Privacy Policy

DoorLinq Property Management Inc. – Website & Portal Privacy Policy

Last updated: 11 June 2025

We at DoorLinq Property Management respect your privacy. This Privacy Policy explains how we collect, use, share, and protect the personal information you provide to us when you access our website, purchase our goods or services, or engage with us on social media, as well as your rights regarding that information.


Please read this Privacy Policy carefully. We will alert you to any changes by updating the “last updated” date above. Any revisions become effective immediately upon publication on our Site, and you waive specific notice by continuing to use and access our Site(s). We encourage you to review this Policy periodically. Your continued use of our Site after a revised Policy is posted constitutes acceptance of the changes.


DoorLinq Property Management Inc. ("DoorLinq", "we", "our", or "us") is committed to protecting the privacy of individuals who interact with us. This Privacy Policy sets out how we collect, use, disclose, and safeguard Personal Information when you:

  • visit doorlinq.ca or any sub‑domain (the "Site");
  • use our owner and tenant portals powered by DoorLoop (the "Portals");
  • follow or engage with our social‑media pages; or
  • communicate with us by email, phone, text, or in person.

By accessing the Site or Portals, you acknowledge that you have read and understood this Policy. If you do not agree, please do not use our services or provide Personal Information.

Legal Framework

This Policy complies with, and should be interpreted under, the following legislation and guidance:

  • Personal Information Protection and Electronic Documents Act, SC 2000, c 5 (PIPEDA);
  • Residential Tenancies Act, 2006, SO 2006, c 17 (RTA) and related Landlord & Tenant Board (LTB) directives;
  • Consumer Protection Act, 2002 (Ontario) where applicable to real‑estate services;
  • Canada’s Anti‑Spam Legislation, SC 2010, c 23 (CASL);
  • Digital Privacy Act (breach notification amendments to PIPEDA);
  • Any substantially similar provincial laws and, where relevant, the General Data Protection Regulation (GDPR) for users in the European Economic Area and the California Consumer Privacy Act (CCPA) for California residents.

If a conflict arises between this Policy and applicable privacy legislation, the legislation prevails.


What Is “Personal Information”?

"Personal Information" means information about an identifiable individual as defined in PIPEDA. This includes information such as name, contact details, government‑issued identifiers, financial data, and any other data that can reasonably be linked to you.


How We Collect Personal Information

We collect information:

  • Directly from you – through forms, applications, maintenance requests, email, phone, or in‑person conversations.
  • Automatically – via cookies, server logs, and similar technologies that record device and usage data (IP address, browser type, access times, pages viewed, referring URLs, and Portal actions).
  • From third parties – credit bureaus, identification‑verification services, payment processors, analytics providers, advertising partners, and social‑media platforms (when you interact using those services).
  • From public sources – government registries, court records, and real‑property databases, where lawful.

We limit collection to what is reasonably necessary for the purposes identified in Section 5.


Purposes for Collection & Use

We use Personal Information to:

  • provide, operate, and improve our Site, Portals, and property‑management services;
  • verify identity and assess tenancy or vendor applications (including credit, background, and reference checks);
  • negotiate, enter into, and administer leases and service agreements;
  • collect and process rent and other payments;
  • communicate with owners, tenants, applicants, and service providers, including sending CASL‑compliant marketing (you may withdraw consent at any time – see § 12);
  • respond to inquiries, maintenance requests, and customer‑service issues;
  • comply with the RTA (e.g., providing tenant names to owners or vice versa, serving statutory notices);
  • protect our rights, property, and the safety of owners, tenants, and the public;
  • detect, prevent, and remediate fraud, error, or security incidents;
  • generate aggregated, de‑identified analytics for business planning; and
  • meet legal, accounting, insurance, and regulatory requirements.

Under the GDPR, DoorLinq relies on the following legal bases: performance of a contract, legal obligation, legitimate interests, protection of vital interests, and, where required, consent.


Disclosure of Personal Information

DoorLinq does not sell or rent Personal Information. We may disclose it:

  • Service Providers – to trusted third parties who perform services on our behalf (e.g., DoorLoop software, cloud hosting, payment processors, screening agencies, email delivery). They are bound by contractual confidentiality and security obligations.
  • Landlords, Co‑Owners, Tenants, or Guarantors – where disclosure is necessary to manage the property, comply with the RTA, or facilitate lease negotiations.
  • Legal & Regulatory Authorities – to satisfy subpoenas, court orders, CRA audits, LTB hearings, or other lawful requests.
  • Business Transactions – in connection with a merger, acquisition, financing, or sale of DoorLinq assets, provided the recipient agrees to safeguard the data.
  • With Consent – for any other purpose you authorize.


Cross‑Border Transfers

DoorLinq and some of our service providers operate in the United States and other jurisdictions. Where Personal Information is transferred outside Canada, it is subject to the laws of the foreign jurisdiction but remains protected by contractual safeguards (e.g., standard contractual clauses).


Cookies & Tracking Technologies

We use first‑party and third‑party cookies, pixel tags, and local storage to:

  • maintain Portal sessions and remember your settings;
  • analyse traffic and usage trends;
  • deliver relevant advertisements; and
  • improve Site performance.

You can manage cookies through your browser settings; however, disabling cookies may affect Site functionality.


Security Measures

DoorLinq employs administrative, technical, and physical measures designed to protect Personal Information, including:

  • TLS encryption in transit and encryption at rest for sensitive fields;
  • role‑based access controls and multi‑factor authentication for staff accounts;
  • secure disposal and shredding policies;
  • regular vulnerability assessments and audits; and
  • staff training on privacy and information‑security best practices.

While we endeavour to use industry‑standard safeguards, no method of transmission or storage is 100% secure.


Breach Notification

In the event of a data breach that poses a real risk of significant harm (as defined in PIPEDA), DoorLinq will:

  1. Notify the Office of the Privacy Commissioner of Canada and, where required, the Information and Privacy Commissioner of Ontario;
  2. Alert affected individuals as soon as feasible, describing the breach, the information involved, and steps they can take to protect themselves; and
  3. Keep records of all breaches in accordance with federal regulations.


Data Retention & Destruction

DoorLinq retains Personal Information only as long as necessary to fulfill the purposes in § 5 or as required by law (e.g., CRA seven‑year rule, RTA limitation periods). When information is no longer needed, it is securely destroyed or irreversibly anonymized.


Your Rights & Choices

  • Access & Correction – You may request access to or correction of your Personal Information by contacting our Privacy Officer.
  • Withdrawal of Consent – Where we process information based on consent (e.g., marketing emails), you may withdraw consent at any time via the unsubscribe link or by contacting us. Withdrawal does not affect processing based on other lawful grounds.
  • Opt‑Out of Marketing – All commercial emails include an unsubscribe mechanism compliant with CASL. You may also adjust Portal preferences to suppress non‑essential notifications.
  • Additional Rights – Depending on your jurisdiction, you may have rights to data portability, deletion, or objection to certain processing. We will honour these rights as required by law.
  • We respond to privacy requests within 30 days (PIPEDA standard) unless an extension is permitted.


Children’s Privacy

Our services are not directed to children under 16, and we do not knowingly collect their Personal Information. If we discover such a collection, we will delete the information promptly.


Updates to This Policy

We may revise this Policy to reflect changes in law or our practices. The "last updated" date will change accordingly. Material changes will be highlighted on our Site or communicated directly where feasible.

This is paragraph text. Click it or hit the Manage Text button to change the font, color, size, format, and more. To set up site-wide paragraph and title styles, go to Site Theme.