- We offer just-in-time notices for key places where you submit data, so you can review how the data you submit might be used.
- Example: Before adding a roommate, we present to you information about what data of yours they’ll be able to see.
- We have strong security measures, including SSL, encrypted passwords, lockouts for failed attempts, and more.
- Example: It’s technically impossible for our database admins to view a user’s password.
- We engage in privacy-by-design, meaning that we workshop the expectations of the user, find potential misuses of the data, and build our products around those insights.
- Example: To protect against landlords creating fake accounts to learn more about tenants, roommates are invite-only. Even if two people claim to live in the same apartment unit, we don’t share data between tenants unless they’ve reviewed and accepted a roommate invite.
- We review the security practices of all our vendors to ensure that they have strong practices.
- Example: Our key hosting vendors (Heroku, AWS, FireBase, BlueHost) are all known for world-class security practices guaranteed through their data processing agreements.
- Our system is designed for rapid deployments of security updates across all platforms.
- Example: In one case, a new vulnerability was discovered by the cybersecurity community in a commonly-used dependency (the sprockets gem). Our hosting provider flagged this for their clients and recommended patching the software. We were able to implement the patch and deploy it within an hour of this notice across Android, iOS, and web, all with only a few seconds of downtime.
- Our customer service is strong, highly educated, and we respond quickly to users’ concerns.
- Example: Email us with your concern. We reply quickly.
- For more details on how our technology protects your privacy and security, click here.
As you share information about your home and chat with others in the community, we always work to make sure you fully understand where exactly your data is going. RenterPeace is founded by a certified privacy professional, so we’ve taken your rights seriously from day one with features like just-in-time privacy notices, SSL protection, and real-time data validation. If you ever have questions, reach us at firstname.lastname@example.org.
Information we collect
We collect information about how you use our Services, from user-submitted information about landlords, and in limited circumstances, from partners. We collect PII, DII, and log information about your interactions as described below.
Personally identifiable information (PII) is information that can be used to identify or contact you online or offline, such as your name, address, email, phone number, photos, videos, or audio data, and payment information. We may collect PII when it is provided to us, such as when you use our Services, attempt to contact us, submit a resume or job application, or connect with us on social media or one of our partners. For example, you may see a “Log in with…” button, which means we request PII from a partner to streamline the login the process. You will likely be presented with a “request for permission” screen by a third party asking to share your ID, profile picture, and other listed information with us.
In some circumstances, we may receive user submissions or complaints about tenants that are not part of the platform. For example, a tenant may send an invite to a roommate. Tenants are also encouraged to submit information about persons they enter as landlords, including the landlord’s PII, with or without the landlord’s permission.
We may also create or collect more technical device-identifiable information (DII), such as cookies, unique device and advertising identifiers, usernames, and similar identifiers that are linkable to a browser or device, but not directly linkable to you as an individual. We may also receive other information, such as your IP address, user agent, timestamps, precise and imprecise geolocation, sensor data, apps, fonts, battery life information, and screen size.
Our Services collect information about your interactions, including navigation paths, search queries, crashes, timestamps, purchases, clicks and shares, and referral URLs. We may combine this data with PII and DII. For efficiency’s sake, information about your interactions may be transmitted to our servers while you are not using the app. We may also partner with third parties that collect additional information – please see their privacy policies for more details and see below for your choices regarding these parties.
How we use information
We use the information we receive to provide, maintain, protect and improve our Services, to develop new Services and offerings, and to protect us and our users.
PII is primarily used for business purposes, such as for sending you occasional newsletters and updates, hiring, responding to inquiries, logins, and providing Services. When you contact us, we may keep a record of your communication as well as the other information to help solve any issues you might be facing. We may use your email address to inform you about our Services, such as letting you know about changes or improvements. Please keep in mind that comments, chat rooms, and other similar areas of our Services are public. Any information posted in those areas is viewable and usable by anyone that has access.
We share PII with companies, outside organizations, and individuals for limited reasons, outlined below:
- With your consent – We will share PII with companies, outside organizations or individuals if we have your consent to do so.
- For legal reasons – We will share PII with companies, outside organizations or individuals if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process or enforceable governmental request, detect, prevent, or otherwise address fraud, security or technical issues or protect against harm to the rights, property or safety of our users or the public as required or permitted by law. This includes sharing information with authorities about serious crimes or threats.
- In case of a sale or asset transfer – If we become involved in a merger, acquisition or other transaction involving the sale of some or all of our assets, user information, including PII collected from you through your use of our Services, could be included in the transferred assets. Should such an event occur, we will use reasonable means to notify you, either through email and/or a prominent notice on the Services.
- In aggregated form for business purposes – We may share aggregated information and DII with our partners such as businesses we have a relationship with, advertisers or connected sites. For example, we may share information to show trends about the general use of our services.
We use DII to operate our Services and manage user sessions, including analyzing usage of our Services, preventing malicious behavioral and fraud, improving the content, to link your identity across devices and browsers in order to provide you with a more seamless experience online, and helping third parties provide relevant advertising and related metrics. We share DII with third parties primarily for advertising and analytics purposes, for external processing, and for security purposes.
Like many other companies, we do not honor DNT flags but instead, offer other choices with respect to third parties. Many third parties participate in self-regulation to offer you a choice regarding receiving targeted ads. Please note that you’ll still see generic ads after opting out, but they won’t be based on your activities online. On the web, you can opt out of participating companies by visiting the following sites:
If you wish to similarly opt out of cross-app advertising on mobile devices, you can enable the Limit Ad Tracking flag on the device. Enabling Limit Ad Tracking sends a flag to third parties that you wish to opt out of targeted advertising on that device, and major mobile platforms require companies to honor this flag. Screenshots on how to find these options on various devices are available here: http://www.networkadvertising.org/mobile-choices. As of June 16th, 2018, our only third party ad vendor is AdSense, who we’ve confirmed participates in all of the mechanisms listed above (they may be listed as Google).
Users covered under the EU General Data Protection Regulation (or similar laws) have the right to access their data, rectify mistakes, erase their data, restrict certain processing (i.e., opt-out), export their data, withdraw consent, and lodge a complaint with a supervisory authority. Before using these rights, we may ask you to verify your identity to ensure that only you can use these rights on your own account.
Legal Bases for Processing
The data we process may qualify for multiple legal bases for processing under Article 6 of the General Data Protection Regulation (and similar laws that specify legal bases for processing). Below are our primary legal bases for each type of data for users covered under such laws:
It is contractually necessary and a legitimate interest to process your username, email, password, cookie data, IP address, and similar information to fulfill our obligations in the terms of service to provide you with high-quality web and mobile from ourselves and our partners. Where users log in with social media accounts (like Facebook or Google), those companies have obtained consent on our behalf to use that data to create your account, verify your email, and import some profile information. We do not import your data about your friends from these login services.
Tenants can upload their landlords’ contact information and track the landlords’ apartment issues, chat, ratings and reviews, last login time, response times, and similar details about how to contact their landlord. They may also be able to see the contact information others have tracked. There is a legal, vital, legitimate, and public interest in storing this information so tenants may better notify their own landlords and obtain safer housing conditions. Such data may be stored on a private blockchain.
Knowing users’ addresses is essential to the operation of our services. We have a contractual necessity to provide you with localized legal information, help select your currency and time zone, and similar customizations based on your region. We have a legitimate interest in processing users’ addresses for statistical analysis, aggregate reports, and more.
It’s contractually necessary to process your searches to provide you with navigation our site and features, namely the functionality of the smart assistant. We have a legitimate interest in monitoring the use of this search to improve our algorithms.
It is a contractual necessity and a legitimate interest to collect user posts and replies, related pictures/files, the account that posted the data, and metadata (such as the time of the post and any metadata attached to the files). This information powers a “social guestbook”, which functions both as a guestbook and a social media. It is also used as a method to comment on various parts of the site.
It is a contractual necessity and a legitimate interest to collect information about users’ chores, shopping, expenses, and other data as entered for the purpose of tracking. This data is used to provide users with lists, analysis, and sharing with selected people. We have a legitimate interest in analyzing the content of this data (in aggregate form) to improve our services, such as providing shortcuts to frequently posted chores. We also have a legitimate interest in reviewing such data to resolve issues, debug our software, and to help comply with users’ data requests.
We offer a variety of social features on our services. We obtain users’ consent for the processing of data necessary for chats and forums, and any optional profile information, such as a phone number, profile pictures, and mailing address. Consent is also obtained to add and engage with friends and other scenarios as appropriate.
We have a legitimate interest in asking for and collecting tenants’ rent, length of time in their apartment, lease type, and similar information. This information is useful to encourage landlords to connect, to provide tenants with info about their apartments, and either now or in the future, useful to provide additional features to the user.
We have a legitimate interest in monitoring the usage of our services to conduct analytics, measure usage and conversions, detect fraudulent users, implement data security measures, and other such activities to improve our services. We and our processors have measures in place to protect your privacy.
We have a legitimate interest in processing payments to provide advanced features and storing users’ purchase history for the purpose of providing users help in fixing purchase and payment issues.
Landlords may obtain tenant screening reports through a report provided by a third party services for tenants that have a US social security number. This is simply a co-branding relationship. We do not share any user data with this service or in any way determine the means and purposes of their data processing (and vice versa).
We have a legitimate interest in enabling third party personalized ads and data collection on services to help provide a more customized ad experience for our users and site visitors. Our reputable partners provide opt outs and other measures to protect your privacy (currently, all ads are serviced by Google AdSense). In some cases as appropriate, we or our partners obtain consent.
We have a legitimate interest and a contractual necessity in processing usage data necessary to suggest products and services to our users.
We have a legitimate interest in sending periodic email and direct marketing to inform registered users of updates and offers. We make clear disclosures when users sign up and offer opt-outs for anyone not interested.
For HR and internal operations, we rely on contractual necessity and legitimate interests to process the data of applicants and staff, such as for resumes and applications, payroll, internal chat and communications, and project management.
We have a legitimate interest in processing users’ personal data to provide customer support and answer sales questions, including data such as emails, names, and other details as necessary to answer user questions.
Accessing and updating your information
We aim to provide you with reasonable opportunities to access, update, and delete to your PII. In some cases, we may have to keep that information for legitimate business or legal purposes. When updating your information, we may ask you to verify your identity before we can act on your request.
We work hard to protect our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold and undertake reasonable security measures with appropriate confidentiality, integrity, and availability protections. However, since no software or storage system is 100% secure, we cannot guarantee for the security of your information associated with the Services, or any other service for that matter. You can help protect your account information by using unique and hard-to-guess passwords. We retain your data for up to 5 years since the last login or where we have a legally valid reason to store it for longer (e.g., where a user has purchased a service or where we are required by subpoena to keep data).
Our services are intended for users that rent apartments, who are usually over 18. We do not knowingly collect information for any child under the age of 13. Our Services are not directed toward children under 13 and we will not knowingly collect information for any child under the legal age to provide consent to data processing (13 in the US and up to 16 in EU countries). If you are the parent of a child under the age required to provide consent and have a concern regarding your child’s information on our Services, please contact us at the email listed at the bottom of this policy.
Note: This we have submitted our self-certification and this section will be applicable only if and when the International Trade Administration approves the application.
If we transfer personal information from the European Union to the United States, we comply with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
For any questions or complaints regarding our compliance with either the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework, please contact us at the email listed at the bottom of the page. If we do not resolve your complaint, you may submit your complaint free of charge to the dispute resolution panel set forth by the data protection authorities, our designated independent dispute resolution provider (a panel established by the EU data protection authorities). Under certain conditions specified by the principles of the EU-U.S. and the Swiss – U.S. Privacy Shield Frameworks, respectively, you may also be able to invoke binding arbitration to resolve your complaint. We are also subject to the investigatory and enforcement powers of the US Federal Trade Commission. While we do our best to ensure our partners are also compliant, we are not liable for third parties’ processing of EU Data in violation of the Principles. We may be legally obligated to disclose personal information to authorities to meet national security, law enforcement, or other legal requirements.
If you have questions or requests regarding your privacy, please contact us at privacy – at – renterpeace.com