Data Privacy Policy

Spivey Systems Inc. ("we", "us", "our") operates as a critical infrastructure provider for the property management sector. This Privacy Policy describes how we process, store, and protect data transmitted through the Spivey Utility Core platform.

1. Information We Collect (Data Processor Role)

We act primarily as a Data Processor on behalf of Property Management Companies (Data Controllers). We process the following categories of data strictly for the generation and dispatch of utility bills:

• Tenant Contact Data: Names and verified email addresses synchronized via API.
• Utility Usage Data: Meter readings (water, gas, electricity) required for invoice calculation.
• Technical Metadata: IP addresses, timestamp logs of email delivery, and open/click events for compliance auditing.

2. Infrastructure & Sub-Processors

To ensure 99.999% uptime and reliable delivery of emergency alerts, we utilize enterprise-grade cloud infrastructure. We may share data with trusted third-party service providers solely for the purpose of:

• Hosting & Computation: Secure cloud environment provisioning and database management.
• Message Transport: Enterprise SMTP relay services for transactional notification dispatch.

All sub-processors are bound by strict Data Processing Agreements (DPAs) and are prohibited from using tenant data for their own marketing or indexing purposes.

3. Data Retention and Redaction

We retain tenant billing data only as long as necessary to fulfill legal and accounting obligations. Upon termination of a lease agreement (as signaled by the Property Management System API), our systems initiate a 90-day redaction protocol, purging Personally Identifiable Information (PII) from our active databases.

4. Security Measures

We implement robust security measures to protect your data, including:

• Encryption: Data is encrypted in transit using TLS 1.3 and at rest using AES-256 standards.
• Access Control: Strict Role-Based Access Control (RBAC) limits data access to authorized personnel only.
• Audits: Regular SOC 2 Type II audits to verify our security posture.

5. Your Privacy Rights

If you are a tenant receiving utility bills through our system and wish to exercise your "Right to Know" or "Right to be Forgotten", please submit your request directly to your Property Management Company (your landlord). As a Data Processor, we will promptly execute any authorized redaction commands received from the Data Controller.