← Home

Privacy Policy

Last updated: 2026-04-26 · Placeholder pending counsel review

Placeholder. This policy is draft scaffolding. It has not been reviewed by counsel. A final, jurisdiction-specific policy (CCPA / GDPR / state-specific) will replace this page before commercial onboarding of paying landlords.

What we collect

We collect:

  • Account data: name, email, phone, business name, role.
  • Property data: addresses, units, rent amounts, lease terms.
  • Payment metadata: amounts, dates, methods, statuses, Stripe identifiers. We do not store card numbers, bank account numbers, or full payment instruments — those live with Stripe.
  • Operational data: audit logs, sign-in events, IP address, user-agent.

Why we collect it

  • To provide rent collection, ledger, and reporting features.
  • To prevent fraud and abuse.
  • To comply with legal obligations (tax, audit, dispute response).

Who we share it with

  • Stripe — for payment processing and KYC. See stripe.com/privacy.
  • AWS — for hosting (Amplify, RDS, Route 53, Secrets Manager) in us-east-1.
  • Your counterparty in a lease — landlords see their tenants’ payment activity and contact info; tenants see their lease’s charges and receipts.
  • We do not sell or rent personal data to advertisers.

Data retention

Financial records (charges, payments, ledger entries, audit logs) are retained for at least seven years to support tax, dispute, and audit obligations. Other personal data is retained while your account is active and for a reasonable period thereafter.

Security

  • Passwords are hashed with bcrypt (cost 12).
  • Sessions are HTTP-only, SameSite=Lax cookies signed with HS256.
  • Database connections use TLS (sslmode=require).
  • Secrets live in AWS Secrets Manager — not in source control.
  • The append-only ledger is enforced by a Postgres trigger blocking UPDATE/DELETE.

Your rights

Depending on your jurisdiction (CCPA, GDPR, etc.) you may have the right to access, correct, or delete your personal data. Email hello@rentospro.com to make a request.

Cookies

RentOS Pro uses one functional cookie: the session cookie (rentospro_session). It is HTTP-only, encrypted, and required for authenticated use. We do not use third-party advertising cookies.

Children

RentOS Pro is not intended for children under 13.

Changes

We may update this policy; material changes will be announced in-product 30 days before taking effect.

Contact

Questions: hello@rentospro.com