SLIM — Privacy Policy
Effective Date: February 6, 2026
Last Updated: February 6, 2026
Who We Are
SLIM is operated by 2195992 Ontario Inc. (“Company,” “we,” “us,” “our”), located at 10200 Yonge St, Unit 101, Richmond Hill, ON L4C 3P3, Canada. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use SLIM (the “Service”) at getslim.app.
1. Information We Collect
Information you provide directly:
- Account information: First name, last name, email address, password (stored as a secure hash — we never store your actual password), phone number (optional)
- Team information: Team name, brokerage name (optional)
- Lockbox data: Lockbox IDs, codes (encrypted — see Section 5), status, addresses, photos, closing dates, notes, and tags
- Billing information: Payment details are collected and processed by Stripe. We do not store your credit card number, CVC, or full card details on our servers. We receive only a tokenized reference, card type, last four digits, and billing address from Stripe.
- Communications: Any emails or messages you send to us at support@getslim.app
Information collected automatically:
- Usage data: Pages visited, features used, actions taken within the Service (e.g., lockbox created, code viewed, status changed). These are logged in your audit trail and in our system analytics.
- Device and browser information: Browser type, operating system, screen resolution, and device type
- IP address: Collected during login and when using the Service. Used for security (login attempt tracking, account lockout) and approximate geolocation.
- Cookies: We use essential cookies to maintain your login session. See Section 7 for details.
Information from third-party services:
- Stripe: Payment status, subscription details, and billing events (e.g., payment succeeded, payment failed)
- Google Maps API: When you use address autocomplete during lockbox installation, the address you enter is sent to Google for matching. We do not send your lockbox codes or other data to Google.
- Resend: We use Resend as our email delivery provider. Your email address and name are shared with Resend to send transactional and notification emails. Resend may collect delivery metadata (whether an email was opened or clicked).
2. How We Use Your Information
We use your information to: provide the Service (manage your account, track lockbox inventory, send notifications, process payments, and deliver the features you signed up for); communicate with you (send transactional emails, notification emails, and service announcements); maintain security (detect and prevent unauthorized access, monitor for suspicious login activity, enforce account lockout after failed attempts); improve the Service (understand how the Service is used to fix bugs, improve features, and develop new functionality); provide support (respond to your questions and help troubleshoot issues).
We do not use your information to: sell or rent your data to third parties; send marketing emails for third-party products; build advertising profiles; share your lockbox codes with anyone (including our own staff).
3. How We Share Your Information
We share your information only in the following limited circumstances:
Service providers:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, name, payment details, billing address |
| Supabase | Database hosting | All account and lockbox data (encrypted at rest) |
| Vercel | Application hosting | Request data, IP addresses |
| Resend | Email delivery | Email address, name, email content |
| Google Maps | Address autocomplete | Addresses entered during installation |
| hCaptcha | Bot protection | IP address, browser information (during CAPTCHA challenges) |
Within your team. If you are part of a team account, other authorized team members can see lockbox data, activity, and status updates according to their role permissions.
Legal requirements. We may disclose your information if required by law, court order, or government request.
Business transfer. If 2195992 Ontario Inc. is acquired, merged, or sells substantially all its assets, your data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.
We do not share your data with advertisers, data brokers, or any party for marketing purposes.
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Active account data | Retained while your account is active |
| Data after cancellation/trial expiry | 90 days in read-only mode, then permanently deleted |
| Audit logs | Retained indefinitely in anonymized form |
| Lockbox records | Deleted with account data |
| Payment records | Retained as required by tax and accounting laws (typically 7 years) |
| Error logs | 90 days |
| Email delivery logs | 12 months |
5. Security
We take the security of your data seriously, particularly property addresses and lockbox records which relate to physical locations.
No lockbox codes stored. SLIM does not store lockbox access codes. Your codes remain on the physical lockbox only.
Data isolation. Your data is isolated from all other accounts using database-level Row Level Security (RLS) policies. No other team or user can access your data.
Authentication security. Passwords are hashed using bcrypt. After 3 failed login attempts, CAPTCHA verification is required. After 5 failed attempts, the account is locked for 15 minutes. All sessions use secure, HTTP-only cookies.
Encryption in transit. All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
Infrastructure. The Service is hosted on Vercel (application) and Supabase (database), both of which provide enterprise-grade security, automatic SSL, encrypted storage, and regular security updates.
6. Your Rights
For all users: Access (view your account information within the Service at any time); Correction (update your account information from your settings page); Export (export your lockbox data and audit logs from the Service); Deletion (request deletion of your account and data by emailing support@getslim.app — we will process within 30 days); Withdraw consent (opt out of non-essential emails from your notification settings).
For Canadian users (PIPEDA): You have the right to access, correct, and challenge the accuracy of your personal information held by us. To make a request, email support@getslim.app. We will respond within 30 days.
For California users (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, email support@getslim.app.
For users in the European Economic Area (GDPR): If you are located in the EEA, you have additional rights including the right to data portability, the right to restrict processing, and the right to lodge a complaint with your local data protection authority. Our lawful basis for processing is contractual necessity and legitimate interest. To exercise your rights, email support@getslim.app.
7. Cookies
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
slim_token | Maintains your login session | Essential | Session / 30 days (if “Remember me” selected) |
slim_admin_token | Admin backend login session | Essential | Session |
slim_cookie_consent | Stores your cookie consent preference | Essential | Persistent (localStorage) |
_ga, _ga_* | Google Analytics 4 — measures site traffic and usage patterns | Analytics (opt-in) | Up to 2 years |
_fbp | Meta Pixel — measures effectiveness of marketing campaigns | Analytics (opt-in) | 90 days |
_clck, _clsk | Microsoft Clarity — records anonymized session replays to improve UX | Analytics (opt-in) | Up to 1 year |
Essential cookies are required for the Service to function. They cannot be disabled.
Analytics cookies. We use Google Analytics 4, Meta Pixel, and Microsoft Clarity to understand how the Service is used and to improve our marketing. These analytics tools are only loaded after you explicitly consent by clicking “Accept” on our cookie banner. No analytics cookies are set until you opt in.
You can withdraw your consent at any time by clicking “Cookie Settings” in the footer of any page and selecting “Decline.” This will prevent analytics cookies from being set on future page loads. You may also clear existing analytics cookies through your browser settings.
We do not use cookies for advertising or cross-site tracking.
8. Email Communications
Transactional emails (cannot be unsubscribed): Welcome and email verification, Password reset, Payment receipts and billing alerts, Team invitations.
Notification emails (can be customized or turned off): Lockbox overdue alerts, Trial expiration reminders, Plan limit warnings, Daily digest summaries.
You can manage your email preferences from Dashboard > Settings > Notifications, or by clicking the unsubscribe link in any notification email.
9. Children’s Privacy
SLIM is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.
10. International Data Transfers
SLIM’s servers are located in the United States and Canada. If you are accessing the Service from outside these countries, your data will be transferred to and processed in the US and/or Canada. By using the Service, you consent to this transfer.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 14 days before the changes take effect.
12. Contact Us
2195992 Ontario Inc.
Operating as SLIM
10200 Yonge St, Unit 101
Richmond Hill, ON L4C 3P3
Canada
Email: support@getslim.app