This Privacy Policy describes how RentalGuards LLC ("RentalGuards," "we," "us," "our") collects, uses, discloses, and protects information in connection with the RentalGuards application, website, and related services (collectively, the "Service"). It applies to all users of the Service and forms part of, and is incorporated by reference into, our Terms of Service.
If you do not agree with this Privacy Policy, do not use the Service.
RentalGuards is built local-first. Almost everything you do in the app — your scan results, your applicant audit logs, your maintenance records, your finance ledger — stays on your device. We never see it. Our AI never stores it. When you scan a photo ID, the face is blacked out on your phone before anything leaves your device.
What we do keep on our servers is small and specific: your account, your Credit balance, your support chat history, and a record of how many scans you have run. That is it. We do not sell your data. We do not run third-party advertising, analytics, or tracking SDKs in the app. We honor Do Not Track signals, but the question is moot — there is nothing for us to share or stop sharing.
This Privacy Policy spells all of that out, plus your rights and how to exercise them.
This Privacy Policy applies to information collected through the Service. It does not apply to:
(a) Third-party websites, products, or services linked to or referenced from the Service;
(b) Your applicants' or tenants' information once it leaves the Service in your possession;
(c) Information your operating system, device manufacturer, or app store collects independently of the Service.
You are the controller of your applicants' personal information once you receive it. RentalGuards acts as a service provider on your direction with respect to applicant documents you upload to the Service.
We collect what we need to run your account, charge for Credits, support you, and route AI scans through our providers. We do not collect things we do not need.
When you create an Account, we collect:
(a) Your email address;
(b) A bcrypt hash of your password (we never store your password in readable form);
(c) Account metadata, including creation date, last login timestamp, and account status.
Credit purchases are processed by Stripe, Inc. RentalGuards does not collect, store, or have access to your full payment card number, security code, or bank account details. Stripe provides RentalGuards with a transaction identifier and limited metadata (last four digits of card, transaction amount, transaction status) for reconciliation and chargeback handling. Stripe's processing of your payment information is governed by the Stripe Privacy Policy at stripe.com/privacy.
When you use the in-application support chat feature, we collect and store the contents of your messages and our responses on our servers. This information is retained for service continuity and to enable our support team to respond to you across sessions.
Each time you run a Guardian scan, we record limited operational metadata to operate the Credit ledger and the Service. This metadata consists of:
(a) Timestamp of the scan;
(b) A short document type code identifying the type of document submitted (for example, "PAYSTUB," "BANKSTMT," "DLFRONT");
(c) A pass/fail flag indicating whether the scan completed successfully;
(d) The number of Credits deducted for the scan.
We do not retain the document itself, the scan output, or the AI provider's analysis of the document.
At application launch, the app requests its own static assets from rentalguards.com and performs a service-worker update check. If you are signed in, the app validates your session token against our server. If you have enabled push notifications, the app's push-subscription endpoint is registered with our server.
The Service does not embed any third-party analytics, advertising, attribution, fingerprinting, or behavioral tracking software development kits. Your operating system or app store may collect diagnostic data per the applicable platform's privacy terms (Apple's Privacy Policy or Google Play's terms), which is outside our control.
When you send email to support@rentalguards.com, privacy@rentalguards.com, or any other RentalGuards email address, we collect and retain your message, your email address, and any attachments you send.
We do not knowingly collect:
(a) Government-issued identification numbers (such as Social Security Numbers, Driver's License numbers, and Passport numbers — these are redacted on your device before any document is uploaded; see Section 5.5);
(b) Biometric identifiers (face geometry, faceprints, voiceprints, fingerprints — see Section 6);
(c) Information from children under 18;
(d) Health, medical, mental-health, or HIPAA-protected information;
(e) Genetic information.
If you submit any such information to the Service contrary to our Acceptable Use Policy, we will delete it on discovery.
The data that matters most to you stays on your device. We cannot see it. We cannot recover it. If you lose your phone, you lose your scan history.
The following information is stored only on your device, in your application's local file system, and is not transmitted to or stored by RentalGuards or any third party:
(a) Scan results and outputs from any Guardian (Fraud, Maintenance, Finance);
(b) Audit log entries describing your screening history;
(c) Asset inventories and maintenance records you create in the Maintenance Guardian;
(d) Ledger entries, receipts, tax category tags, and financial summaries you create in the Finance Guardian;
(e) Property and unit records you maintain in the Service;
(f) Document images you have scanned (after the AI scan completes, the document is not retained server-side).
YOU ACKNOWLEDGE AND AGREE THAT LOCAL-ONLY DATA MAY BE PERMANENTLY LOST IF YOU LOSE YOUR DEVICE, YOUR DEVICE FAILS, YOU DELETE THE APPLICATION, YOUR OPERATING SYSTEM IS REINSTALLED, YOU PERFORM A FACTORY RESET, OR ANY OTHER EVENT REMOVES THE APPLICATION OR ITS DATA FROM YOUR DEVICE. RENTALGUARDS CANNOT RECOVER LOCAL DATA. YOU ARE SOLELY RESPONSIBLE FOR EXPORTING YOUR DATA AT REGULAR INTERVALS USING THE EXPORT FUNCTION IN THE SETTINGS MENU.
You may export all of your local data, including all Guardian records, audit logs, and asset inventories, as a ZIP file at any time from the Settings menu. Your Account credentials and Credit balance are also included in the export.
We use what we collect to run your account, run the Service, charge you for Credits, support you, and stay legal. We do not sell your information, and we do not use it for advertising.
We use the information described in Section 2 to:
(a) Create, maintain, and secure your Account;
(b) Process Credit purchases through Stripe and maintain your Credit balance;
(c) Route Guardian scan requests to our AI service providers and return results to your device (the document is not retained server-side after the scan completes);
(d) Provide in-application support through the support chat feature;
(e) Respond to your inquiries sent to support@rentalguards.com or other RentalGuards email addresses;
(f) Detect, investigate, and prevent fraudulent, unauthorized, or unlawful use of the Service;
(g) Comply with applicable law, court order, or governmental request;
(h) Enforce our Terms of Service;
(i) Notify you of material updates to the Service, the Terms of Service, or this Privacy Policy.
RentalGuards does not sell your personal information for monetary or other valuable consideration. RentalGuards has not sold personal information in the preceding twelve months and has no intention of selling personal information.
RentalGuards does not engage in cross-context behavioral advertising. The Service does not contain advertising of any kind. RentalGuards does not share personal information with any third party for the purpose of targeting advertisements.
RentalGuards does not use Customer Data, scan documents, or scan outputs to train artificial intelligence models. As described in Section 5, our AI service providers are contractually prohibited from using your data to train their models.
Document scans are routed through OpenRouter, then on to Google's Gemini model. Both providers are contractually prohibited from training on your data and from retaining anything we send. We maintain a live list of every processor we use at rentalguards.com/processors.
When you initiate a Guardian scan, the Service performs the following steps:
(a) On-device pre-processing, including face detection and redaction (Section 6) and personal-identifier redaction (Section 5.5);
(b) Encrypted transmission of the redacted document image and analytical prompt from your device to RentalGuards' server;
(c) Encrypted forwarding from RentalGuards' server to OpenRouter, our AI gateway provider;
(d) Routing by OpenRouter to Google's Gemini 2.5 Flash model (the underlying vision-language model);
(e) Return of the model's analytical output to RentalGuards' server, then to your device;
(f) Discard of the document and output from RentalGuards' server upon successful return.
Document images transmitted to our AI vision model for fraud analysis are routed through OpenRouter, which enforces a Zero Data Retention (ZDR) policy on every request. OpenRouter does not store your prompts or responses. Downstream, images are processed by Google's Gemini 2.5 Flash model under Google's paid-services terms, which prohibit using your data to train or improve models and which, under our ZDR routing configuration, limit any abuse-detection logging to zero retention. No biometric identifiers are extracted, derived, transmitted as output, or stored at any point in this pipeline.
We maintain a current list of all third-party data processors used by the Service at rentalguards.com/processors. This list identifies each processor, the data category processed, the purpose of processing, the geographic location of processing, and the applicable subprocessor terms. We update this list when our processor relationships change, and we provide reasonable notice of material changes by in-app notification or email.
Before any document is transmitted, RentalGuards' on-device redaction pipeline scans the document for personal identifiers (Social Security Numbers, Driver's License numbers, Passport numbers, full bank account numbers, and similar high-sensitivity identifiers) and overlays them with opaque rectangles on your device. The original, unredacted identifier is never transmitted from your device to RentalGuards or to any third party. The applied redactions are recorded in your local audit log so you can verify what was redacted on each scan.
RentalGuards may, in the future, migrate to a direct integration with Google Vertex AI or another comparable AI service provider. Any such change will be reflected in the live processors list at rentalguards.com/processors and, where material to your privacy posture, communicated to you by in-app notification or email before taking effect.
Your applicant's face is blacked out on your phone before the ID ever leaves your device. We never see it. Our AI never sees it. We do not extract or store any biometric identifier — ever.
When you upload a photo identification document (such as a driver's license, state-issued ID, passport, or other photo identification document), the RentalGuards application performs on-device face detection using Google's MediaPipe Face Detection model, which runs entirely within your device's local image-processing pipeline. Each detected face is overlaid with an opaque rectangle on your device before any image data is transmitted from your device. The face image is never transmitted to RentalGuards' servers, never processed by our AI service providers, and never stored by RentalGuards or any third party.
RentalGuards does not request, receive, extract, derive, retain, store, transmit, sell, or disclose any biometric identifier, biometric information, facial geometry, facial template, faceprint, voiceprint, or scan of hand, retina, iris, or other biometric identifier, as such terms are defined under:
(a) the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. ("BIPA");
(b) the Texas Capture or Use of Biometric Identifier Act, Tex. Bus. & Com. Code § 503.001 ("CUBI");
(c) the Washington Biometric Identifiers Act, RCW 19.375 et seq.;
(d) the Washington My Health My Data Act, RCW 19.373.010;
(e) any state, local, or foreign law providing analogous protection.
The artificial intelligence model is not instructed to analyze, identify, or match any individual based on facial features. The model's output contains no facial recognition data, identity-verification result, or biometric information of any kind. The Service does not perform identity verification, identity matching, liveness detection, or any face-comparison function. Only the document layout, fonts, hologram placement, field structure, and signs of digital editing or tampering are analyzed.
RentalGuards does not sell, share, disclose, or otherwise transfer any photograph or image of any face to any third party for any purpose.
Consistent with the Washington Biometric Identifiers Act, RCW 19.375.010, the Service does not extract or use any "biometric identifier" derived from photographs or video; the on-device face redaction described in Section 6.2 is performed for the express purpose of preventing any face photograph from leaving the device.
We share information only with the third-party processors that make the Service work — payments, email, AI scans, support chat. We do not sell your information to anyone. We do not share with advertisers. The full list is at rentalguards.com/processors.
We share information with the following categories of third-party service providers, each of whom is bound by contract to use your information only as necessary to provide the Service to RentalGuards:
The complete and current list, with data categories, purposes, processing locations, and subprocessor terms, is maintained at rentalguards.com/processors.
We may disclose information when we have a good-faith belief that disclosure is required to:
(a) Comply with applicable law, regulation, court order, subpoena, or governmental request;
(b) Enforce our Terms of Service or investigate potential violations;
(c) Detect, prevent, or address fraud, security, or technical issues;
(d) Protect against harm to the rights, property, or safety of RentalGuards, our users, or the public.
Where we receive a subpoena, court order, search warrant, civil investigative demand, or other legal process for your information, we will, to the extent permitted by applicable law and the relevant order:
(i) review the legal process for facial validity;
(ii) narrow our response to the minimum information required to comply;
(iii) notify you in advance of disclosure unless prohibited by court order, statute, or where notice would imperil safety, an investigation, or the integrity of legal process.
If RentalGuards is involved in a merger, acquisition, sale of all or substantially all of its assets, financing, reorganization, bankruptcy, or similar transaction, your information may be transferred to the successor entity. We will notify you of any such transfer that materially affects your privacy by in-app notification or email.
We do not disclose your information to third parties for purposes other than those described in this Section 7.
We use reasonable technical and organizational measures to protect your account and data — password hashing, encrypted transit, rate limiting, access controls. No system is perfectly secure, but we treat security as continuous work.
RentalGuards maintains administrative, technical, and physical safeguards designed to protect your information consistent with applicable law, including the New York Stop Hacks and Improve Electronic Data Security Act (the "SHIELD Act"), N.Y. Gen. Bus. Law § 899-bb. These safeguards include:
(a) Storage of passwords as bcrypt hashes only — passwords are never stored in readable form;
(b) Encryption of data in transit between your device, our servers, and our processors using industry-standard transport-layer encryption;
(c) Rate limiting on authentication endpoints to mitigate credential-stuffing and brute-force attacks;
(d) Account lockout after repeated failed authentication attempts;
(e) Access controls limiting employee and contractor access to the minimum necessary to perform their roles;
(f) Routine review of system logs for anomalous activity;
(g) Use of contractual safeguards with each third-party processor described in Section 7.
NO INTERNET-CONNECTED SERVICE, SYSTEM, OR PROCESS CAN BE COMPLETELY SECURE. RENTALGUARDS DOES NOT WARRANT THAT YOUR INFORMATION WILL NOT BE INTERCEPTED, ACCESSED WITHOUT AUTHORIZATION, OR DISCLOSED, NOTWITHSTANDING THE SAFEGUARDS DESCRIBED ABOVE.
In the event of a security breach involving your personal information, RentalGuards will notify affected users in accordance with applicable law, including the SHIELD Act, the California breach notification statute (Cal. Civ. Code § 1798.82), and other applicable state breach notification requirements. Notice will be given without unreasonable delay and will include the information required by applicable law.
You are responsible for protecting your Account credentials. Use a strong, unique password. Do not share your credentials with any third party. If you have any reason to believe your Account has been accessed without authorization, notify us immediately at security@rentalguards.com.
We keep server-side data only as long as needed to run your account or comply with the law. When you delete your account, server-side data is gone within thirty days. Local data on your device is yours to manage.
Account credentials and metadata are retained for the duration of the Account, plus thirty (30) days after deletion.
Credit ledger entries are retained for the duration of the Account, plus seven (7) years for tax and accounting compliance.
Support chat conversations are retained for the duration of the Account, plus thirty (30) days after deletion.
Operational metadata for scans is retained for twenty-four (24) months from the date of the scan.
Email correspondence with RentalGuards is retained for three (3) years from the date of the last message in the thread, then deleted.
Payment processor metadata (Stripe references) is retained for the duration of the Account, plus seven (7) years for chargeback and accounting compliance.
Where applicable law requires longer retention, we will retain the relevant information for the legally required period.
Local-only data described in Section 3 is retained on your device until you delete it, uninstall the application, or your device or operating system removes it. RentalGuards has no ability to retrieve, restore, or delete local-only data on your behalf.
You may delete your Account at any time from the Settings menu or by emailing privacy@rentalguards.com from the email address associated with the Account. On Account deletion:
(a) Server-side Account credentials and personal information are erased within thirty (30) days, except as RentalGuards is required to retain by applicable law;
(b) Support chat conversations are erased within thirty (30) days;
(c) Operational scan metadata is anonymized — your Account identifier is severed from the metadata while only aggregate counts are retained for service-volume reporting;
(d) Local data on your device is not affected by Account deletion. To remove local data, uninstall the application or manually delete the application data;
(e) Any unused Credits are forfeited unless you submit a buyback request before deletion in accordance with Section 6.8 of the Terms of Service.
You have the right to know what we have, ask us to delete it, get a copy, and tell us not to sell it. We do not sell your data. We honor every state's strongest version of these rights, even where you live in a state that does not require us to. Contact privacy@rentalguards.com to exercise any right.
Regardless of where you reside, RentalGuards extends the following rights to every Account holder:
(a) The right to know what personal information we hold about you;
(b) The right to receive a copy of your personal information in a portable format (the export described in Section 3.4);
(c) The right to correct inaccurate personal information;
(d) The right to delete your Account and have your server-side personal information erased in accordance with Section 9.4;
(e) The right to be free from retaliation for exercising any of these rights.
If you are a California resident, you have the rights described in the California Consumer Privacy Act, as amended by the California Privacy Rights Act, Cal. Civ. Code § 1798.100 et seq. ("CCPA"). RentalGuards does not currently meet the revenue, volume, or data-processing thresholds that subject a business to CCPA's mandatory provisions; nevertheless, RentalGuards voluntarily extends CCPA rights to California residents, including:
(a) The right to know the categories and specific pieces of personal information collected, the sources of collection, the business or commercial purposes for collection, and the categories of third parties with whom personal information is shared;
(b) The right to delete personal information collected from you, subject to specified exceptions;
(c) The right to correct inaccurate personal information;
(d) The right to opt out of the sale or sharing of personal information (RentalGuards does not sell or share your personal information; this right is therefore inapplicable in practice);
(e) The right to limit use and disclosure of sensitive personal information (RentalGuards does not collect sensitive personal information beyond what is necessary to provide the Service and does not use it for purposes other than providing the Service);
(f) The right to non-discrimination for exercising any of these rights.
To exercise any of these rights, contact privacy@rentalguards.com from the email address associated with your Account.
The Service does not perform automated decisionmaking that produces legal or similarly significant effects concerning any individual. Document analysis performed by the Fraud Guardian is decision support, not decisionmaking; the User makes every decision concerning every Applicant. To the extent that the California Privacy Protection Agency's regulations governing automated decisionmaking technology and profiling, the Colorado Artificial Intelligence Act (Colo. Rev. Stat. § 6-1-1701 et seq., effective June 30, 2026), or any analogous state automated-decisionmaking law become applicable to RentalGuards' operations, RentalGuards will comply with all applicable notice, opt-out, access, and human-review requirements.
If you are a New York resident, you are protected by the New York SHIELD Act (data security and breach notification — see Section 8) and you may exercise the rights described in Section 10.2. New York does not, as of the Last Updated date, have a comprehensive consumer privacy law granting standardized data-subject rights; nevertheless, RentalGuards extends the universal rights in Section 10.2 to New York residents.
If you are a Connecticut resident, the Connecticut Data Privacy Act, Conn. Gen. Stat. § 42-515 et seq. ("CTDPA"), grants you rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of certain processing. RentalGuards extends these rights to all Connecticut residents.
If you are an Oregon resident, the Oregon Consumer Privacy Act, Or. Rev. Stat. § 646A.570 et seq. ("OCPA"), grants you rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of certain processing. RentalGuards extends these rights to all Oregon residents.
If you are a Texas resident, the Texas Data Privacy and Security Act, Tex. Bus. & Com. Code § 541.001 et seq. ("TDPSA"), grants you rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of certain processing. RentalGuards extends these rights to all Texas residents.
If you are a Virginia resident, the Virginia Consumer Data Protection Act, Va. Code § 59.1-575 et seq. ("VCDPA"), grants you rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of certain processing. RentalGuards extends these rights to all Virginia residents.
Where applicable law in any other state grants additional or different consumer privacy rights, RentalGuards will honor those rights to the extent required by law. Contact privacy@rentalguards.com to exercise any right available to you.
To exercise any of the rights described in this Section 10, send an email to privacy@rentalguards.com from the email address associated with your Account. Your request should describe the specific right you wish to exercise. We will respond within forty-five (45) days of a verifiable request, with one optional forty-five (45) day extension if reasonably necessary.
You may designate an authorized agent to make a privacy request on your behalf. The authorized agent must provide RentalGuards with written permission signed by you. We may also require you to verify your identity directly with us. RentalGuards may deny a request from an authorized agent that does not submit proof of authorization.
If we decline to take action on your privacy request, we will notify you of the reason and of your right to appeal that decision. To appeal, reply to the original response from privacy@rentalguards.com requesting an appeal. We will respond to your appeal within sixty (60) days. If we deny your appeal, we will provide information on how to contact the relevant state attorney general or other regulator, where applicable.
To protect your data from people pretending to be you, we verify your identity before responding to access, deletion, or correction requests.
When you submit a privacy request under Section 10, we will verify that the request comes from the Account holder by:
(a) Confirming the request is sent from the email address associated with the Account;
(b) For requests involving deletion, correction, or access to specific personal information, sending a verification link or code to the email address associated with the Account, which must be acted upon within seven (7) days;
(c) For requests received through any channel other than email from the registered email address, requiring additional verification, which may include answering security questions related to recent Service activity.
If we are unable to verify your identity using reasonable means, we will deny the request. We will notify you of the denial and the reason. You may appeal a denial in accordance with Section 10.13.
We do not use third-party tracking or advertising cookies. The website uses only the minimum cookies needed to keep you signed in. We honor Do Not Track and Global Privacy Control signals — though it makes no practical difference, because we do not track across sites in the first place.
The RentalGuards website uses only first-party session cookies necessary to maintain your authenticated session. These cookies are not used for advertising, analytics, or cross-site tracking. They are deleted when you log out or close your browser session.
The Service does not embed any third-party tracking, advertising, or behavioral analytics SDKs. There are no Google Analytics tags, Facebook Pixels, advertising network beacons, or third-party conversion trackers in the application or on our website.
The Service honors Do Not Track ("DNT") signals and the Global Privacy Control ("GPC") signal where transmitted. Because the Service does not engage in cross-site tracking, behavioral advertising, or sale of personal information, the receipt of a DNT or GPC signal has no operative effect on processing — there is no tracking activity to disable.
The Service uses a service worker to cache application assets locally on your device for offline access and improved performance. Cached assets are stored within your browser's standard storage mechanisms and are not transmitted to RentalGuards. You may clear cached assets at any time through your browser or operating system settings.
The Service is not directed to children under 18, and RentalGuards does not knowingly collect personal information from anyone under 18. If we discover that we have collected personal information from a child under 18, we will delete that information promptly. If you believe a child under 18 has provided personal information to us, contact privacy@rentalguards.com.
The Service is offered for use by users located in the United States. RentalGuards' servers and operations are located in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to such transfer, storage, and processing.
RentalGuards does not currently offer the Service to residents of the European Economic Area, the United Kingdom, or other jurisdictions outside the United States. RentalGuards is not, as of the Last Updated date, a "controller" or "processor" for purposes of the General Data Protection Regulation, Regulation (EU) 2016/679 ("GDPR"), or the United Kingdom General Data Protection Regulation. If RentalGuards extends Service availability to users outside the United States in the future, this Privacy Policy will be updated to address applicable foreign data protection law.
If you are an entity that, in your business operations, processes personal information of individuals subject to a comprehensive consumer privacy law (such as the CCPA, CTDPA, OCPA, TDPSA, VCDPA, or any successor or analogous law) and you submit such individuals' personal information to the Service, you may request a Data Processing Addendum ("DPA") from RentalGuards by emailing privacy@rentalguards.com. RentalGuards will provide a standard DPA within a reasonable period of receipt of the request.
RentalGuards may modify this Privacy Policy from time to time. Modifications will be posted at rentalguards.com/privacy with an updated "Last Updated" date. Material modifications will be communicated to you in-app or by email at least thirty (30) days before they take effect, except where shorter notice is required by applicable law. Continued use of the Service after the effective date of any modification constitutes acceptance of the modified Privacy Policy.
For questions, concerns, or requests regarding this Privacy Policy:
RentalGuards LLC