Privacy Policy

1. Data Controller

The data controller for personal data collected via the RentFlow.ai website is:

2. Data We Collect

We collect the following categories of data:

• Identification data: name, email address, phone number
• Professional data: company registration number, company name, tax regime
• Property data: property addresses, acquisition values, characteristics
• Financial data: rental income, expenses, imported bank statements
• Connection data: IP address, connection logs, browser type
• Usage data: pages visited, features used, time spent

3. Google Sign-In and Google Data

RentFlow.ai offers authentication via Google Sign-In. When you choose to sign in with Google, we receive the following information from Google:

• Email address: used as your account identifier
• Name: used to personalize your experience
• Profile picture: displayed in the user interface (optional)

Limited Use: RentFlow.ai's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We use this data only to:

• Create and manage your user account
• Authenticate you when you sign in
• Personalize your profile display in the application

We do not share, sell, or transfer your Google data to third parties, except as necessary to provide the service or as required by law.

4. Purpose of Data Processing

Your data is processed for the following purposes:

• Provision and management of our property accounting service
• User account management and authentication
• Billing and subscription management
• Customer support and responding to your requests
• Improvement of our services and development of new features
• Sending service-related communications (updates, alerts)
• Compliance with our legal and tax obligations
• Fraud prevention and service security

5. Legal Basis for Processing

In accordance with GDPR, our processing is based on the following legal bases:

• Contract performance: provision of the subscribed service
• Legal obligation: retention of accounting data, taxation
• Legitimate interest: service improvement, security, fraud prevention
• Consent: marketing communications (if applicable)

6. Data Retention

Your data is retained according to the following periods:

• Account data: duration of the contractual relationship + 3 years
• Accounting and tax data: 10 years (French legal requirement)
• Billing data: 10 years
• Connection logs: 1 year
• Cookies: maximum 13 months

7. Data Recipients

Your data may be shared with the following recipients:

• Technical subcontractors: hosting (Vercel), database, authentication services
• Payment providers: Stripe for subscription management
• Competent authorities: in case of legal obligation
• Your accountant: if you use the firm feature (with your consent)

We never sell your personal data to third parties.

8. Transfers Outside the European Union

Some data may be transferred to countries outside the European Union, including:

• United States: Vercel hosting, infrastructure services

These transfers are governed by appropriate safeguards in accordance with GDPR: Standard Contractual Clauses (SCC) from the European Commission and/or certification under the Data Privacy Framework (DPF) for transfers to the United States.

9. Your Rights

In accordance with GDPR, you have the following rights:

• Right of access: obtain a copy of your personal data
• Right to rectification: correct inaccurate data
• Right to erasure: request deletion of your data
• Right to restriction: restrict the processing of your data
• Right to portability: receive your data in a structured format
• Right to object: object to processing for legitimate reasons
• Right to withdraw consent: at any time for consent-based processing

To exercise these rights, contact us at: privacy@rentflow.ai

You also have the right to lodge a complaint with your local data protection authority.

10. Cookies

Our site uses cookies for:

• Essential cookies: authentication, security, preferences (required)
• Analytics cookies: audience measurement, service improvement (with consent)

You can manage your cookie preferences at any time via your browser settings.

11. Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Secure authentication with password hashing
• Strict access control and logging
• Regular backups
• Regular security testing