REAM
Home Contact Register Your Estate

Privacy Policy for REAM

Last Updated: June 18, 2026

REAM (Resident Estate Manager) is a mobile and web application designed for association managers to manage resident information, gate passes, visitor tracking, payments, and communication within residential estates. This Privacy Policy applies to both the REAM mobile app and the REAM web platform (estate admin portal, resident portal, and manager portal), and explains how we collect, use, protect, and handle your data across both.

Data Controller: REAM - Resident Estate Manager
Support Email: [email protected]

This Privacy Policy works together with our Terms of Service, which governs your use of the Service - please read both.

1. Data We Collect

Resident Information

  • Name, email address, phone number
  • Residential unit details (building, apartment number)
  • Account status and payment history
  • Profile information provided during registration

Security & Access Data

  • Gate pass requests and approvals
  • Visitor information (name, ID, purpose, date/time)
  • Entry/exit logs and timestamps
  • Security alerts and incident reports

Payment Information

  • Payment transaction history
  • Invoice amounts and dues
  • Payment methods (processed securely, not stored in app)
  • Account balance and payment status

Communication Data

  • Messages between managers and residents
  • Notices and announcements
  • Feedback and support requests

Device & Usage Data

  • Device type, OS version, app version (mobile) or browser type (web)
  • IP address (collected automatically for security and audit logging on every account action - this is not optional, as it is required to maintain security records)
  • Location (only if you explicitly enable location services in the mobile app)
  • App/web usage patterns and features accessed
  • Crash reports and performance data

Session Data (Web Platform)

The REAM web platform uses a session cookie to keep you signed in after login. This cookie is required for the web platform to function and is not used for advertising or cross-site tracking. The cookie is cleared when you log out or when your session expires.

2. How We Use Your Data

We use collected data for:

Core Services:

  • Manage resident accounts and access
  • Process gate passes and visitor approvals
  • Track payments and account balances
  • Maintain security and access logs
  • Send notifications and updates

Communication:

  • Send administrative notices to residents
  • Respond to inquiries and support requests
  • Provide service updates

Security & Compliance:

  • Prevent fraud and unauthorized access
  • Maintain security and safety records
  • Comply with legal obligations
  • Investigate incidents and resolve issues

Improvement:

  • Analyze app performance and usage
  • Fix bugs and improve features
  • Enhance user experience

We do NOT:

  • Sell or share personal data with third parties for marketing
  • Use data for purposes unrelated to estate management
  • Share resident data outside the association without consent

3. Data Sharing & Disclosure

Who Has Access

Within your estate:

  • Owner / Administrators: Full access to resident data, payment records, security logs, and communication for their estate. The Owner (the estate's primary account holder) additionally has exclusive ability to create or remove other Administrator accounts.
  • Officials: Access to financial records, billing, and resident registration for their estate.
  • Estate Support: Limited access for resident registration assistance, select financial tasks, communications, and reporting, as authorized by the estate's Administrators.
  • Security Staff: Limited access to gate passes, visitor logs, and security alerts (if authorized by administrator).
  • Primary Residents: Can view and manage only their own information (account balance, payment history, gate passes) and may register Secondary Residents linked to their account.
  • Secondary Residents (e.g. a family member with their own login): More limited access than a Primary Resident - gate pass requests and communication only. Secondary Residents cannot view or manage payment or billing information, and cannot register additional Secondary Residents.

Across the platform:

  • REAM Platform Managers and Platform Support: REAM staff with platform-level accounts can access estate and resident data across multiple estates, for the purposes of platform administration, onboarding new estates, and providing technical support. Platform Managers additionally have exclusive ability to create or remove other platform-level staff accounts. Platform-level access is logged and restricted to REAM staff who require it to operate the service.

Administrator Responsibilities

Administrators are responsible for:

  • Protecting resident data entrusted to them
  • Using data only for legitimate estate management purposes
  • Maintaining confidentiality of resident information
  • Complying with this Privacy Policy and local laws
  • Reporting any unauthorized access or data breaches
  • Ensuring only authorized staff access resident data
  • Not sharing resident data with external parties without consent

Administrators must NOT:

  • Share resident data with unauthorized persons
  • Use resident information for personal gain
  • Disclose payment information, health data, or sensitive details
  • Use data for marketing or commercial purposes unrelated to the estate
  • Transfer resident data to third parties without proper authorization

REAM is NOT responsible for:

  • Misuse of data by administrators
  • Unauthorized access by administrators
  • Data shared by administrators outside the app
  • Breach of confidentiality by association staff
  • Mishandling of resident information by estate management

Administrator Access Monitoring

  • REAM maintains audit logs of administrator actions
  • Suspicious activity may be investigated
  • Association managers are responsible for managing staff access
  • Remove access for departed employees immediately

Third-Party Sharing

We share data ONLY when necessary for:

  • Payment Processors: For secure payment processing (encrypted, PCI-compliant)
  • Service Providers: Technical support, hosting, maintenance
  • Legal Compliance: Law enforcement, court orders, legal requirements

We do NOT share data with:

  • Marketing companies
  • Advertisers
  • Data brokers
  • External parties without explicit consent

Important: REAM does not control or monitor how Association Administrators share resident data within the estate. Administrators may share resident information with other estate staff, other residents (in notices), legal authorities (if required by law), or service providers (contractors, vendors). REAM is not responsible for how administrators share data within the association. Residents should contact their association management regarding data sharing and review estate policies on information handling.

Data Retention

  • Active Resident Data: Retained while resident is active
  • Transaction History: Retained for 7 years (financial/tax compliance), even after an account is deleted
  • Security Logs: Retained for 2 years
  • Audit Logs: Retained for 2 years (records of account actions, including the user, action type, and IP address involved)
  • Deleted Accounts: Profile data deleted within 30 days of deletion; transaction history and other legally-required records are retained per the schedules above even though the account itself is removed

4. Data Protection & Security

  • Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
  • Authentication: Secure login with passwords
  • Access Control: Role-based permissions across all account types (see the Access Levels section above)
  • Secure Servers: Data stored on secure, monitored servers
  • Regular Audits: Security assessments and penetration testing

Payment information is processed through PCI-DSS compliant payment gateways; payment details are never stored in the REAM application and all transactions are encrypted and secured.

No system is 100% secure; we cannot guarantee absolute security. You are responsible for keeping your login credentials confidential and must not share your password with others.

5. Your Rights & Choices

You have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request data in a portable format
  • Request deletion of your data (within legal limits - financial transaction history and certain logs are retained for legal/compliance reasons even after account deletion, see Data Retention above)

Contact the association manager or support team to request a copy of your data, correct information, delete your account, or opt-out of non-essential communications. You can control notification settings in the app and update contact preferences anytime; administrative notices may still be sent.

6. Children's Privacy

The REAM app and web platform are designed for adults (association managers, residents, security staff) and are not intended for independent use by children under 13. We do not knowingly collect data directly from children.

If an estate registers a Secondary Resident account for a minor (for example, a family member who needs gate pass access), that account must be set up and supervised by the household's Primary Resident, who is responsible for the accuracy of the information provided and for the minor's use of the account. Such accounts are limited to gate pass and communication features only and cannot access payment or billing information. If we become aware that a child's data has been collected outside of this supervised arrangement, we will delete it promptly.

7. International Data Transfers

If data is transferred internationally, transfers comply with applicable laws (GDPR, local regulations), adequate safeguards are in place, and data protection standards are maintained. For residents in the EU or other regions with strict data protection laws, your data is handled in accordance with those regulations.

8. Third-Party Services

The app and web platform use the following third-party services:

Service Purpose Used On
Google Play Services App distribution & analytics Mobile
Firebase Crash reporting, analytics Mobile
Paystack Secure payment processing Mobile & Web
Flutterwave Secure payment processing Mobile & Web
Cloudflare Web hosting security & DNS Web

We are not responsible for third-party privacy practices. Review their policies before using services.

9. Changes to this Privacy Policy

We may update this Privacy Policy occasionally. Changes will be posted on this page with a new "Last Updated" date. Continued use of the app constitutes acceptance of changes. Significant changes will be communicated via in-app notification, email to managers, or published notice.

10. Legal Basis for Processing

We process data based on contractual necessity (required to provide the service), legal obligation (compliance with laws and regulations), legitimate interests (operating the platform safely and securely), and consent (where you've explicitly consented to data use).

11. Data Breach Notification

If a data breach occurs, we will investigate immediately, notify affected individuals within 72 hours (as required by law), notify regulatory authorities if legally required, and take steps to prevent similar incidents.

12. Compliance

This Privacy Policy complies with GDPR (EU General Data Protection Regulation), CCPA (California Consumer Privacy Act), local data protection laws, Google Play Store Privacy Requirements, and industry best practices.

13. Limitation of Liability and Account Terms

Liability disclaimers, indemnification, account suspension/termination terms, and other contractual terms governing your use of the Service are set out in our separate Terms of Service, which you accept by using the Service alongside this Privacy Policy. We split these out from this Privacy Policy because a privacy policy's role is to explain how we handle your data, while contractual terms like liability limits need their own clear acceptance.

14. Resident & User Acknowledgment

By using the REAM application, you acknowledge you have read this Privacy Policy and our Terms of Service, consent to data collection and processing as described, agree to the security measures in place, understand your rights and responsibilities, accept that administrators are responsible for their use of resident data, and accept the account terms and limitations of liability set out in the Terms of Service.

Contact Us

If you have any questions about this Privacy Policy, you can contact us:

If you believe your data rights have been violated, you can lodge a complaint with your local data protection authority.