This policy explains how RentHack collects, uses, and protects your personal information. We are committed to keeping your data private and secure.
We collect the following categories of information:
| Category | Examples | How collected |
|---|---|---|
| Account information | Email address, display name, organization | You provide at signup or in your profile |
| Authentication data | Encrypted password hash, OAuth tokens | Created during account creation or OAuth login |
| Deal data | Property addresses, financial assumptions, notes, photos, analysis results | You enter this data into the app |
| Usage data | Pages visited, features used, tab navigation, errors encountered | Automatically collected via PostHog analytics and Sentry error tracking |
| Payment data | Subscription status, Stripe customer ID | Generated when you subscribe; we do not store card numbers |
| Technical data | IP address, browser type, device type, timestamp | Automatically collected with each request |
We do not use your data for advertising, sell your data to third parties, or share it with any party not listed in this policy.
We use the following third-party services to operate RentHack. Each has its own privacy policy governing their use of data.
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication, file storage | Account data, deal data, auth tokens — stored on Supabase's infrastructure |
| Stripe | Payment processing | Email address for checkout; Stripe manages all payment card data |
| OAuth sign-in (optional) | Email and name if you choose to sign in with Google | |
| PostHog | Product analytics | Anonymous usage events (page views, feature interactions, no personal identifiers by default) |
| Sentry | Error monitoring | Error stack traces and technical context; no deal data is sent to Sentry |
| Resend | Transactional email delivery | Your email address and email content for account-related emails |
Your deal data is stored in Supabase, which uses row-level security (RLS) to ensure only your authenticated account can access your data. Passwords are hashed using bcrypt and are never stored or transmitted in plain text. We use HTTPS for all data transmission. Access to production databases is restricted to authorized personnel only.
No method of electronic storage or transmission is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security.
We retain your account and deal data for as long as your account is active. If you delete your account, we will delete your data from our active databases within 30 days. Residual copies in backups will be overwritten during our normal backup rotation (typically within 90 days). Payment records may be retained for up to 7 years to comply with financial recordkeeping requirements.
You have the following rights regarding your data:
To exercise these rights or if you have questions, contact us at [email protected].
We use the following cookies and local storage:
The Service is not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where appropriate, sending an email to your registered address. Your continued use of the Service after changes constitutes your acceptance of the updated policy.
If you have questions about this Privacy Policy or how we handle your data, please contact us at: [email protected]