SECURITY & COMPLIANCE STATEMENT

Our Commitment to Security and Compliance

MarketMosaicPro is designed to help professionals operate efficiently while keeping their information secure and compliant.
We are committed to maintaining high standards of privacy, data protection, and system security across all aspects of the platform.

This Security & Compliance Statement explains the safeguards we use to protect your data and outlines the principles guiding our approach to security, privacy, and global compliance.

Security Practices and Safeguards

To protect user information, we implement industry-standard technical, administrative, and organizational safeguards, including:

• Encrypted data transmission (TLS/SSL)
• Secure hosting environments
• Password hashing and authentication controls
• Firewall, monitoring, and threat-detection systems
• Access-controlled internal data management
• Routine vulnerability assessment and system updates
• Controlled development and deployment processes

Although no digital service can guarantee absolute security, we take all reasonable measures to reduce risks and ensure data integrity.

Privacy by Design

MarketMosaicPro incorporates privacy principles into the core of our platform, including:

• Limited collection of personal information
• User-controlled data management
• Consent-based communication tools
• Secure deletion and retention systems
• Transparency in how data is used and processed

We never sell user or client data.

Compliance with Global Privacy Regulations

Our policies and procedures are designed to align with major international data protection laws, including:

• GDPR (European Union)
• CASL (Canada)
• PIPEDA (Canada)
• CAN-SPAM (United States)
• CCPA/CPRA (California, where applicable)

These frameworks guide how we collect, store, process, and protect personal data.

User Responsibilities for Legal Compliance

MarketMosaicPro Software Inc. provides a secure CRM and marketing automation platform known as MarketMosaicPro for REALTORS®, consultants, and service-based businesses. Learn more about our platform features or pricing. Because MarketMosaicPro allows you to store client information and send communications, you must comply with laws that apply to your business.

Users are responsible for:

• Collecting client data lawfully and with consent
• Maintaining accurate customer records
• Storing only information they are legally permitted to process
• Respecting communication preferences and unsubscribe requests
• Complying with GDPR, CASL, CAN-SPAM, or similar laws in their region

MarketMosaicPro does not verify user consent and cannot assume responsibility for improper data handling by users.

Third-Party Service Providers

To deliver the Service, we may rely on trusted third-party providers for:

• Hosting and cloud infrastructure
• Analytics and diagnostics
• Email delivery
• Payment processing
• Security monitoring

Each provider adheres to industry-standard security practices and maintains its own privacy and compliance commitments.

A current list of sub-processors is available upon request.

Incident Response & Data Breach Notification

If we identify a confirmed security breach affecting personal data:

• We will notify impacted users without undue delay
• Provide available details as the situation evolves
• Work to contain and remediate the event
• Cooperate with required legal or regulatory notifications

Users are responsible for informing their clients when local law requires it.

Data Access, Portability, and Deletion

Users may request:

• A copy of the personal data they stored
• Correction of inaccurate information
• Deletion of personal or client data (when lawful)

Deletion requests must be submitted through our Data Deletion Request Form.

System Availability and Reliability

We strive to maintain reliable service availability.
However, availability may be affected by:

• Scheduled maintenance
• Hosting provider issues
• Software updates
• Security events
• Force majeure situations

No guarantee of uninterrupted service is provided.

Ongoing Compliance Efforts

We regularly review and update:

• Internal data handling procedures
• Security systems
• Privacy practices
• Legal documentation

This ensures our platform evolves with industry standards and regulatory expectations.