Privacy Policy

A Service of Market Gap Technologies Limited

Last Updated: February 5, 2026

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the FiWi Community platform. It applies to all users of our website, mobile applications, and related services. Please read it carefully.

1. Introduction

Market Gap Technologies Limited ("we," "our," or "us") operates the FiWi Community platform — a community management solution for gated residential communities, strata corporations, and homeowner associations in Jamaica. This Privacy Policy describes how we collect, use, and protect your personal data in accordance with the Data Protection Act of Jamaica, 2020 ("DPA").

By using the Platform, you consent to the data practices described in this policy. This Privacy Policy is incorporated by reference into our Terms of Service.

2. Who We Are — Data Roles

Under the DPA, different parties have different responsibilities for personal data:

  • Data Controller: Your Community Customer (the strata corporation, residents' association, or property management company that subscribes to FiWi Community) determines why and how your personal data is processed. They are the Data Controller for Resident data, Visitor data, and data collected through the Platform within their Community.
  • Data Processor: Market Gap Technologies Limited processes personal data on behalf of Community Customers to provide the Platform services. We act as a Data Processor and only process data according to the instructions of the Data Controller.

For data collected directly through our marketing website (e.g. contact forms, newsletter sign-ups), Market Gap Technologies Limited acts as the Data Controller.

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Name, email address, and phone number
  • Community association and unit/lot information
  • Account credentials (passwords are hashed and never stored in plaintext)

3.2 Resident Information

For Residents using the Platform, we may process:

  • Household member details
  • Vehicle registration and licence plate information
  • Visitor pre-registration records
  • Maintenance fee balances and payment history
  • Communication preferences and notification settings

3.3 Visitor Data

When Visitors check in to a Community through the Platform, we may collect:

  • Name and contact information
  • Government-issued identification number
  • Photograph
  • Vehicle information (including licence plate)
  • Purpose of visit and host Resident information
  • Entry and exit timestamps

Visitor data is collected on behalf of the Community Customer, who determines what information is required. The digital check-in process includes a consent mechanism informing Visitors about data collection and its purpose. Visitors who do not consent may be subject to manual check-in procedures as determined by the Community Customer.

3.4 License Plate Recognition (LPR) Data

Where LPR is enabled at a Community, the system automatically captures:

  • Licence plate numbers
  • Vehicle images
  • Entry/exit timestamps
  • Associated metadata

LPR data is owned by the Community Customer, who acts as the Data Controller. We process it solely to provide the service. LPR technology is not 100% accurate — recognition may be affected by lighting, weather, camera angle, plate condition, and vehicle speed.

LPR Privacy List: Residents may request to be placed on a "Privacy List" that excludes their registered vehicles from LPR data storage, subject to Community Customer approval. Vehicles on the Privacy List can still use automated entry, but their entry/exit records will not be stored beyond the real-time verification necessary for access.

3.5 Biometric Data

Where a Community Customer enables biometric features (such as fingerprint or facial recognition for access control), such data qualifies as Sensitive Personal Data under the DPA. Processing of biometric data requires your explicit written consent, which must be obtained separately by your Community Customer — not through general Terms acceptance. We will not process biometric data without documented evidence that appropriate consent has been obtained.

3.6 Information Collected Automatically

When you use our website or mobile applications, we automatically collect:

  • Device type, operating system, and browser information
  • IP address and approximate location
  • Pages visited, features used, and usage patterns
  • Referring URLs and search terms

3.7 Payment Information

Payment processing is handled by our third-party payment processor. We do not directly store, process, or transmit credit card or debit card numbers. Your payment information is subject to the payment processor's privacy policy.

4. How We Use Your Information

We process personal data for the following purposes:

  • Service delivery: Providing visitor management, access control, communications, and financial management features
  • Security: Maintaining visitor logs, access records, and LPR records for community security
  • Account management: Creating and maintaining user accounts, verifying identity, and managing permissions
  • Communications: Sending community announcements, payment reminders, and service notifications
  • Payment processing: Facilitating maintenance fee collection and financial reporting
  • Platform improvement: Analysing usage patterns to improve the Platform (using anonymised and aggregated data)
  • Support: Responding to inquiries, troubleshooting, and providing customer support
  • Legal compliance: Meeting our obligations under the DPA and other applicable laws

5. Data Sharing

We do not sell, rent, or share your personal data with third parties for their marketing purposes. We may share data with:

  • Your Community's management: Community Customers and their authorized personnel receive data necessary to manage the Community
  • Service providers: Third-party providers who assist in operating the Platform (e.g. cloud hosting, payment processing, analytics), bound by data processing agreements
  • Legal authorities: Only when required by a valid court order, warrant, or other compulsory legal process, or in emergency circumstances involving imminent risk of death or serious bodily injury

Law Enforcement Access to LPR and Visitor Data

We will not provide LPR data or Visitor data to law enforcement except:

  • Pursuant to a valid court order, warrant, or other compulsory legal process
  • With the express written authorization of the Community Customer
  • In emergency circumstances involving imminent risk of death or serious bodily injury

Community Customers will be notified of any law enforcement request for their data unless notification is prohibited by law.

6. Data Retention

We retain personal data only as long as necessary for its purpose:

Data Type Retention Period
LPR data (routine captures) Up to 90 days, as configured by Community Customer
Visitor data Up to 180 days, as configured by Community Customer
Regular visitor records (e.g. contractors) Duration of authorization
Account data Duration of account, plus 30 days after termination
Backup copies Deleted within 12 months of account termination

Data may be retained beyond these periods if: (a) it is associated with a security incident under active investigation; (b) it is subject to a legal hold; or (c) a longer period is required by applicable law. Upon expiration, data is automatically and permanently deleted.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data. For detailed information about our security practices, please visit our Security & Compliance page. Key measures include:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Hashed passwords using industry-standard algorithms
  • Role-based access controls
  • Audit logging of administrative actions
  • Automated backups with point-in-time recovery
  • DDoS protection via Cloudflare
  • Logical data segregation between Communities

8. Your Rights Under the Data Protection Act

As a data subject, you have the following rights under the DPA:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to correction: Request correction of inaccurate or incomplete data
  • Right to deletion: Request deletion of your data in certain circumstances
  • Right to object: Object to the processing of your personal data
  • Right to withdraw consent: Withdraw consent for processing at any time (this does not affect prior lawful processing)
  • Right to data portability: Request a copy of your data in a commonly used, machine-readable format (such as CSV or JSON)

How to Exercise Your Rights

For data processed within a Community (Resident data, Visitor data, LPR data), please direct your request to your Community Customer, who is the Data Controller and is responsible for responding within the timeframes specified by the DPA. We will assist them in fulfilling your request.

For data we control directly (marketing website data, contact form submissions), please contact us at [email protected].

9. Cookies & Analytics

Our website and Platform use the following technologies:

  • Google Analytics: We use Google Analytics to understand how visitors interact with our website, including pages visited, time on site, and traffic sources. Google Analytics uses cookies and collects anonymised usage data. You can opt out using the Google Analytics Opt-out Browser Add-on.
  • HubSpot: We use HubSpot for marketing analytics, form handling, and customer relationship management. HubSpot may set cookies to track interactions with our marketing content.
  • Cloudflare: We use Cloudflare for content delivery, security, and performance optimisation. Cloudflare may set cookies for security purposes (e.g. bot detection).

You can control cookies through your browser settings. Disabling cookies may affect your experience on our website but will not affect the core functionality of the Platform applications.

10. Cross-Border Data Transfers

The Platform uses cloud infrastructure that may involve the storage or processing of personal data outside Jamaica. Any such transfers are conducted in compliance with Section 50 of the DPA, using appropriate safeguards including standard contractual clauses and ensuring that the receiving jurisdiction provides adequate protection for personal data.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of data subjects, we will notify affected Community Customers within seventy-two (72) hours of becoming aware of the breach. The notification will include:

  • The nature of the breach
  • The categories and approximate number of data subjects affected
  • The likely consequences
  • The measures taken or proposed to address the breach

Community Customers are responsible for any required notification to the Office of the Information Commissioner and affected data subjects, as required by the DPA.

12. Children's Privacy

The Platform is not intended for use by individuals under eighteen (18) years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at [email protected] and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our Platform with a new "Last Updated" date and, where practicable, by email notification. Your continued use of the Platform following such notification constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights:

You may also reach us through our contact page or by post at:
Market Gap Technologies Limited
Kingston, Jamaica

© 2026 Market Gap Technologies Limited. All rights reserved.