IntaRent

Privacy Policy

Last updated: November 1, 2024

Effective date: November 1, 2024

1. Introduction

IntaRent ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

By using our rental property management platform ("Service"), you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller and Hosting

Data Controller: IntaRent
Email: [email protected]
Contact for Data Protection matters: [email protected]

We are the data controller responsible for the processing of your personal data when you use our Service.

Data Hosting Location: Our application and database are hosted on DigitalOcean cloud infrastructure in the Frankfurt, Germany datacenter. This ensures that all your personal data is stored and processed within the European Union, in full compliance with GDPR requirements for data residency.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6(1):

  • Contract performance (Article 6(1)(b)): Processing is necessary to provide our Service and fulfill our contractual obligations to you
  • Consent (Article 6(1)(a)): You have given explicit consent for specific processing activities (e.g., marketing communications, optional two-factor authentication)
  • Legal obligation (Article 6(1)(c)): Processing is necessary to comply with legal requirements (e.g., tax records, anti-money laundering)
  • Legitimate interests (Article 6(1)(f)): Processing is necessary for our legitimate interests (e.g., fraud prevention, service improvement, security)

4. Personal Data We Collect

4.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, password (encrypted), preferred language, and currency
  • User Role: Account type (Landlord, Renter, or Administrator)
  • Property Information: Apartment/property details including name, address, and description
  • Financial Information: Expense records, deposit amounts, meter readings, subscription information
  • Payment Information: PayPal transaction details (we do not store full credit card numbers or banking credentials)
  • Documents: Files you upload (e.g., renter documents, receipts)
  • Communications: Messages you send to us or through our Service
  • Security Information: Two-factor authentication settings and backup codes (if enabled)

4.2 Information We Collect Automatically

  • Usage Data: IP address, browser type, device information, pages visited, time and date of access
  • Session Data: Login sessions, authentication tokens
  • Cookies: Essential cookies for session management and CSRF protection (see Section 12)

4.3 Information from Third Parties

  • Payment Processors: Payment confirmation and transaction details from PayPal
  • Currency Exchange Services: Real-time currency conversion rates from OpenExchangeRates.org (no personal data shared)

5. How We Use Your Personal Data

We process your personal data for the following purposes:

5.1 Service Provision

  • Create and manage your user account
  • Facilitate property and rental management
  • Process expense and deposit records
  • Enable communication between landlords and renters
  • Process subscription payments and manage billing
  • Provide multi-currency conversions
  • Deliver the Service in your preferred language

5.2 Communication

  • Send email verification and password reset emails
  • Send service-related notifications (account activity, subscription updates)
  • Respond to your inquiries and support requests
  • Send important updates about the Service or this Privacy Policy

5.3 Security and Fraud Prevention

  • Verify your identity and authenticate access
  • Detect and prevent fraud, unauthorized access, and other illegal activities
  • Protect the security and integrity of our Service
  • Implement two-factor authentication (when enabled)

5.4 Service Improvement and Analytics

  • Analyze usage patterns to improve functionality
  • Monitor and resolve technical issues
  • Develop new features and services

5.5 Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to lawful requests from authorities
  • Enforce our Terms and Conditions
  • Maintain necessary business and tax records

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your information only in the following limited circumstances:

6.1 Within the Service

  • Between Landlords and Renters: Information necessary for property management (e.g., shared expenses, apartment details, deposit information)
  • Administrators: May access user data for support, troubleshooting, and service management purposes

6.2 Service Providers

We work with trusted third-party service providers who process data on our behalf:

  • Payment Processors: PayPal for subscription payment processing (subject to PayPal's Privacy Policy)
  • Hosting Provider: DigitalOcean for cloud infrastructure and data storage (Frankfurt, Germany datacenter - within the EU)
  • Email Services: SMTP providers for transactional emails
  • Currency Exchange API: OpenExchangeRates.org for real-time currency conversion (no personal data shared)

All service providers are contractually bound to protect your data and use it only for specified purposes.

6.3 Legal Requirements

We may disclose your information when required by law, court order, or governmental authority, or when necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activities
  • Respond to emergencies involving personal safety

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

7. International Data Transfers

EU Data Storage: All personal data processed through IntaRent is stored in the DigitalOcean Frankfurt datacenter located in Germany, within the European Union. This ensures compliance with GDPR data residency requirements.

For third-party services that may involve data transfers outside the EEA (such as PayPal), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with service providers
  • Adequacy Decisions: We may transfer data to countries recognized by the EU Commission as providing adequate protection
  • Privacy Framework Compliance: Where applicable, we rely on appropriate data transfer mechanisms

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods:

  • Active Accounts: Data is retained while your account is active and for the duration of any ongoing relationship
  • Inactive Accounts: Account data may be retained for up to 3 years after last login for security and legal purposes
  • Financial Records: Retained for 7 years to comply with tax and accounting regulations
  • Archived Renters: Renter data may be retained by landlords for record-keeping purposes even after archival
  • Communication Logs: Email confirmations and notifications retained for 1 year
  • Security Logs: Authentication logs and security events retained for 90 days
  • Deleted Accounts: Upon account deletion, personal data is removed within 30 days, except where retention is required by law

9. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights regarding your personal data:

9.1 Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and to access that data. You can view most of your information through your account settings.

9.2 Right to Rectification (Article 16)

You have the right to correct inaccurate or incomplete personal data. You can update most information through your account settings or by contacting us.

9.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Note: We may retain certain data where required by law (e.g., financial records for tax purposes).

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days as required by GDPR. We may request additional information to verify your identity before processing your request.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

Technical Measures:

  • Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL
  • Password Protection: User passwords are hashed using industry-standard algorithms (never stored in plain text)
  • Two-Factor Authentication: Optional TOTP-based 2FA for enhanced account security
  • Session Management: Secure session cookies with HttpOnly and SameSite attributes
  • CSRF Protection: Cross-Site Request Forgery tokens on all state-changing requests
  • Database Security: Encrypted database connections and access controls
  • EU-Based Infrastructure: All data stored in DigitalOcean's Frankfurt datacenter with enterprise-grade security

Organizational Measures:

  • Access Controls: Limited access to personal data on a need-to-know basis
  • Regular Security Audits: Periodic review of security practices and vulnerabilities
  • Incident Response: Procedures for detecting and responding to data breaches
  • Staff Training: Regular training on data protection and security practices

Data Breach Notification:

In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Article 33, unless the breach is unlikely to result in a risk to your rights and freedoms.

11. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected], and we will delete such information immediately.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our Service. Cookies are small text files stored on your device.

Types of Cookies We Use:

  • Essential Cookies (Strictly Necessary):
    • Session Cookies: Maintain your login session (sessionid)
    • CSRF Tokens: Protect against cross-site request forgery attacks (csrftoken)
    • Language Preference: Remember your language selection (django_language)
    These cookies are necessary for the Service to function and cannot be disabled.

Cookie Management:

You can control cookies through your browser settings. Note that disabling essential cookies will prevent you from using the Service. We do not use analytics, advertising, or third-party tracking cookies.

Do Not Track (DNT):

We respect Do Not Track signals. Our Service does not track users across third-party websites.

13. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any automated processes (e.g., subscription validation) are transparent and subject to human review upon request.

14. Third-Party Links

Our Service may contain links to third-party websites (e.g., PayPal). We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies before providing any personal data.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of any material changes by:

  • Posting the updated policy on our website with a new "Last updated" date
  • Sending an email notification to your registered email address (for significant changes)
  • Displaying a prominent notice on the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy. We recommend reviewing this policy periodically.

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Email: [email protected]
Data Protection Officer: [email protected]
General Support: [email protected]

17. EU-Specific Information

17.1 Data Protection Authority

Our data is hosted within the European Union (Frankfurt, Germany). You have the right to contact your local data protection authority with any concerns.

17.2 Data Processing Addendum

For business customers (landlords using our Service for commercial purposes), we act as a data processor for renter data. A Data Processing Addendum (DPA) is available upon request to ensure GDPR compliance in processor-controller relationships.

17.3 EU Representative

If required under GDPR Article 27, we will appoint an EU representative and update this section with their contact details.

18. Specific Country Requirements

18.1 France

In accordance with French data protection law (Loi Informatique et Libertés), you have additional rights regarding post-mortem data. You may give instructions regarding the storage, deletion, and communication of your personal data after your death.

18.2 Germany

German users have specific rights under the German Federal Data Protection Act (BDSG). We comply with all applicable German data protection requirements, including enhanced employee data protection standards. Our hosting in the Frankfurt datacenter ensures compliance with German data residency preferences.

18.3 Other EU Countries

Users in other EU/EEA countries benefit from GDPR protections and may have additional national data protection rights. Please contact us for country-specific information.

19. Legal Compliance Summary

This Privacy Policy is designed to comply with:

  • General Data Protection Regulation (GDPR) (EU) 2016/679
  • ePrivacy Directive 2002/58/EC (as amended)
  • National data protection laws implementing GDPR across EU member states
  • Payment Services Directive 2 (PSD2) where applicable

This Privacy Policy was last reviewed and updated on November 1, 2024 to reflect our move to DigitalOcean's Frankfurt datacenter and ensure full GDPR compliance with EU data residency.

Version: 2.1 (GDPR Compliant - EU Hosted)

Last updated: November 16, 2025

© 2024 IntaRent. All rights reserved. | Privacy Policy | Terms and Conditions