Privacy Policy

1. Introduction & Scope

Welcome to ClayRent ("we", "us", "our"). We act as a data processor for Property Managers and a data controller for our direct platform subscribers. This unified Privacy Policy applies globally across our web application located at clayrent.com and our mobile applications available on the Apple App Store and Google Play Store.

2. Mobile App Store Requirements & Device Permissions

To comply with Apple's App Tracking Transparency and Google's Data Safety protocols, we firmly assert the following regarding our mobile application:

• Hardware Camera & Storage Access: The ClayRent mobile app requests camera access exclusively for you to scan QR codes, barcode assets, and to capture images of property maintenance defects. We do not stealth-record or scrape auxiliary photo libraries.
• Device GPS Access: We do not request or track your device's hardware GPS location. (Note: We do use network IP addresses strictly for region-specific routing and anti-fraud telemetry, as detailed in Section 3).
• Zero Third-Party Advertising Sales: We do not track your activity across other companies' apps or websites. We do not sell your data to external data brokers or advertising exchanges (No ATT consent required).

3. Core Information We Collect

• Network & Regional Data (IP Addresses)When you access ClayRent, we automatically log your network IP address. This is used exclusively to route you securely to the correct regional data center, to localize in-app services (currency/taxes), and to detect anomalous, potentially fraudulent login activity.
• Identity & CommunicationsBasic identification (names, emails, physical addresses) and in-app communications (SMS, Tickets) used to fulfill contractual lease obligations.
• Financial Data & PCI ComplianceWe do not store raw credit card Primary Account Numbers (PANs) or unencrypted routing data natively. Real-time tokenization and storage are delegated directly to strictly compliant payment infrastructures (e.g., Stripe, Paystack). We only store abstracted metadata to reflect transaction statuses on your ledger.

4. Cookie Policy & Tracking Technologies

To provide secure Multi-Factor Authentication and rapid state retrieval, we use "Strictly Necessary" HttpOnly cookies signed by Supabase. These tokens guarantee your cryptographic session remains secure against tampering. We do not deploy invasive marketing trackers or third-party tracking pixels to aggregate behavioral marketing profiles.

5. User Rights (GDPR / CCPA / CPRA)

Depending on your jurisdiction, you have definitive rights corresponding to your personal data:

• Right to Erasure ("Right to be Forgotten"): You may request the deletion of your account. Upon verification, we will hard-delete your primary identifiable data within 30 days.
• Right of Access & Portability: You may request a machine-readable JSON/CSV export of the proprietary rent roll and tenant data you have inputted.
• Correction: You have autonomous right to overwrite, edit, and rectify any inaccurate operational data via the platform dashboard.

6. Data Retention Limits

If you execute a Right to Erasure, note that financial ledger metadata concerning past monetary transactions may be retained securely for up to 7 years to comply with Anti-Money Laundering (AML) regulations and federal taxation audit requirements, after which it is systematically purged.

7. Children's Privacy (COPPA)

Our platform facilitates binding legal contracts (Leases, SaaS Subscriptions) and involves financial transactions. Our Services are categorically not directed to individuals under the age of 18. If we become aware that we have inadvertently collected data from a child under 18, we will take immediate steps to delete that information.

8. Contact Us

To execute a data request or query specific privacy engineering mechanisms within ClayRent, contact our compliance team at [email protected].