Privacy Policy

• Account information. When you sign up, our authentication provider (Clerk) stores your email address and an opaque user identifier. We do not store your password.
• Documents you upload. The PDFs you submit (rent rolls, T-12s, operating statements) and the Excel files we generate from them.
• Billing information. If you subscribe or buy credits, Stripe processes the payment. We never see or store full card numbers — only Stripe's customer ID, plan, and last-four digits.
• Usage and diagnostics. Standard request logs (IP address, timestamps, user agent), error reports via Sentry, and product analytics via PostHog. These help us keep the service running and fix bugs.

• To process your uploaded PDFs and return the Excel file.
• To send transactional email (file ready, file failed, billing receipts).
• To enforce plan limits, prevent abuse, and answer support questions.
• To improve the product based on aggregate usage patterns.

We do not sell your data, and we do not use the contents of your documents to train AI models. Your PDFs are sent to third-party extraction APIs (see below) under contracts that prohibit training on customer data.

Documents are stored in Cloudflare R2, encrypted at rest. Database records (account, document metadata, billing state) are stored in Supabase Postgres, encrypted at rest. All connections use TLS.

Uploaded PDFs and the generated Excel files are deleted 30 days after upload. Document metadata (file name, status, audit trail) is retained for as long as your account is active so you can see your history. Account and billing records are retained for the length of your account plus 7 years for tax and accounting purposes after closure.

You can request earlier deletion of any specific file or your entire account at any time by emailing support@rentrolliq.com.

We rely on the following vendors to operate the service:

• Clerk — authentication and session management.
• Supabase — application database (Postgres).
• Cloudflare R2 — encrypted object storage for PDFs and Excel files.
• Anthropic (Claude) — language-model classification and structured extraction. Customer data is not used for training.
• Reducto — primary PDF table extractor.
• Mistral — OCR fallback for scanned PDFs.
• Inngest — background job queue.
• Stripe — payment processing.
• Resend — transactional email delivery.
• Vercel and Render — application hosting.
• Sentry, PostHog, and Google Analytics 4 — error monitoring and product analytics. Analytics scripts only load after you accept the cookie banner; declining blocks them entirely.

On first visit you'll see a banner asking whether to enable analytics cookies. We honor your browser's Do Not Track setting automatically — if it's on, the banner does not appear and no analytics scripts load.

If you decline: no Google Analytics or PostHog scripts are loaded; no tracking cookies are set. You'll still get strictly necessary cookies from Clerk (session) and Stripe (checkout) when those are needed.

If you accept: Google Analytics 4 sets _ga and related cookies for traffic analysis; PostHog sets ph_-prefixed cookies for product analytics. We do not run advertising tags or share data with ad networks.

To change your choice later: click Cookie preferences in the page footer. The banner reappears with both options.

Depending on where you live, you may have the right to access, correct, export, or delete the personal data we hold about you, and to object to certain processing. To exercise any of these rights, email support@rentrolliq.com from the address on the account. We'll respond within 30 days.

We use industry-standard practices: TLS in transit, encryption at rest, scoped service credentials, narrow IAM permissions, and audit logging. No system is perfectly secure. If you discover a vulnerability, please email support@rentrolliq.com and we'll respond promptly.

RentRollIQ is a B2B product not intended for children under 16. We do not knowingly collect data from children.

Our infrastructure is hosted in the United States. By using RentRollIQ from outside the US, you understand that your data will be transferred to and processed in the US.

When we update this policy, we'll change the “Last updated” date at the top and, for material changes, send account holders an email at least 14 days before the change takes effect.

Questions, complaints, or data requests: support@rentrolliq.com. For our mailing address, see the Contact page.