Privacy Notice

1. Introduction

Rently ("we", "our", or "us") is committed to protecting your privacy and personal information. This Privacy Notice explains how we collect, use, store, and protect your information when you use our rent tracking application.

This notice complies with the Privacy Act 2020 (New Zealand) and applies to all users of the Rently application.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, and password (encrypted)
• Tenant Information: Tenant names, expected rent amounts, payment keywords, and tenancy start dates
• Multi-Factor Authentication: Verification codes sent to your email (temporary, expires after 10 minutes)

2.2 Information from Akahu

When you connect your bank account through Akahu, we collect:

• Bank Account Information: Account name, type, and unique identifier
• Transaction Data: Incoming transactions (deposits/credits) from the last 90 days, including:
  • Transaction description
  • Transaction amount
  • Transaction date
  • Transaction type
  • Unique transaction identifier
• Access Tokens: OAuth tokens to access your bank data (encrypted and stored securely)

2.3 Automatically Collected Information

• Usage Data: Login times, MFA verification timestamps
• Technical Data: Session information for security purposes

3. How We Use Your Information

We use your information for the following purposes:

3.1 Core Services

• Track rent payments from your tenants
• Match bank transactions to tenant records
• Display payment status and history
• Calculate payment balances and trends

3.2 Security & Authentication

• Verify your identity through multi-factor authentication
• Protect your account from unauthorized access
• Maintain secure sessions

3.3 Communications

• Send MFA verification codes
• Send payment notifications (if enabled by you)
• Provide important service updates

3.4 Service Improvement

• Improve application functionality
• Troubleshoot technical issues
• Ensure service reliability

4. Akahu Integration

Rently uses Akahu, a licensed financial data aggregator, to securely connect to your bank account. Here's how this works:

4.1 Authorization

• You authorize Akahu to access your bank account on our behalf
• Your bank credentials are never shared with Rently
• Akahu uses bank-level security to protect your data

4.2 Data Access

• We request read-only access to your transaction data
• We cannot make payments or transfer money from your account
• Access is ongoing until you revoke it

4.3 Data Storage

• We only store transactions that match your tenant payment keywords
• We do not store your complete transaction history
• Access tokens are encrypted using industry-standard encryption (Fernet)

4.4 Akahu's Privacy Policy

Akahu has its own privacy policy governing how they handle your data. View Akahu's Privacy Policy

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information.

5.1 Third-Party Service Providers

We share limited information with:

• Akahu: To access your bank transaction data (with your authorization)
• Email Service Provider: To send MFA codes and notifications (email addresses only)
• Hosting Provider: To store and process your data securely

5.2 Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or security issues
• Protect the safety of our users

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All sensitive data (passwords, access tokens) is encrypted
• Multi-Factor Authentication: Required for all account access
• Secure Connections: HTTPS encryption for all data transmission (production)
• Access Controls: Strict authorization checks on all data access
• Regular Security Reviews: Ongoing security assessments and updates

Note: While we implement strong security measures, no system is 100% secure. You are responsible for keeping your password confidential.

7. Data Retention

7.1 Active Accounts

• We retain your data while your account is active
• Transaction data is kept to maintain payment history
• MFA codes are automatically deleted after 10 minutes

7.2 When You Disconnect Akahu

• Your access tokens are immediately revoked and deleted
• Existing payment records are retained for historical purposes
• No new transaction data is collected

7.3 Account Deletion

• When you delete your account, all your data is permanently removed
• This includes: account information, tenant records, payment history, and access tokens
• Deletion is irreversible

7.4 Legal Retention

We may retain certain information if required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).

8. Your Rights Under the Privacy Act 2020

You have the following rights regarding your personal information:

8.1 Right to Access

• Request a copy of the personal information we hold about you
• View your data through your Rently dashboard

8.2 Right to Correction

• Request correction of inaccurate or incomplete information
• Update your account and tenant information directly in the app

8.3 Right to Deletion

• Request deletion of your personal information
• Delete your account and all associated data

8.4 Right to Revoke Consent

• Disconnect your bank account at any time
• Disable email notifications
• Close your account

8.5 Right to Complain

If you believe we have breached your privacy, you can:

• Contact us directly (see contact information below)
• Lodge a complaint with the Office of the Privacy Commissioner: www.privacy.org.nz

9. Cookies and Tracking

9.1 Essential Cookies

Rently uses essential cookies to:

• Maintain your login session
• Remember your MFA verification status
• Protect against CSRF attacks

9.2 Google Analytics

We use Google Analytics 4 to understand how users interact with our application and to improve our services. Google Analytics collects information such as:

• Pages you visit and time spent on each page
• How you navigate through the application
• Your browser type and device information
• General geographic location (city/country level)
• Traffic sources (how you found our website)

Important: Google Analytics does not collect:

• Your personal financial information
• Your bank account details
• Your tenant information or payment data
• Your email address or password

9.3 Google's Privacy Policy

Google Analytics is provided by Google LLC. Google's use of data collected through Google Analytics is governed by their privacy policy:

• Google Privacy Policy
• How Google uses data when you use our partners' sites or apps

9.4 Opting Out of Google Analytics

You can opt out of Google Analytics tracking by:

• Installing the Google Analytics Opt-out Browser Add-on
• Using browser settings to block cookies
• Using browser extensions that block analytics scripts

Note: Opting out of Google Analytics will not affect your ability to use Rently's core features.

10. Children's Privacy

Rently is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Updating the "Last Updated" date at the top of this notice
• Sending an email notification (for material changes)
• Displaying a notice in the application

Your continued use of Rently after changes are made constitutes acceptance of the updated Privacy Notice.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Notice or your personal information, please contact us:

13. Consent

By using Rently, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Notice. You can withdraw your consent at any time by:

• Disconnecting your bank account
• Disabling email notifications
• Deleting your account