delivery, logging, analytics, and support tools.
• If required by law, legal process, security investigation, enforcement of our agreements, or prevention of fraud or abuse.
• In connection with a merger, acquisition, financing, reorganization, or sale of assets — subject to appropriate protections.

We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, and disclosure. Measures may include access controls, authentication, role-based permissions, encrypted connections, audit logging, operational monitoring, and restricted administrative access.

No system can be guaranteed to be completely secure. Customers and users should protect their login credentials, use secure devices, and promptly report suspected unauthorized access.

We retain information for as long as needed to provide the service, comply with legal obligations, resolve disputes, enforce agreements, support audits, and maintain business records. Retention periods may vary depending on the type of record, customer configuration, contractual requirements, and applicable law.

We may use cookies and similar technologies to support authentication, session management, preferences, security, analytics, and site performance. Users may control cookies through browser settings, but disabling certain cookies may affect login or product functionality.

Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, object to, or receive a copy of certain personal information. Requests may be submitted using the contact information below. We may need to verify your identity or coordinate with the organization that controls your account before completing a request.

Information may be processed in countries other than where you are located. Where required, we use appropriate safeguards for international transfers of personal information.

ComplianceTracker is intended for business use and is not directed to children. We do not knowingly collect personal information from children.

Our website or application may contain links to third-party websites or services. We are not responsible for the privacy practices of third parties and encourage you to review their policies directly.

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and may provide additional notice where appropriate. Continued use of the service after changes become effective constitutes acceptance of the updated policy.