Privacy Policy

Valery Technologies Inc. (operating as "Homies")

Effective Date: March 1, 2026

Last Updated: March 1, 2026

Introduction
Applicable Privacy Laws
Information We Collect
How We Use Your Information
AI and Machine Learning Data Practices
Information Sharing and Disclosure
Data Storage, Security, and Cross-Border Transfers
Data Retention
Your Privacy Rights
Data Controller vs. Data Processor Roles
Children's Privacy
Cookies and Tracking Technologies
Third-Party Links and Services
Changes to This Privacy Policy
Privacy Officer and Contact Information

1. Introduction

This Privacy Policy describes how Valery Technologies Inc. ("Homies," "we," "us," "our") collects, uses, discloses, and protects your personal information when you use our Service. This Policy applies to information collected from Subscribers (real estate professionals who use our platform) and from visitors to websites operated as part of the Service on behalf of Subscribers.

Valery Technologies Inc. is incorporated in the Province of Ontario, Canada, and operates under the trade name "Homies." We are the data controller responsible for the personal information we collect through the Service, except where otherwise specified in this Policy.

This Privacy Policy applies to all personal information collected through the Homies Service, including all software, tools, websites, integrations, infrastructure, and related features provided as part of the Service.

This Policy applies to two categories of individuals:

Subscribers — real estate professionals who subscribe to and use the Homies Service
Visitors — individuals who visit or interact with websites operated as part of the Service on behalf of Subscribers

We encourage you to read this Privacy Policy carefully. By using the Service, you acknowledge that you have read and understood this Policy. If you have any questions, please contact our Privacy Officer using the information provided in Section 15.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you in accordance with Section 14 of this Policy.

2. Applicable Privacy Laws

We have designed our privacy practices to comply with the applicable privacy laws of Canada (including PIPEDA and provincial legislation) and the United States (including the CCPA/CPRA and applicable state privacy laws).

2.1 Canada — Federal

PIPEDA (Personal Information Protection and Electronic Documents Act): PIPEDA applies to the collection, use, and disclosure of personal information in the course of commercial activities across Canada. As a commercial service provider, we are subject to PIPEDA's requirements, including obtaining meaningful consent, limiting collection to what is necessary, and safeguarding personal information.

2.2 Canada — Provincial

Quebec — Act Respecting the Protection of Personal Information in the Private Sector (Law 25): Quebec's privacy legislation imposes additional requirements, including stricter consent requirements, mandatory privacy impact assessments for certain processing activities, the right to data portability, mandatory breach notification to the Commission d'accès à l'information du Québec, and the requirement to designate a privacy officer.
Alberta — Personal Information Protection Act (PIPA): Alberta's PIPA governs the collection, use, and disclosure of personal information by private-sector organizations operating in Alberta.
British Columbia — Personal Information Protection Act (PIPA): British Columbia's PIPA establishes requirements for private-sector organizations regarding the handling of personal information in British Columbia.

2.3 United States

California — CCPA/CPRA (California Consumer Privacy Act / California Privacy Rights Act): The CCPA, as amended by the CPRA, grants California residents specific rights regarding their personal information, including the right to know, the right to delete, the right to correct, and the right to opt out of the sale or sharing of personal information.
Other US State Privacy Laws: We also comply with other applicable state privacy laws, including the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Texas Data Privacy and Security Act (TDPSA), the Oregon Consumer Privacy Act (OCPA), and other state privacy laws as they become applicable.

3. Information We Collect

We collect personal information in several categories, as described below. We only collect information that is necessary to provide, maintain, and improve the Service.

3.1 Account Information

We collect the following information directly from Subscribers when they create an account and subscribe to the Service:

Full name
Email address
Phone number
Brokerage name and address
Billing information (processed by our third-party payment processor; we do not store full payment card numbers)
Professional license information (if applicable)

3.2 Profile and Branding Assets

We collect information that Subscribers provide to customize their experience and presence within the Service:

Professional headshot photographs
Brokerage logos and branding materials
Brand colors and styling preferences
Communication style preferences (tone, language, and format preferences for AI-generated content)
Biographical information (professional background, areas of expertise, service areas)

3.3 Biometric and Likeness Data

We collect voice samples and facial photographs only with your explicit, informed consent. This data is used solely for generating content on your behalf and is not shared with other subscribers, used for AI model training, or disclosed to third parties except as necessary to provide the content generation service.

The biometric and likeness data we may collect includes:

Voice samples — audio recordings of your voice used for voice synthesis and content generation
Facial photographs — images of your face used for content generation

You may withdraw your consent for the collection and use of biometric and likeness data at any time by contacting our Privacy Officer. Upon withdrawal of consent or account termination, this data will be deleted in accordance with our retention practices described in Section 8.

3.4 Usage and Technical Data

We collect data related to your use of the Service:

Usage and billing metrics (credit consumption, cost tracking, and remaining balance)
AI conversation logs (stored on the Subscriber's dedicated infrastructure, not on shared systems)
Service access logs (login times, IP addresses, feature usage, and session duration)
Infrastructure access metadata (connection timestamps and session duration; we do not record screen content)

3.5 Third-Party Integration Data

When Subscribers connect third-party services to the Service, we may process the following data at the Subscriber's direction:

API keys and integration credentials (stored on the Subscriber's dedicated infrastructure)
Communications content created or managed through the Service
Data accessed via integrated third-party platforms (such as CRM records, listing data, and social media content)

The scope of data accessed through third-party integrations depends on the permissions the Subscriber grants when connecting each service.

3.6 Subscriber Website Visitor Data

We collect the following information from visitors to websites operated as part of the Service on behalf of Subscribers:

Name, email address, and phone number (submitted through contact or lead capture forms)
Browsing behavior on the Subscriber's website (pages viewed, searches performed)
Device and browser information (device type, screen resolution, browser version)

This data is collected on behalf of the Subscriber and is subject to Section 10 (Data Controller vs. Data Processor Roles) of this Policy.

3.7 Automatically Collected Technical Data

We automatically collect certain technical data when you access the Service:

IP addresses
Browser type and version
Operating system
Cookies and similar tracking technologies (see Section 12)
Referring URLs
Date and time of access

4. How We Use Your Information

We use the personal information we collect for the following purposes:

To provide, maintain, and improve the Service — including configuring your AI assistant, operating websites and tools on your behalf, and delivering the features you have subscribed to
To process payments and manage billing — including processing subscription charges, tracking usage, issuing invoices, and managing account balances
To configure and operate the Subscriber's dedicated infrastructure — including setting up integrations and maintaining system health
To generate AI-assisted content at the Subscriber's direction — including communications, reports, and other materials as part of the Service
To display the Subscriber's branding — including logos, headshots, and biographical information on websites and tools operated as part of the Service
To provide customer support and respond to inquiries
To send Service-related communications — including billing alerts, usage notifications, service updates, maintenance notices, and security notifications
To monitor service health, security, and performance
To enforce our Terms of Service and prevent fraud or abuse
To comply with legal obligations — including tax reporting, responding to lawful government requests, and fulfilling regulatory requirements
For aggregate, de-identified analytics to improve the Service — we may analyze usage patterns in aggregate form that does not identify individual Subscribers

We do not sell your personal information to third parties.

We do not use your personal information for automated decision-making that produces legal or similarly significant effects without your consent.

5. AI and Machine Learning Data Practices

We understand that our Subscribers entrust us with sensitive business information, client details, and proprietary knowledge when using the AI assistant. We take this trust seriously and have implemented the following data practices:

Your Data Is Not Used to Train AI Models

Your conversations with the AI assistant are not used to train, fine-tune, or improve any artificial intelligence or machine learning model. Our third-party AI model providers process your data solely to generate responses and operate under zero data retention policies, meaning your data is not stored by the AI provider after the response is delivered.

5.1 Third-Party AI Model Provider Practices

Our third-party AI model providers operate under zero data retention (ZDR) policies. This means:

Conversation data sent to these providers for processing is not retained by the provider after the response is generated
Your data is not used by the AI provider to train, fine-tune, or improve their models
Providers are contractually bound to process your data solely for the purpose of generating responses to your instructions

5.2 Local Data Storage

Conversation history is stored locally on the Subscriber's dedicated infrastructure, not on shared systems or third-party servers
The AI assistant maintains a local memory system on the Subscriber's infrastructure to provide conversational continuity and personalized responses; this data remains on the Subscriber's infrastructure and is not transmitted to other parties
Each Subscriber's AI data is isolated on their own dedicated infrastructure and is not accessible to other Subscribers

5.3 How the AI Processes Your Data

The AI processes data at the Subscriber's direction to generate outputs such as communications, reports, and other materials
This processing is functional and operational — it serves to fulfill the Subscriber's instructions and is not conducted for model training or improvement purposes
When the AI assistant accesses connected third-party services on your behalf, it does so only at your direction and within the scope of the permissions you have granted

5.4 Aggregate Usage Statistics

De-identified, aggregate usage statistics (such as average credit consumption and general usage patterns) may be used to improve the Service
No individual conversation content is used for this purpose
Aggregate data does not identify individual Subscribers or their clients

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share information only as described in this Policy and only to the extent necessary to provide the Service.

6.1 Third-Party AI Model Providers

Conversation content and instructions are transmitted to third-party AI model providers to generate AI responses
These providers operate under zero data retention (ZDR) policies and do not retain your data after generating a response
Providers are contractually bound to confidentiality and data protection obligations
We select providers that maintain appropriate security certifications and data protection standards

6.2 Cloud Infrastructure and Hosting Providers

Dedicated infrastructure is hosted by third-party data center providers in the United States
Database hosting is provided by a third-party cloud database provider in Canada
File storage (images, documents, and generated content) is provided by third-party cloud storage providers
All hosting providers are subject to data processing agreements that require appropriate security measures

6.3 Payment Processors

Payment and billing information is processed by our third-party payment processor
We do not store full credit card numbers on our systems
Our payment processor is compliant with the Payment Card Industry Data Security Standard (PCI DSS)

6.4 Integration Partners (at Subscriber's Direction)

When the Subscriber connects third-party services, data flows to those services as directed by the Subscriber
These data flows are initiated by the Subscriber and are subject to the third-party services' own privacy policies and terms of service
We do not control and are not responsible for third-party data handling practices
Subscribers are encouraged to review the privacy policies of all third-party services they connect

6.5 Service Providers

We may share information with service providers who assist us in operating the Service, including providers of analytics, monitoring, communication, and support tools
All service providers are bound by data processing agreements that restrict their use of personal information to the purposes specified by us
Service providers are required to implement appropriate technical and organizational security measures

6.6 Legal and Regulatory Disclosure

We may disclose personal information when we believe in good faith that disclosure is necessary to:

Comply with applicable law, regulation, subpoena, court order, or government request
Protect the rights, safety, or property of Valery Technologies Inc., our Subscribers, or the public
Investigate potential violations of our Terms of Service
Detect, prevent, or address fraud, security, or technical issues

6.7 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, personal information may be transferred as part of the transaction
We will provide notice to affected individuals before personal information becomes subject to a different privacy policy
We will require the acquiring entity to honor the commitments made in this Privacy Policy or provide notice of any changes

7. Data Storage, Security, and Cross-Border Transfers

7.1 Data Storage Locations

Dedicated infrastructure: Located in the United States. Each Subscriber is assigned dedicated infrastructure that is not shared with other Subscribers.
Database (account data, billing, and configuration): Hosted in Canada.
File storage (images, documents, and generated content): Stored using cloud-based storage services.
AI processing: Data is transmitted to third-party AI model providers whose servers may be located in various countries.

7.2 Cross-Border Data Transfers

Your dedicated infrastructure is located in the United States. Your account and billing data is stored in Canada. When you interact with the AI assistant, your instructions and conversation data are transmitted to third-party AI model providers, which may process this data in jurisdictions outside of Canada and the United States. We ensure that appropriate safeguards are in place to protect your information during these transfers.

Specifically:

Personal information of Canadian subscribers may be processed in the United States and other jurisdictions where our service providers operate
Personal information of US subscribers may be processed in Canada and other jurisdictions where our service providers operate
PIPEDA cross-border requirements: We ensure a comparable level of protection through contractual safeguards with all service providers that process personal information outside of Canada. Our contracts require service providers to implement security measures that are consistent with Canadian privacy standards.
Quebec Law 25 requirements: We conduct privacy impact assessments for cross-border transfers of personal information of Quebec residents. We ensure that equivalent protection is provided through contractual and organizational safeguards in accordance with Quebec privacy legislation.

7.3 Security Measures

We implement a range of technical and organizational measures to protect your personal information, including:

Encryption in transit and at rest — all data transmitted between your browser and our systems is encrypted using TLS/HTTPS; data stored on our infrastructure and in our databases is encrypted at rest
Isolated dedicated infrastructure — each Subscriber is assigned dedicated infrastructure that is not shared with other Subscribers, providing physical and logical isolation of AI conversation data, integration credentials, and local memory
Per-user credential isolation with spending caps — each Subscriber's usage is metered through individual credentials with configurable spending limits
Access controls — access to the Service and administrative functions is protected by authentication controls
Credential storage — integration credentials and API keys are stored using encrypted credential management on the Subscriber's dedicated infrastructure
Regular security monitoring — we conduct ongoing health checks, vulnerability assessments, and security monitoring of our infrastructure
Employee access limitations — access to personal information is limited to employees and contractors who have a legitimate business need and are bound by confidentiality obligations

No method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

7.4 Data Breach Notification

In the event of a data breach involving personal information, we will notify affected individuals and applicable regulatory authorities within the timeframes required by law:

Canada (PIPEDA): As soon as feasible after determining that a breach poses a real risk of significant harm to an individual
Quebec (Law 25): Within seventy-two (72) hours to the Commission d'accès à l'information du Québec
United States (CCPA/CPRA and state laws): As required by applicable state breach notification laws

Breach notifications will include:

The nature of the breach
The types of personal information affected
Steps we have taken in response to the breach
Recommended protective measures for affected individuals
Contact information for our Privacy Officer

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The following retention periods apply:

Account and billing data: Retained for the duration of the subscription plus thirty (30) days following account termination (the data export window). After the export period, data is deleted except for records required for tax, legal, or regulatory purposes, which may be retained for up to seven (7) years.
Conversation history: Stored on the Subscriber's dedicated infrastructure for the duration of the subscription. Deleted when the infrastructure is decommissioned following the thirty (30) day post-termination export window.
Usage records: Retained for twenty-four (24) months for billing reconciliation and audit purposes.
Voice and facial data (biometric and likeness data): Deleted upon Subscriber request or upon account termination, whichever occurs first.
Subscriber website visitor data: Retained according to the Subscriber's configuration for the duration of the subscription. Deleted upon account termination following the thirty (30) day data export period.
Anonymized and aggregated data: May be retained indefinitely as it does not identify individuals and is not considered personal information.
Legal holds: Data may be retained for longer periods if required by applicable law, active legal proceedings, or regulatory investigations.

Upon account termination, Subscribers will have a thirty (30) day window to export their data. We will provide a reasonable mechanism for data export. After the export period, personal information will be securely deleted or anonymized in accordance with this Policy.

9. Your Privacy Rights

Depending on your jurisdiction, you may have specific rights regarding your personal information. We are committed to honoring your privacy rights and will process all requests in accordance with applicable law.

9.1 Rights Under PIPEDA (All Canadian Subscribers)

If you are a Canadian subscriber, you have the following rights under PIPEDA:

Right to access — You may request access to the personal information we hold about you
Right to correction — You may request correction of inaccurate or incomplete personal information
Right to withdraw consent — You may withdraw your consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions. We will inform you of the consequences of withdrawing consent.
Right to challenge compliance — You may challenge our compliance with PIPEDA and file a complaint with the Office of the Privacy Commissioner of Canada

9.2 Additional Rights Under Quebec Law 25 (Quebec Residents)

If you are a resident of Quebec, you have the following additional rights under Quebec's privacy legislation:

Right to data portability — You may request to receive your personal information in a structured, commonly used, machine-readable format, or to have it transferred to another organization where technically feasible
Right to de-indexation — You may request the removal of your personal information from search results or other dissemination mechanisms operated by us
Right to information about automated decision-making — You have the right to be informed about any automated decision-making processes that use your personal information and to contest decisions made solely by automated means
Right to be informed of privacy incidents — You have the right to be notified of any privacy incidents (data breaches) that affect your personal information

9.3 Rights Under Alberta and British Columbia PIPA

If you are a resident of Alberta or British Columbia, you have the following rights under your province's Personal Information Protection Act:

Right to access and correct — You may request access to and correction of your personal information
Right to file a complaint — You may file a complaint with the applicable provincial privacy commissioner:
- Alberta: Office of the Information and Privacy Commissioner of Alberta
- British Columbia: Office of the Information and Privacy Commissioner for British Columbia

9.4 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the CCPA/CPRA:

Right to know — You may request that we disclose what personal information we have collected, used, disclosed, and sold about you
Right to delete — You may request that we delete the personal information we have collected about you, subject to certain exceptions
Right to opt out of sale or sharing — You have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. Note: We do not sell or share your personal information for cross-context behavioral advertising.
Right to non-discrimination — We will not discriminate against you for exercising any of your privacy rights
Right to correct — You may request correction of inaccurate personal information
Right to limit use of sensitive personal information — You may request that we limit the use and disclosure of your sensitive personal information to what is necessary to provide the Service

9.5 Rights Under Other US State Privacy Laws

If you are a resident of Virginia, Colorado, Connecticut, Texas, Oregon, Montana, or another state with an applicable privacy law, you may have similar rights, including:

Right to access your personal information
Right to correct inaccurate personal information
Right to delete your personal information
Right to opt out of certain processing activities
Right to data portability

We will comply with all applicable state privacy laws and process your requests in accordance with the requirements of your jurisdiction.

9.6 How to Exercise Your Rights

You may exercise any of the rights described above by contacting us at privacy@meetyourhomies.com. We will respond to your request within the timeframe required by applicable law. We will not discriminate against you for exercising your privacy rights.

Response times: We will respond to your request within thirty (30) days under PIPEDA, or forty-five (45) days under the CCPA/CPRA, as applicable. If we require additional time, we will notify you of the extension and the reason.
Identity verification: We may need to verify your identity before processing your request to protect against unauthorized access to personal information.
Authorized agents: If you wish to designate an authorized agent to make a request on your behalf, the agent must provide proof of authorization.
Appeals: If we deny your request, we will provide you with the reason and information about how to appeal the decision, where applicable.

10. Data Controller vs. Data Processor Roles

Understanding the roles and responsibilities regarding personal information is important. The following describes when we act as a data controller and when we act as a data processor:

10.1 Homies as Data Controller

We are the data controller for the following categories of personal information, meaning we determine the purposes and means of processing:

Subscriber account information (name, email, phone, brokerage details)
Billing and payment data
Service usage data (login activity, feature usage, credit consumption)
Technical data collected automatically (IP addresses, browser information, cookies)

10.2 Homies as Data Processor

We act as a data processor on behalf of the Subscriber for the following categories of personal information, meaning we process this data only at the Subscriber's direction and in accordance with their instructions:

Data accessed through integrated third-party platforms at the Subscriber's direction
Communications content created or managed through the Service
Client contact information processed through the Service
Visitor data collected through websites operated as part of the Service on behalf of the Subscriber

10.3 Subscriber as Data Controller

When you use the Service to process your clients' personal information (such as contact details, property preferences, communication history, and financial information), you are the data controller for that information and we are your data processor. You are responsible for ensuring you have the appropriate legal basis (such as consent) to process your clients' information through the Service.

As a data controller, Subscribers are responsible for:

Obtaining all necessary consents from their clients before processing their personal information through the Service
Providing appropriate privacy notices to their clients about how their information will be used
Ensuring compliance with all applicable privacy laws regarding the processing of their clients' personal information
Responding to privacy rights requests from their clients (we will assist you in fulfilling such requests upon your instruction)

11. Children's Privacy

The Service is not directed at and not intended for use by individuals under the age of eighteen (18) or under the age of majority in their jurisdiction. We do not knowingly collect personal information from children.

If we become aware that we have inadvertently collected personal information from a child, we will take prompt steps to delete that information from our systems.

If you believe that we have collected personal information from a child, please contact us immediately at privacy@meetyourhomies.com so that we can take appropriate action.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service.

12.1 Essential and Functional Cookies

We use essential cookies that are necessary for the Service to function properly. These include:

Authentication cookies — to verify your identity and keep you logged in during your session
Session management cookies — to maintain your session state and preferences
Security cookies — to support security features and detect unauthorized access

These cookies are strictly necessary and cannot be disabled without affecting Service functionality.

12.2 Analytics Cookies

We may use analytics cookies to understand how the Service is used and to improve the user experience. These cookies collect information in aggregate form and do not identify individual users.

12.3 No Advertising or Tracking Cookies

We do not use cookies for advertising, cross-site tracking, or behavioral profiling. We do not serve ads on the Service and do not share cookie data with advertising networks.

Where required by applicable law (including Quebec Law 25 and certain US state privacy laws), we will obtain your consent before placing non-essential cookies on your device. You may manage your cookie preferences through the consent mechanism provided or through your browser settings.

12.5 Managing Cookies

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling essential cookies may affect the functionality of the Service.

13. Third-Party Links and Services

The Service integrates with and may contain links to third-party platforms and services. These third-party services have their own privacy policies and data practices that are independent of this Privacy Policy. We are not responsible for the privacy practices, security measures, or content of third-party services.

We encourage Subscribers to review the privacy policies of any third-party service they connect before enabling the integration. By connecting a third-party service, the Subscriber authorizes the flow of data between the Service and the third-party service as necessary to provide the integrated functionality.

Our Privacy Policy applies only to information collected and processed by us through the Service. Once your information is transmitted to a third-party service at your direction, the handling of that information is governed by the third party's privacy policy.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law.

Notification of material changes: Material changes will be communicated via email and/or through a notification on the dashboard at least thirty (30) days before taking effect.
Last Updated date: The "Last Updated" date at the top of this Policy will be revised to reflect the date of the most recent changes.
Acceptance of changes: Continued use of the Service after the effective date of changes constitutes acceptance of the revised Privacy Policy.
Right to cancel: If you do not agree with the revised Privacy Policy, you may cancel your subscription before the effective date of the changes. Please refer to our Terms of Service for information about cancellation.

15. Privacy Officer and Contact Information

Valery Technologies Inc. has designated a Privacy Officer responsible for overseeing our privacy practices and compliance with applicable privacy laws.

Contact Our Privacy Officer

Privacy Officer Valery Technologies Inc.

Email: privacy@meetyourhomies.com
Mailing Address: 390 Edgeley Blvd #18, Vaughan, ON L4K 3Z6

We will acknowledge receipt of your inquiry or request and respond within the timeframe required by applicable law.

Complaints and Escalation

If you are not satisfied with our response to your privacy inquiry or complaint, you may escalate your complaint to the applicable regulatory authority:

Canada:

Federal: Office of the Privacy Commissioner of Canada — www.priv.gc.ca
Ontario: Information and Privacy Commissioner of Ontario — www.ipc.on.ca
Quebec: Commission d'accès à l'information du Québec — www.cai.gouv.qc.ca
Alberta: Office of the Information and Privacy Commissioner of Alberta — www.oipc.ab.ca
British Columbia: Office of the Information and Privacy Commissioner for British Columbia — www.oipc.bc.ca

United States:

California: California Attorney General — oag.ca.gov
Other US States: Your state's Attorney General or applicable regulatory authority

This Privacy Policy is effective as of March 1, 2026.