Privacy Policy

Last updated: June 26, 2025

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You. We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

• “Application” means the software program provided by the Company downloaded by You on any electronic device, named The Grata App
• “Application Store” means the digital distribution service operated and developed by Apple Inc. (Apple App Store) or Google Inc. (Google Play Store) in which the Application has been downloaded.
• “Affiliate” means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
• “Country” refers to: Canada
• “Company” (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Grata Technologies Inc., Suite 1702, 88 Cumberland St Toronto, ON M5R 1B9.
• “Device” means any device that can access the Service such as a computer, a cell phone or a digital tablet.
• “Service” refers to the Companies Application and/or Website
• “Terms and Conditions” (also referred as “Terms”) mean these Terms and Conditions that form the entire agreement between You and the Company regarding the use of the Service.
• “Third-Party” means any services or content (including data, information, products or services) provided by a third-party that may be displayed, included or made available by the Service.
• “Website” refers to Grata Technologies Inc, accessible from https://grata.life/
• “You” means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You.

Account Setup Data:

While setting up for Your account, we may ask you to provide certain personally identifiable information to enable setup, secure access, and full functionality. Such data includes, but is not limited to:

• Full Name – to identify you within the system
• Email Address – for login, verification, and notifications
• Unit Number – to link your access credentials to the correct property and lock

Information Collected While Using the Application:

While using Our Application, in order to provide features of Our Application, We may collect:

• Location data
• Diagnostic and performance data
• Operational and Behavioral Data
• Cookies
• Usage Data

Location Data:

With your Prior permission, the Application may access certain location-related information from your device. This data is used to support functionality that may depend on general or approximate location, such as enabling access features, improving service performance, or supporting property-specific configurations. Location data is never collected without your consent and can be disabled at any time.

Diagnostic and Performance Data:

Includes crash logs, app version, mobile OS details, error messages, system load times, device-level access logs, and performance metrics such as time-to-unlock, sensor responsiveness, and smart device uptime. This information helps us improve app reliability, optimize system performance, and support hardware compatibility.

Operational and Behavioral Data:

We may collect anonymized or aggregated data on how residents, guests, and staff interact with Grata-powered buildings. This includes but not limited to data such as amenity booking information, maintenance ticket information, smart lock information, parking information. These insights might be used by Your property managers to make informed decisions, improve operational efficiency, and enhance resident experiences. No operational or behavioral data is used to personally profile users, and all such data is either anonymized at the source or reported at an aggregate level.

Operational and behavioral data is typically anonymized at the source or reported in aggregate form. However, in limited circumstances—such as when needed to investigate a building-level issue, fulfill a service request, or respond to a safety concern, certain data points may be accessible in a form that is not anonymized. In such cases, access is restricted to authorized personnel and used solely for operational, safety, compliance purposes, or legal purposes.

We use this information to provide features of Our Service, to improve and customize Our Service. The information may be uploaded to the Company’s servers and/or a Service Provider’s server or it may be simply stored on Your device.

You can enable or disable access to this information at any time, by contacting Info@grata.life.

Tracking Technologies and Cookies:

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

• Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of Our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
• Flash Cookies. Certain features of Our Service may use local stored objects (or Flash Cookies) to collect and store information about Your preferences or Your activity on Our Service. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies. For more information on how You can delete Flash Cookies, please read “Where can I change the settings for disabling, or deleting local shared objects?” available at https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html#main_Where_can_I_change_the_settings_for_disabling__or_deleting_local_shared_objects_
• Web Beacons. Certain sections of Our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. Learn more about cookies: What Are Cookies?.

We use both Session and Persistent Cookies for the purposes set out below:

Type: Session Cookies

Administered by: Us

Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

• Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

• Functionality Cookies

Tracking Technologies and Cookies are generally used for:

• To provide and maintain Our Service, including to monitor the usage of Our Service.
• To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
• For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
• To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
• To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
• To manage Your requests: To attend and manage Your requests to Us.
• For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about Our Service users is among the assets transferred.
• For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve Our Service, products, services, marketing and your experience

Managing Cookie and Tracking Preferences:

You can manage or disable cookies through your browser settings. Most browsers allow you to block or delete cookies and set preferences for when cookies are stored. Please note that disabling essential cookies may impact certain functionalities of the Grata App. For more details on how we use cookies, please refer to the “Cookies and Tracking Technologies” section.

Usage data:

Usage data is collected automatically when you use the Service.

This may include:

• Device information: IP address, operating system, device type, browser type and version, unique device identifiers
• Usage activity: Pages visited, time and date of access, time spent on pages, in-app navigation, interaction patterns
• Mobile-specific data (if using a mobile device): Mobile OS version, device model, mobile browser type, app version, crash data, and performance logs

This information helps us support essential app functionality, analyze performance across devices, maintain system reliability, and identify technical issues. Usage data is never used to personally profile individuals.

Access and Deletion of Your Data:

You have the right to request access to the personal data we have collected about You. Upon verification of your identity, we will provide a summary of the information we hold.

You may also request that the Company deletes Your personal data from Our systems. We will comply with such requests unless retention is required by law, for legitimate operational purposes, or to resolve disputes and enforce agreements.

Please note: Some features of the Grata App may rely on specific data to function properly (e.g., access credentials, smart device settings, or usage preferences). Deleting your personal data may result in limited functionality or loss of access to certain services.

To request access or deletion, contact us at info@grata.life. We will respond to all verified requests within the timeframes and rules required by applicable privacy laws in the country the Company is headquartered.

Retention of Your Personal Data

The Company retains Your Personal Data for as long as Your account remains active or for the duration necessary to fulfill the purposes outlined in this Privacy Policy. This includes compliance with applicable legal requirements, resolution of disputes, and enforcement of agreements or policies

Operational data, such as smart lock activity logs, access records, maintenance requests, usage analytics, and related diagnostic data, will generally be retained indefinitely. This extended retention supports ongoing operational management, performance analytics, security audits, and continuous service improvement.

If You have questions or concerns regarding data retention, please contact us directly at info@grata.life.

Use of Automated Processing

Certain features of the Grata App may use automated processing of data including but not limited to: HVAC usage information, or leak detection events, automated processing is exclusively used to enable real-time alerts, prioritize safety-related actions, or support building operations. This automation is used exclusively for functional, operational, or security purposes and does not involve profiling or decision-making that has legal or significant personal effects.

Data Sharing

We may share Your personal information in the following situations:

• To provide and maintain Our Service, including to monitor the usage of Our Service.
• With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of Our Service, to contact You.
• For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
• With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
• With Third-Party advertisers: If you opt in to Grata Plus, a resident marketplace that provides exclusive Third-Party offers, your basic information (such as name and contact details) may be shared with select partners, including Telus, to facilitate exclusive and discounted offers.

  The third party data collection and use process is as follows:

  1. Your data will only be shared if you opt in.
  2. By opting in, you explicitly agree that Telus and other Third-Party providers may contact you directly via phone, SMS, or email regarding offers.
  3. You may revoke your consent at any time by updating your settings.
  4. The Company is not responsible for how Third-Parties handle your data once shared.
• With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If You interact with other users or register through a Third-Party Social Media Service, Your contacts on the Third-Party Social Media Service may see Your name, profile, pictures and description of Your activity. Similarly, other users will be able to view descriptions of Your activity, communicate with You and view Your profile.
• With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Transfer of Your Personal Data:

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to, and maintained on, computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from Your jurisdiction. Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer. The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Business Transactions:

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy. In such cases, the Company will take reasonable steps to ensure the receiving party honors the commitments we have made in this Privacy Policy or provides you with notice of material changes and your available choices.

Third-party Data Processing and Protection:

When your personal information is shared with Third-Party service providers or vendors, we will make Our best reasonable efforts to ensure they handle Your personal information securely and responsibly, in line with applicable privacy laws in your given jurisdiction. While we cannot guarantee Third-Party practices, we actively seek to engage with trusted providers, encourage best practices, and attempt to verify their compliance with industry-standard privacy and security measures.

Law enforcement:

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a law enforcement agency).

Other legal requirements:

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of Users of the Service or the public
• Protect against legal liability

Security of Your Personal Data:

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Grata applies industry-standard anonymization techniques, including removal of identifiers and data obfuscation. We ensure that anonymized data cannot be reasonably re-linked to individuals. Aggregated, anonymized data, such as amenity usage trends, lock access patterns, or maintenance ticket frequencies, may be used to power operational benchmarks, or anonymized analytics dashboards. We will never sell or share personally identifiable information. Users may opt out of anonymized data use by contacting us at Info@grata.life.

Breach Notification:

In the event of a data breach that poses a real risk of significant harm, we will notify affected individuals and the appropriate privacy authorities as required by law.

Children’s Privacy & Parental Consent

Our Service and related services are intended for use by individuals aged 18 and older. If you are under 18, you may only use the Grata App with the express consent and/or supervision of a parent or legal guardian. We do not knowingly collect personal data from children under 13 without verifiable parental consent. If you are under the age of 13, you may only use the Grata App or associated services with the express consent and/or supervision of a parent or legal guardian. If we learn that we have collected personal information from a child under 13 without parental consent, we will delete that data as quickly as possible. Parents or guardians who believe that their child has provided us with personal information may contact us at Info@grata.life to review or delete the information.

For residents of certain jurisdictions where the minimum age of consent is higher (e.g., 14 in Quebec), we will comply with the applicable legal age requirements and may request additional verification before processing any personal data.

Third-Party Services and External Links

Third-Party Tools and Services:

The Grata App may integrate with or provide access to Third-Party tools, hardware, and services, including but not limited to smart locks, HVAC systems, leak detectors, internet, or providers. These Third-party providers operate independently and are governed by their own terms of use and privacy policies.

We do not control, and are not responsible for, the content, functionality, accuracy, availability, or privacy practices of any Third-party services. Your use of these services may be subject to additional terms and conditions or require separate user agreements. We recommend reviewing the policies of any Third-party providers you engage with through our platform.

Links to Other Websites:

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Our Service may contain links to other websites that are not operated by Us. If you click on a Third-Party link, you will be directed to that Third-Party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

Smart Device Usage

Smart Locks:

When a smart lock is operated it will capture usage information that includes the date and time the door is locked or unlocked and the user ID of the person performing the action. This information is captured whether using the Grata app or the physical PIN pad. Smart lock usage data, including access logs and activity timestamps, usage data may be used to support operational analytics, resident engagement insights, and building security reports. This data is essential to ensure the proper functioning of the app’s door access features, including unlocking, user permissions, and audit history. All personal identifiers are removed prior to use unless explicitly authorized by the user or required for compliance, security, or operational purposes.

HVAC:

When a connected HVAC system is active, it will capture performance data including the date and time of operation, temperature setpoints, runtime durations, system status changes, and fault alerts. This information is captured automatically whether initiated through the Grata App or directly on the thermostat.

HVAC data, including system activity and usage metrics, is made available within the Grata App to help residents manage their indoor environment, monitor comfort levels, and view equipment status. In certain cases, such as when a fault is reported or abnormal usage is detected, this data may also be accessible to authorized property managers to support diagnostics or coordinate timely maintenance. All personal identifiers are removed prior to any broader usage unless explicitly authorized by the user or required for compliance, safety, or building operations.

Leak Detection:

When a connected leak detection sensor identifies water or abnormal moisture conditions, it will capture event data including the date and time of detection, sensor zone, and system response logs. This data is recorded whether triggered via the Grata App or directly through the sensor hardware. This information is necessary to ensure the leak alert functionality within the app works correctly, including notifications, response tracking, and system status updates. Leak detection data is made accessible within the Grata App to alert residents of potential water issues and allow for timely self-awareness and action. In certain situations—such as when a leak persists, triggers repeated alerts, or poses building-wide risk—authorized property managers may also access relevant sensor data to coordinate emergency response or initiate repairs. All personal identifiers are removed prior to any broader usage unless explicitly authorized by the user or required for safety, compliance, or operational response.

Choice

You may choose not to activate your Grata user account and refrain from using the Grata app for the purposes described above, however, In certain cases, your property manager or building operator may require the use of Our Application for core building services such as access control, HVAC, leak detection, payment processing, maintenance ticketing, amenity bookings, or visitor access management. These service mandates are determined solely by your building or property management team—not by the Company.

Grata provides the underlying platform but does not determine building-level policy regarding service requirements or resident participation. For questions about mandatory use of Grata services in your building, please contact your property manager directly.

Advertisements

Within a dedicated space of the Grata App advertisements are presented. Those advertisements are based on app usage data in combination with user-submitted profile information and building location. You are not required to view or click on advertisements as a condition of service. Advertisements are fully managed by Grata.

Accessibility

If you require these Terms in an alternate format due to a disability, please contact us at info@grata.life.

Residents' Rights Section

As a user or resident utilizing the Our Application and associated services, you have specific rights regarding the handling of your personal data

• Right to Rectification: You have the right to request correction or updating of your personal information to ensure accuracy and completeness.
• Right to Withdraw Consent: You may withdraw your consent for data collection, processing, or sharing at any time without affecting the lawfulness of processing based on prior consent. Note, however, withdrawing consent may limit certain functionalities of Our Application or related services.
• Right to Opt Out of Third-Party Advertising and Marketing You may opt out of non-essential third-party advertising or promotional messages sent through Our Service. This includes targeted advertising or sponsored content, where applicable. You can manage these preferences via app settings or by contacting info@grata.life.
• Right to Object or Restrict Processing: You can request us to restrict or limit the use of your personal data under certain conditions, such as disputing data accuracy or objecting to processing based on legitimate interests.
• Right to Non-Discrimination: Exercising your data rights will not result in discriminatory treatment. However, certain features of Our Application or services may require specific data to function and could be unavailable if consent is withdrawn.

To exercise any of these rights or for further clarification about them, please contact us directly at info@grata.life. We will promptly address your requests in compliance with applicable laws and regulations in the country of origin.

Changes to this Privacy Policy

We reserve the right to update Our Privacy Policy at any time. We will notify You of any changes by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

• By mail: Suite 1702, 88 Cumberland St Toronto, ON M5R 1B9
• By email: info@grata.life