Privacy Policy

Last updated: 2026

What we collect

Account data: your name, email, phone, and the properties, units, leases, tenants, and payments you record.

Authentication data: hashed passwords, passkey credentials, MFA secrets, trusted device fingerprints, login history. We never see your raw password.

Payment data: we use Stripe (Connect, Customers, Payment Methods). We don't store full card numbers — Stripe does. We store identifiers and metadata so we can show you what's happening.

Screening data: when you request a TransUnion screening, the report sits with the vendor; we store the status and a copy you can share with the applicant. Applicants consent to the FCRA disclosure before any pull.

Usage data: server logs (IP, user-agent, route, timing) for security and debugging. Retained 90 days.

What we don't do

• We don't sell your data. Ever.
• We don't share tenant data with landlords beyond what's required to operate the lease.
• We don't show third-party advertising in the product.
• We don't run third-party analytics in the product (marketing site uses Google Analytics 4 with IP anonymization).

Sub-processors

• Stripe — payments, customers, Connect payouts.
• TransUnion (via SmartMove) — tenant screening, only when explicitly requested.
• Plaid — income / asset verification, only when explicitly requested.
• Amazon Web Services / Microsoft Azure — infrastructure and SQL Server hosting.
• Sentry — error monitoring (no PII in error payloads).

Your rights

You can export your full data — ledger, leases, tenants, documents — as CSV/PDF from your account, on any plan including Free. You can delete your account; we honor a 30-day grace period in case you change your mind, then we hard-delete (financial records may be retained where law requires).

Contact

Privacy questions: privacy@rpmtogo.com.