Back to home

Privacy Policy

Last updated April 20, 2026

This policy describes what personal information RentalPulse (“we,” “us”) collects, how we use it, who we share it with, and the choices you have. It applies to the RentalPulse web application and related services.

1. Information We Collect

Account information. When you sign up we collect your email address, the password you choose (stored hashed, never in plain text), the name of your organization, and the role assigned to you.

Property and booking data. When you add properties and connect iCal feeds, we fetch calendar data on a recurring schedule. This may include check-in and check-out dates, guest display names, reservation summaries, and platform-specific identifiers. We do not receive payment information or full guest PII from the upstream platforms — only what the iCal feed exposes.

Billing information. Subscription payments are processed by Stripe. We receive billing status, subscription-plan metadata, and customer identifiers; we do not store full card numbers on our servers.

Usage information. We log standard request metadata (IP address, user-agent, timestamps) for security, fraud prevention, and debugging.

Push-notification tokens. If you opt into browser notifications, we store the subscription endpoint issued by your browser so we can deliver alerts you’ve enabled.

2. How We Use Information

  • to provide, maintain, and improve the service;
  • to authenticate you and protect against unauthorized access;
  • to bill you for paid subscriptions and send receipts;
  • to send operational email (trial expiry, security alerts, invitations);
  • to respond to support requests;
  • to comply with legal obligations and enforce our Terms.

We do not sell your personal information. We do not use your Customer Data to train general-purpose AI models.

3. Service Providers and Sharing

We share the minimum information needed with third-party providers that run parts of our infrastructure under contractual confidentiality obligations:

  • Supabase — database, authentication, and storage.
  • Stripe — subscription billing and payment processing.
  • Vercel — application hosting and edge delivery.
  • iCal upstreams — Airbnb, VRBO, Booking.com, and any other iCal source you configure. We fetch the URLs you provide; we do not send them your personal information.

We may also disclose information if required by law, to protect our rights or safety, or as part of a merger, acquisition, or sale of assets. In the last case we will notify you via email or in-app notice before your information becomes subject to a different privacy policy.

4. Your Rights

Depending on where you live (for example under GDPR in the EU/UK or CCPA/CPRA in California), you may have the right to:

  • access the personal information we hold about you;
  • correct inaccurate information;
  • delete your account and associated Customer Data;
  • export a machine-readable copy of your data;
  • object to or restrict certain processing;
  • lodge a complaint with a supervisory authority.

To exercise any of these rights, email us at the address below. We will respond within the timeframes required by applicable law.

5. Data Retention

We retain Customer Data for as long as your account is active. After cancellation we keep it for up to 30 days so you can reactivate, then permanently delete it, except where longer retention is required by law (for example billing records). Webhook and sync logs are kept for up to 90 days for operational reasons; booking-notification dedupe records are kept for up to 60 days.

6. Security

We encrypt data in transit using TLS and at rest using the protections provided by our infrastructure partners. Access to production systems is restricted, logged, and requires multi-factor authentication. Row-level security policies isolate each organization’s data in the database. No system is perfectly secure; if we become aware of a breach affecting your personal information, we will notify you in accordance with applicable law.

7. Cookies and Similar Technology

We use strictly necessary cookies to keep you signed in and to secure the session (CSRF, auth tokens issued by Supabase). We do not use third-party advertising cookies or sell analytics data to advertisers.

8. Children

The service is not directed at children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us information, email us and we will delete it.

9. International Transfers

We may store and process information in countries other than the one you live in. Where required, we rely on approved transfer mechanisms (such as the EU Standard Contractual Clauses) to protect personal information in transit.

10. Changes to This Policy

We may update this policy to reflect changes in our practices or for legal reasons. Material changes will be announced via email or in-app notice at least 15 days before they take effect.

11. Contact

Questions, requests, or complaints? Email rentalpulseai@gmail.com. See also our Terms of Service.