EU GDPR Compliant

GDPR Compliance

Last updated: April 2026

Who we are

RentNest ("we", "us", "our") is the data controller for personal data collected through our platform. We are committed to complying with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK GDPR where applicable.

What data we process

We process the following categories of personal data:

  • Account data: name, email address, password hash
  • Property data: addresses, rental amounts, lease terms you enter
  • Tenant data: names, emails, phone numbers you provide as a landlord
  • Payment data: payment amounts, dates, and status (card details handled by Stripe, not us)
  • Usage data: pages visited, features used — anonymised via Vercel Analytics

Legal basis for processing

We process personal data on the following legal bases: (1) Contract — data necessary to provide the service you signed up for. (2) Legitimate interest — anonymous analytics to improve the product. (3) Legal obligation — where required by applicable law. We do not process data on the basis of consent for core functionality.

Data storage and transfers

Your data is stored in Supabase (PostgreSQL), with servers located in the EU (Frankfurt, Germany) by default. Row-level security (RLS) policies ensure only you can access your data. We do not transfer personal data outside the EEA except where strictly necessary for integrated services (e.g. Stripe for payment processing, which is covered by Standard Contractual Clauses).

Your rights under GDPR

As a data subject, you have the following rights:

Right of access

You can request a full export of all data we hold about you at any time from your account settings.

Right to rectification

You can update your personal information directly in your account settings, or contact us to correct inaccurate data.

Right to erasure

You can permanently delete your account and all associated data from the settings page. Deletion is irreversible and processed within 30 days.

Right to data portability

You can export your data in machine-readable JSON or CSV format from the dashboard at any time.

Right to restriction

You may request that we restrict processing of your data while a dispute is being resolved.

Right to object

You may object to processing where we rely on legitimate interest. You can opt out of analytics tracking by enabling Do Not Track in your browser.

Data retention

We retain account data for as long as your account is active. Upon deletion, all personal data is purged within 30 days, except where retention is required by law (e.g. financial records may be retained for up to 7 years for tax compliance).

Data breach notification

In the event of a data breach affecting your personal data, we will notify affected users within 72 hours of becoming aware, in accordance with GDPR Article 33 obligations.

Sub-processors

SupabaseDatabase & file storageEU (Frankfurt)
StripePayment processingUS (SCCs in place)
ResendTransactional emailUS (SCCs in place)
VercelHosting & edge networkGlobal (anonymised data only)

Contact & complaints

To exercise any of your rights or to raise a data protection concern, contact our Data Protection lead at privacy@rentnest.app. You also have the right to lodge a complaint with your local supervisory authority (e.g. the ICO in the UK, or your national DPA in the EU).

See also our Privacy Policy and Cookie Policy.