Privacy Policy

Last updated: June 30, 2025

PropRentalAI, Inc. ("PropRentalAI," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our property management platform and related services (the "Service"). By accessing or using the Service, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide. We collect information you voluntarily provide, including:

  • Account Information: Name, email address, phone number, organization name, and payment details.
  • Property & Tenant Data: Property addresses, unit details, tenant names, contact information, lease terms, rent amounts, and maintenance records.
  • Service Provider Data: Provider names, contact details, contract terms, invoices, and signatures.
  • Communications: Messages sent through the platform, support inquiries, and survey responses.
  • Documents: Leases, contracts, invoices, and other files uploaded to the Service.

1.2 Information Collected Automatically. When you use the Service, we automatically collect:

  • Usage Data: Pages visited, features used, actions taken, and timestamps.
  • Device Information: Browser type, operating system, device identifiers, and screen resolution.
  • Network Data: IP address, approximate geographic location, and referring URLs.
  • Cookies & Similar Technologies: Session cookies for authentication, preference cookies, and analytics cookies. See Section 8 for details.

1.3 Information from Third Parties. We may receive information from identity verification services, payment processors, and analytics providers in connection with the Service.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve the Service, including AI-powered features such as lease generation, maintenance triage, and contract generation.
  • Account Management: To create and manage your account, process payments, and communicate with you about your subscription.
  • AI Processing: To power our AI features, your property and tenant data is processed by our AI models. We do not use your Customer Data to train general-purpose AI models. AI processing is limited to generating outputs specific to your account.
  • Security: To detect, prevent, and address fraud, unauthorized access, and other security issues.
  • Communication: To send transactional emails, service notifications, and, with your consent, marketing communications.
  • Compliance: To comply with legal obligations and respond to lawful requests from governmental authorities.
  • Analytics: To analyze usage patterns and improve the Service.

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service pursuant to our Terms of Service (Article 6(1)(b) GDPR).
  • Legitimate Interests: Processing necessary for our legitimate interests, including fraud prevention, security, and service improvement (Article 6(1)(f) GDPR).
  • Consent: Processing based on your explicit consent, such as marketing communications (Article 6(1)(a) GDPR).
  • Legal Obligation: Processing necessary to comply with our legal obligations (Article 6(1)(c) GDPR).

4. Data Sharing & Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We share data with third-party vendors who assist in operating the Service, including cloud hosting (Microsoft Azure), authentication (Supabase), payment processing, and email delivery. These providers are contractually bound to protect your data.
  • Within Your Organization: Data is shared among Authorized Users within your organization as necessary to use the Service (e.g., property managers, tenants, service providers).
  • Legal Requirements: We may disclose data when required by law, subpoena, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to this Privacy Policy.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Upon account termination, we retain Customer Data for 30 days to allow for data export, after which it is permanently deleted. We may retain certain data longer as required by law (e.g., financial records for tax compliance) or to resolve disputes.

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access control (RBAC) with least-privilege principles.
  • Organization-level data isolation — your data is never shared across organizations.
  • Regular security assessments and vulnerability scanning.
  • Secure authentication via Supabase with support for multi-factor authentication.

While we employ commercially reasonable measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. When we transfer personal data outside the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms, to ensure adequate protection of your data.

8. Cookies & Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, security, and core Service functionality. Cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with the Service. You may opt out through your browser settings or our cookie preference center.

We do not use advertising or third-party tracking cookies.

9. Your Rights

9.1 Rights Under GDPR (EEA/UK/Switzerland Residents). You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request restriction of processing under certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent.

9.2 Rights Under CCPA (California Residents). If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose.
  • Request deletion of your personal information.
  • Opt out of the sale of personal information (we do not sell personal information).
  • Non-discrimination for exercising your privacy rights.

To exercise any of these rights, please contact us at privacy@proprentalai.com. We will respond within 30 days (or as required by applicable law).

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or prominent notice within the Service at least 30 days before they take effect. Your continued use of the Service after any modifications constitutes your acceptance of the revised Privacy Policy.

12. Data Protection Officer

If you have questions or concerns about our data practices, you may contact our Data Protection Officer at:
PropRentalAI, Inc.
Email: privacy@proprentalai.com

If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local supervisory authority.