jaraygroup
Legal · Privacy

Privacy policy

Effective date: May 1, 2026 · Last updated: May 23, 2026

The short version

We are Jaray Group Inc., a corporation incorporated in Ontario, Canada. We operate jaraygroup.com and related domains. This policy describes how we collect, use, store, disclose, and otherwise process personal information through those properties, and the rights you have under applicable law.

By accessing or using the Site, contacting us, or subscribing to the journal, you consent to the collection, use, and disclosure of your information as described in this policy, including transfer to and processing in jurisdictions outside your own. If you do not agree, do not use the Site, contact us, or subscribe.

We collect only what we need to operate and grow the business: site-visit metadata, anything you choose to send us, and (if you subscribe) your email address. We do not sell personal information within the meaning of any applicable law. Beyond that, we reserve the right to collect, use, retain, and disclose personal information for any purpose permitted by applicable law, in any manner we determine, including the additional purposes described below.

For privacy questions, write to privacy@jaraygroup.com.

1. Who this policy applies to

This policy applies to personal information processed by Jaray Group Inc. and its affiliates, subsidiaries, successors, and assigns (together, "Jaray Group", "we", "us", "our") through:

  • The public marketing website at jaraygroup.com and related or successor domains.
  • The journal subscription, where offered.
  • Email or other direct correspondence you initiate with us.
  • Any inquiry, "book a call", or similar form we operate.
  • Any other interaction we identify as governed by this policy.

What this policy does not cover: if you become a landlord client of an operating subsidiary, the personal information collected from you and from tenants in units we manage is governed by the separate written agreement you sign and any additional notices we provide at the point of collection. Those instruments control as between you and us. This policy is informational only with respect to those activities and does not create rights enforceable against us in connection with them.

2. Who is responsible

For collection and processing described here, the responsible entity is:

Jaray Group Inc. Toronto, Ontario, Canada privacy@jaraygroup.com

We have designated a person responsible for privacy compliance under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). You can reach that person at the email above.

We do not currently designate an EU, UK, or other foreign representative. We are not obliged to do so unless and until applicable law clearly requires it. If you are outside Canada and need to escalate, contact us and we will respond on a best-efforts basis consistent with the laws that we determine apply.

3. What we collect, and when

When you visit the Site

We collect technical information automatically, including:

  • Your IP address, which we may retain for security, abuse prevention, fraud detection, analytics, product improvement, and any other lawful business purpose.
  • Your device, browser, operating system, screen and viewport characteristics, language, time zone, network information, and similar identifiers.
  • The pages you view, the referrer that brought you to us, time spent, scroll depth, clicks, and similar usage telemetry.
  • First-party and (where applicable) third-party cookies, local storage entries, and similar technologies that we determine are useful for operating, securing, measuring, or improving the Site.

When you contact us

If you send us an email, fill out a form, or book a call, we collect:

  • Your name, email address, and phone number (where provided).
  • The message or context you choose to send, including anything attached, quoted, or referenced.
  • If you describe a portfolio you would like managed: details you share (door count, neighbourhood, current property manager, financial parameters, ownership structure).
  • The time, source, and attribution context of your inquiry (entry page, referrer, campaign, device).

You should assume that everything you send to us — including in free-text fields and attachments — is recorded, retained, and reviewable by personnel and contractors under our supervision.

If you subscribe to the journal

If you ask to receive the journal, we collect:

  • Your email address.
  • A timestamp and record of your consent, retained for as long as we determine necessary to demonstrate compliance with Canada's Anti-Spam Legislation (CASL) or any successor regime.
  • The source page from which you subscribed and associated attribution context.
  • Engagement signals for emails we send to you, including opens, clicks, bounces, complaints, and deliverability metadata.

Every email includes a one-click unsubscribe link. We honour unsubscribes within the time required by applicable law.

Information from third parties

We may receive information about you from third parties, including service providers, advertising platforms, analytics providers, public sources, business partners, referral sources, and entities involved in any contemplated transaction with us. We may combine that information with information we collect directly and use the combined record for any purpose described in this policy.

What we do not knowingly collect

We do not knowingly collect:

  • Special categories of personal information under GDPR (health, religion, political opinions, biometrics, etc.). If you send us such information in a free-text message, we will handle it consistent with applicable law but have no obligation to provide enhanced protections beyond what the law requires.
  • Information from children under 16. The Site is not directed at children. If you believe a child has provided information to us, write to privacy@jaraygroup.com.

4. Why we collect it, and the broader uses we reserve

We collect personal information to operate, secure, maintain, measure, improve, and grow our business. Without limiting the foregoing, we may collect, use, retain, and disclose personal information for any of the following purposes:

  • Operating, securing, debugging, monitoring, and improving the Site and our services;
  • Responding to inquiries and evaluating potential engagements;
  • Sending the journal, transactional emails, and any other communications you have consented to receive or that are permitted under CASL or equivalent law;
  • Conducting analytics, research, modelling, benchmarking, and product development, including training internal tools and improving our marketing;
  • Personalizing content, offers, and experiences;
  • Preventing, detecting, investigating, and responding to fraud, abuse, security incidents, unlawful activity, and violations of our terms or applicable law;
  • Defending, asserting, and enforcing our legal rights, including in litigation, regulatory proceedings, audits, and pre-litigation disputes;
  • Complying with applicable law, court orders, subpoenas, regulatory requests, and lawful access requests, including from foreign authorities;
  • Facilitating, evaluating, negotiating, or completing any corporate transaction, including a financing, sale, merger, acquisition, reorganization, joint venture, or transfer of assets;
  • Any other purpose permitted or required by applicable law, or for which we obtain your consent (express, implied, or deemed, as the law permits).

Where the GDPR or similar regimes apply, we rely on one or more of the following lawful bases as we determine appropriate: legitimate interests (operating, securing, and growing our business and the Site); performance of, or steps prior to, a contract; consent; compliance with a legal obligation; or another lawful basis available under applicable law.

Under PIPEDA, we rely on your express, implied, or deemed consent as the circumstances allow, supplemented by the exceptions PIPEDA permits.

We may de-identify, aggregate, or anonymize personal information at any time, and we may use and disclose de-identified, aggregated, or anonymized information for any purpose, indefinitely, without restriction.

5. Cookies and similar technologies

The Site uses cookies, pixels, local storage, server logs, and similar technologies for purposes including: operating the Site, maintaining session integrity, securing the Site, remembering your preferences, measuring usage, evaluating campaigns, and improving the product.

Strictly necessary technologies are used without prior consent because they are required to deliver the service you have requested. Analytics, performance, advertising, and other non-essential technologies may be deployed where permitted under applicable law; in jurisdictions where prior consent is required (such as the EEA and UK), we will obtain that consent through the mechanisms we determine appropriate. We reserve the right to add, remove, or change the technologies used at any time and to update this policy accordingly.

We may use first-party and third-party analytics, advertising, attribution, and measurement technologies — including products operated by parties such as Google, Meta, LinkedIn, TikTok, and similar platforms — for purposes including: measuring site usage and campaign performance; understanding how visitors arrive at and move through the Site; conducting conversion tracking and attribution; building and serving retargeting, lookalike, and custom-audience segments on advertising platforms; suppression of audiences (such as existing subscribers); and otherwise marketing, promoting, and improving our business. Where any such technology results in disclosure of personal information to a third party in a manner that constitutes a "sale" or "share" within the meaning of applicable law, we will provide the disclosures and opt-out mechanisms that law requires.

Third-party widget on /book. Our /book page embeds a scheduling widget operated by Calendly Inc. (United States). When you visit /book, your browser loads scripts and assets from Calendly's domains, and Calendly sets cookies under its own domain. These cookies are necessary to deliver the scheduling service you have requested by visiting /book. Calendly's processing is governed by its own privacy policy. If you do not want Calendly to load, do not visit /book.

We do not control the use of cookies or similar technologies by third parties whose services are embedded on, or linked from, the Site, and we accept no responsibility for that use.

6. Who we share your information with

We may share personal information with the following categories of recipients, in our sole discretion, for any purpose described in this policy:

  • Affiliates, subsidiaries, and group companies, current and future, for any business purpose.
  • Service providers, processors, contractors, consultants, and other third parties that perform services on our behalf, including hosting, infrastructure, communications, analytics, security, customer support, marketing, payment processing, scheduling, professional services, and similar functions.
  • Hosting and content delivery. The Site is hosted on Vercel Inc. (United States).
  • Scheduling. Bookings on /book are handled by Calendly Inc. (United States), which receives the name, email, free-text message, and selected time you provide.
  • Professional advisors, including legal counsel, accountants, auditors, insurers, and bankers.
  • Counterparties and their representatives in connection with any actual or contemplated corporate transaction, including a financing, sale, merger, acquisition, reorganization, joint venture, due diligence process, or transfer of assets — in which case personal information may be transferred to the resulting or acquiring entity without further notice to you.
  • Governmental authorities, courts, regulators, and law-enforcement agencies, where we determine disclosure is required, advisable, or otherwise consistent with applicable law, including in response to subpoenas, court orders, lawful access requests, or other legal process, and including for the purpose of protecting our rights, property, or safety, or those of any third party.
  • Any other party with your consent or as otherwise permitted by applicable law.

We do not sell personal information within the meaning of the California Consumer Privacy Act / California Privacy Rights Act ("CCPA/CPRA"), and we do not share personal information for cross-context behavioural advertising. We reserve the right to change these practices in the future, in which case we will update this policy and, where required by law, provide an opportunity to opt out.

7. International data transfers

You acknowledge and consent that, by interacting with us, your personal information may be transferred to, stored in, and processed in Canada, the United States, and any other jurisdiction in which we, our affiliates, or our service providers operate. Personal information transferred outside your jurisdiction may be subject to lawful access by courts and law-enforcement authorities of the destination jurisdiction.

For transfers from the EEA, UK, or Switzerland that require additional safeguards, we rely on Standard Contractual Clauses or another transfer mechanism recognized under applicable law. Where you provide information in connection with a service you have requested, your consent to the international transfer is deemed to have been given.

8. How long we keep your information

We retain personal information for as long as we determine necessary to fulfil the purposes described in this policy, including operating and improving the business, complying with legal obligations, resolving disputes, defending claims, and enforcing our agreements. Retention may extend beyond the duration of any active relationship with you, including for audit, recordkeeping, security, and litigation-readiness purposes.

We may retain backup copies, archived data, and de-identified, aggregated, or anonymized derivatives indefinitely.

You may ask us to delete personal information about you. We will do so only to the extent applicable law requires; in all other respects, retention is at our discretion.

9. Your rights

Your rights are determined by the laws that apply to you. We honour the rights provided under the law of your jurisdiction. We do not voluntarily extend rights beyond what applicable law requires.

We may verify your identity through reasonable means before responding to any request, and we may decline or charge a reasonable fee for requests that we determine are manifestly unfounded, excessive, repetitive, or technically infeasible, to the extent permitted by applicable law.

If you are in Canada (PIPEDA and provincial laws)

Subject to the exceptions PIPEDA permits, you may:

  • Ask whether we hold personal information about you;
  • Access that information;
  • Request correction of inaccurate or incomplete information;
  • Withdraw your consent to continued use, subject to legal and contractual restrictions, and on the understanding that withdrawal may end our ability to provide services to you;
  • Complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca) after first raising the matter with us.

We respond to verifiable requests within the timelines required by PIPEDA.

If you are in California (CCPA / CPRA)

Subject to applicable exceptions, you may:

  • Request the categories and specific pieces of personal information we have collected about you in the 12 months preceding the request;
  • Request deletion of your personal information;
  • Request correction of inaccurate personal information;
  • Opt out of any sale or sharing of personal information for cross-context behavioural advertising (note: we do not currently sell or so share);
  • Request limitation of use of sensitive personal information (note: we do not collect sensitive personal information within the meaning of the CPRA);
  • Be free from retaliation for exercising these rights.

To exercise these rights, write to privacy@jaraygroup.com with "California Privacy Request" in the subject line. We respond within the period required by the CCPA/CPRA.

If you are in the EEA, UK, or Switzerland (GDPR / UK GDPR)

Subject to applicable exceptions, you may exercise the rights of access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and lodging a complaint with your supervisory authority. We respond within the period required by GDPR.

Everyone else

If your jurisdiction does not provide statutory privacy rights, we have no obligation to provide them, but you may write to privacy@jaraygroup.com and we will consider the request.

10. Security

We use administrative, technical, and physical safeguards that we determine appropriate to the risk, including TLS encryption in transit, access controls, multi-factor authentication, audit logging, and least-privilege provisioning.

No method of transmission or storage is perfectly secure. You transmit information to us at your own risk. We do not warrant, guarantee, or represent that personal information will not be subject to unauthorized access, loss, alteration, or disclosure, and we accept no liability for any such event to the maximum extent permitted by applicable law. Where a security incident triggers a notification obligation under applicable law, we will notify affected individuals and regulators as and to the extent required.

You are responsible for the security of any device, account, network, or credential you use to interact with us, and for any communication you choose to send through unencrypted channels (including email).

11. Children

The Site is not directed at, and we do not knowingly collect personal information from, children under 16. If you believe we have collected information from a child, write to privacy@jaraygroup.com.

12. Marketing communications and CASL

Where required by CASL or equivalent law, we send marketing emails only with appropriate consent, identify ourselves in every message, and provide a working unsubscribe mechanism. Opting out of marketing communications does not affect transactional or relationship communications, which we may continue to send as permitted by law.

13. Third-party links and embeds

The Site may link to or embed third-party content. We do not control and accept no responsibility for the privacy practices of any third party. Your interactions with third parties are solely between you and those third parties.

14. Changes to this policy

We may update this policy at any time, in our sole discretion, with or without notice to you. Updates are effective on the date posted unless otherwise stated. Material changes will be reflected in an updated "Last updated" date. Your continued use of the Site, continued correspondence with us, or continued receipt of the journal after an update constitutes your acceptance of the updated policy.

We are not obliged to maintain or provide prior versions, but may do so on request at our discretion.

15. How to contact us

For any privacy question or request:

Privacy Officer Jaray Group Inc. privacy@jaraygroup.com Toronto, Ontario, Canada

We respond to substantive requests within the timelines required by applicable law. For all other inquiries, write to hello@jaraygroup.com.