Privacy Policy

Table of Contents

1. Introduction
2. Information We Collect
3. How We Use Your Information
4. Consent and Your Choices
5. Data Security
6. Data Encryption
7. Third-Party Service Providers
8. Data Retention and Deletion
9. Your Rights
10. Data Sharing
11. Incident Response
12. Compliance
13. Policy Updates
14. Contact Information

1. Introduction

RentierNow ("we," "our," or "us") is a property management platform based in San Diego, CA. We are committed to protecting the privacy and security of our users' personal information. This Privacy Policy describes how we collect, use, store, and protect your information when you use our platform and services.

This policy applies to all users of RentierNow, including property managers, landlords, tenants, and prospective tenants. By accessing or using our services, you acknowledge that you have read and understood this policy.

2. Information We Collect

Personal Information

• Account Information: Name, email address, phone number, and password (stored using industry-standard encryption)
• Property Manager Information: Business name, contact details, and portfolio information
• Tenant Information: Name, contact information, lease details, rental history, and application data
• Financial Information: Rent payment records, bank account details (processed through certified third-party providers), and transaction history

Financial Data

When you connect a bank account or payment method through our platform, we may receive account verification data, balances, and transaction history from certified third-party providers. This data is encrypted at rest using industry-standard encryption and is only used for the purposes you have consented to.

Property Information

• Property addresses, descriptions, and specifications
• Rental rates and financial data
• Property images and documents
• Maintenance request records

Documents

• Lease agreements
• Application documents
• Identification documents
• Financial statements and records

Technical Information

• IP addresses and device information
• Browser type and settings
• Usage data and access logs
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide, operate, and maintain our property management services
• Verify your identity and authenticate your account
• Process rental applications and tenant screening
• Facilitate rent collection and payment processing
• Verify bank account ownership for payment setup
• Manage maintenance requests and property communications
• Generate reports and analytics for property managers
• Send service-related notifications, alerts, and updates
• Comply with legal and regulatory obligations
• Improve, personalize, and optimize our platform
• Detect and prevent fraud, abuse, or unauthorized access

4. Consent and Your Choices

RentierNow obtains your consent before collecting, processing, or storing your personal data. We are transparent about what data we collect and why.

How We Obtain Consent

• Account Registration: You must agree to this Privacy Policy and our Terms of Service before creating an account.
• Financial Data Access: You explicitly authorize any bank account or payment connections through a secure consent flow before financial data is accessed.
• Document Uploads: You actively choose to upload documents and acknowledge they will be securely stored.
• Communications: You opt in to receive SMS, email, or push notifications.

Withdrawing Consent

You may withdraw your consent at any time through your account settings or by contacting us. Upon withdrawal, we will stop processing the relevant data and delete it in accordance with our retention policy, unless we are required by law to retain it.

5. Data Security

RentierNow maintains a comprehensive information security program designed to protect your data against unauthorized access, alteration, disclosure, or destruction. Our security policies and procedures are reviewed regularly and updated to address evolving threats and regulatory requirements.

Security Practices

• Designated security responsibilities with clear ownership across our organization
• Regular security policy reviews, assessments, and audits
• Security awareness training for all personnel with access to user data
• Documented incident response procedures
• Continuous monitoring, logging, and alerting for security events

Access Controls

We implement access controls based on the principle of least privilege. Access to production systems and sensitive data is restricted to authorized personnel and reviewed regularly.

• Role-based access control limiting data access to authorized users only
• Quarterly access reviews and prompt revocation upon role change or termination
• Multi-factor authentication required for all administrative access
• Short-lived, cryptographically signed tokens for system-to-system authentication
• All access is logged and auditable

Authentication

We offer multiple secure authentication methods to protect your account, including email and password login with secure hashing, social sign-in through trusted identity providers, SMS-based verification codes, and authenticator app support. Multi-factor authentication is available for all accounts and strongly encouraged.

Vulnerability Management

• Regular automated vulnerability scans of production systems
• Dependency scanning for known vulnerabilities in third-party packages
• Critical vulnerabilities addressed within 24 to 48 hours
• Annual penetration testing by independent security assessors
• Proactive monitoring and replacement of end-of-life software components

6. Data Encryption

In Transit

All data transmitted between your device and our servers is protected using industry-standard encryption protocols. We enforce HTTPS for all web traffic, and unencrypted connections are automatically redirected. Only strong, modern cipher suites are permitted.

At Rest

All sensitive data, including financial information and personal records, is encrypted at rest using industry-standard encryption. Our database and file storage providers employ server-side encryption, and encryption keys are managed separately from the encrypted data with regular rotation procedures.

7. Third-Party Service Providers

We work with a limited number of certified third-party providers to deliver our services. These providers assist us with functions such as:

• Payment Processing: Secure handling of payments and bank account verification
• Identity and Authentication: Social sign-in and multi-factor authentication services
• Cloud Infrastructure: Secure cloud hosting, database, and file storage
• Communications: Email and SMS delivery for notifications and verification
• Content Delivery: Fast and reliable delivery of platform assets

All third-party providers are vetted for their security practices and hold recognized industry certifications. They are bound by data protection agreements that limit how your data may be used and require them to maintain appropriate safeguards.

8. Data Retention and Deletion

RentierNow retains your data only for as long as necessary to provide our services and comply with legal obligations. Our retention policy is reviewed annually and updated as regulations evolve.

Retention Periods

• Active Account Data: Retained for the duration of your account plus 30 days after closure
• Financial Transaction Records: 7 years after the transaction, as required for tax and legal compliance
• Connected Financial Accounts: Until disconnected, plus 90 days for dispute resolution
• Lease Documents: Duration of the lease plus 7 years for legal compliance
• Access and Security Logs: 1 year for security monitoring purposes
• Marketing Preferences: Until you opt out

Deletion Procedures

• Account Deletion: You may request account deletion through your settings or by contacting support. Requests are processed within 30 days.
• Automated Purging: Data that exceeds its retention period is automatically removed through scheduled processes.
• Secure Erasure: Deleted data is cryptographically erased, not merely flagged or hidden.
• Backup Cleanup: Backups containing deleted data are purged within 90 days of a deletion request.
• Third-Party Notification: Upon receiving a deletion request, we notify relevant third-party providers to remove associated data.
• Confirmation: You will receive confirmation once your data deletion is complete.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request that we correct inaccurate or incomplete data
• Deletion: Request that we delete your personal data
• Portability: Request a copy of your data in a structured, machine-readable format
• Restrict Processing: Request that we limit how we use your data in certain circumstances
• Withdraw Consent: Withdraw your consent for data processing at any time
• Opt-Out: Opt out of marketing communications and non-essential data collection

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

10. Data Sharing

We do not sell your personal information.

We may share your information only in the following limited circumstances:

• Service Providers: With trusted third-party providers who assist us in operating our platform, subject to strict data protection agreements
• Legal Requirements: When required by law, court order, subpoena, or governmental authority
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case you will be notified
• Safety and Fraud Prevention: To protect the rights, property, or safety of RentierNow, our users, or the public
• With Your Consent: When you have given explicit consent to share your data

11. Incident Response

In the unlikely event of a data breach or security incident, RentierNow will take the following steps:

1. Promptly investigate, contain, and remediate the incident
2. Notify affected users within 72 hours in accordance with applicable laws
3. Notify relevant regulatory authorities as required
4. Implement corrective measures to prevent recurrence
5. Prepare a post-incident report documenting findings and improvements

12. Compliance

RentierNow is committed to complying with applicable data protection laws and regulations, including:

• California Consumer Privacy Act (CCPA)
• California Privacy Rights Act (CPRA)
• General Data Protection Regulation (GDPR), where applicable
• Gramm-Leach-Bliley Act (GLBA) for financial data
• Applicable state and federal financial privacy regulations
• Industry security standards and best practices

13. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will notify you by email or through a prominent notice on our platform prior to the changes taking effect.

Your continued use of our services after any updates to this policy constitutes your acceptance of the revised terms. We encourage you to review this page periodically.

14. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Privacy Inquiries: [email protected]
• Security Concerns: [email protected]
• Data Requests: [email protected]

RentierNow · San Diego, CA