RentWise← Back to home

Privacy Policy

Last updated: 31 May 2026

1. Who we are

RentWise is a property portfolio management platform operated as a SaaS service. When this policy refers to “we”, “us”, or “our”, it means RentWise. When it refers to “you”, it means the landlord or tenant using the platform.

For questions about this policy, contact us at: support@rentwise.fyi

2. What data we collect

Account information (landlords)

  • Full name, email address, phone number, and company name.
  • Password — stored encrypted and managed by Supabase Auth. We never see your plaintext password.
  • Preferences: timezone and currency.

Property and portfolio data

  • Property addresses: the address, city, postal code, and country of properties you manage. This is the address of the managed property, not your personal home address.
  • Financial records: rental income, expenses by category (maintenance, insurance, taxes, cleaning, etc.), repair costs, deposit amounts, and monthly rent figures. This is rental portfolio data — we do not collect or store bank account numbers or banking credentials.
  • Lease data: lease start and end dates, rent amounts.
  • Maintenance tickets: issue descriptions, categories, priorities, photos, and repair notes.
  • Service bookings: booked service type, scheduled date, and quoted price.

Tenant information (entered by landlords)

Landlords may enter the following personal data about their tenants: full name, email address, and phone number. See Section 3 below for how this data is handled and your responsibilities as the data controller for your tenants.

Billing information

  • Subscription plan and payment status.
  • We do not store card numbers, CVV codes, or banking details — these are handled exclusively by Stripe. See Section 5.

Technical data

  • We do not run analytics or behavioural tracking on this platform.
  • Our hosting provider (Vercel) collects standard server logs — including IP addresses, request timestamps, and browser/device type — for infrastructure and security purposes. This data is not used by us for profiling.
  • Authentication session cookies are used. We do not set advertising or tracking cookies.

3. Tenant data — your responsibilities as a landlord

When you add a tenant’s name, email, or phone number to RentWise, you are acting as the data controller for that personal data under the GDPR. RentWise acts as your data processor — we store and process that data solely on your instruction, to operate the platform on your behalf.

This means:

  • You are responsible for having a lawful basis to enter your tenants’ personal data into RentWise (for example, a legitimate interest in managing your rental or a contractual necessity under the tenancy agreement).
  • If a tenant contacts you to exercise their GDPR rights (access, correction, deletion), you are responsible for responding. You can delete a tenant’s data from within the platform, or contact us if you need assistance.
  • We will not use your tenants’ data for any purpose other than operating the platform features you use.

Tenant invites sent via RentWise include a link that allows tenants to create their own account. Once they do, they become data subjects in their own right and this policy applies to them directly.

4. How we use your data

  • To provide and operate the RentWise platform.
  • To process your subscription and send billing-related emails.
  • To send transactional emails: lease expiry reminders, maintenance alerts, booking confirmations, tenant invites, and monthly portfolio digests.
  • To comply with legal and regulatory obligations.

We do not sell your data to third parties. We do not use your data for advertising.

5. Legal basis for processing (GDPR)

We process your personal data on the following legal bases:

  • Contract (Art. 6(1)(b)): processing your account information and portfolio data is necessary to deliver the service you signed up for.
  • Legitimate interests (Art. 6(1)(f)): server logs and security monitoring are processed in our legitimate interest to keep the platform secure and operational.
  • Legal obligation (Art. 6(1)(c)): retaining financial records may be required by applicable tax or accounting law.
  • Consent (Art. 6(1)(a)): for any optional communications or features beyond what is required to operate the service, we will ask for your explicit consent first.

6. Third-party sub-processors

We use the following sub-processors to operate the platform. Each receives only the data necessary for their function:

  • Supabase — database storage and user authentication. All your account and portfolio data is stored here. Privacy policy
  • Stripe — payment processing. Stripe handles all card and billing data. We only receive subscription status from Stripe; we never see your card number or CVV. Privacy policy
  • Resend — transactional email delivery. Resend receives your name and email address (and your tenants’ where applicable) to deliver emails triggered by platform events. Privacy policy
  • Vercel — application hosting and deployment. Vercel processes request metadata (IP address, browser type, URL) as part of serving the application. Privacy policy

7. International data transfers

Supabase, Stripe, Resend, and Vercel are US-based companies. When your data is processed by these sub-processors, it may be transferred to and stored in the United States or other countries outside the European Economic Area (EEA).

Where such transfers occur, we rely on appropriate safeguards including the EU Standard Contractual Clauses (SCCs) as approved by the European Commission, and/or the EU-US Data Privacy Framework where applicable. Each sub-processor linked above maintains their own transfer mechanisms described in their privacy policies.

8. Data retention

We retain your data for as long as your account is active and your subscription is valid.

  • Account deletion: if you delete your account (available in Account settings), your personal data and all associated records are permanently deleted immediately from our database. This action is irreversible.
  • Legal retention: where applicable law requires it (for example, tax or accounting regulations), financial transaction records may be retained for up to 7 years even after account deletion. In such cases, only the minimum data necessary is kept.
  • Backups: deleted data may persist in encrypted database backups for up to 30 days before being purged from backup storage.

9. Your rights (GDPR)

If you are based in the EU or EEA, you have the following rights under the GDPR:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data. You can update your name and email directly in Account settings.
  • Erasure: request deletion of your data. You can delete your entire account immediately in Account settings, or contact us if you need partial deletion.
  • Restriction: request that we restrict processing of your data in certain circumstances.
  • Portability: request a copy of your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any right not covered by self-service settings, email us at support@rentwise.fyi. We will respond within 30 days. If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority — in Luxembourg, this is the CNPD (Commission nationale pour la protection des données).

10. Cookies

We use essential session cookies only. These are required for authentication and security — without them, you cannot stay logged in. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

Because we use only strictly necessary cookies, no consent banner is required under the ePrivacy Directive. A summary of our cookie use is also included in our Terms of Service (Section 9).

11. Changes to this policy

We may update this policy from time to time. For material changes, we will notify you by email at least 14 days before they take effect. The date at the top of this page always reflects the most recent version. Continued use of the platform after the effective date of any changes constitutes acceptance of the updated policy.