Data privacy and AI usage

Data privacy and AI usage

We treat your business data and your customers' personal information as a responsibility, not an asset to be monetized. This page explains in plain language what we do — and do not — do with the data you store in RentalTide.

For the formal legal record, see the Privacy Policy and AI Usage and Data Commitment on rentaltide.com.

If you have any privacy question that this page does not answer, email privacy@rentaltide.com and a human will respond.

We do not sell your data. We never will.

This is the simplest and most important commitment we make to you and your customers.

• We do not sell customer lists, booking history, payment data, or any other information you put into RentalTide.
• We do not share your data with advertisers, marketers, or data brokers.
• We do not allow third parties to use your data for their own commercial purposes.
• We will not do these things in the future. If our business model ever changes, this page changes first, and you will be notified directly.

Why we can promise this

RentalTide makes money from a transparent platform fee on rentals and from credit card processing. As long as you are running rentals and accepting payments through us, we are aligned: we succeed when you succeed. There is no incentive for us to monetize your data on the side, and we have explicitly chosen a business model that keeps it that way.

We believe that businesses that sell their customers' data lose the trust of those customers, eventually lose the customers themselves, and ultimately damage the entire industry. That is not a tradeoff we are willing to make.

What we do collect

To operate the platform, we collect and store:

• Business data: location settings, inventory, pricing, bookings, transactions, staff records, and financial reports.
• Customer data: names, contact information, payment methods, waiver signatures, and rental history — entered either by you or by your customers during the booking flow.
• Operational telemetry: page views, performance metrics, and error reports that help us keep the platform fast and reliable.
• Support communications: messages exchanged with our support team.

All of this is used only to operate, support, secure, and improve the RentalTide platform for you.

Who we share data with (sub-processors)

To run the platform, we share specific data with trusted infrastructure providers, only as required to deliver the service:

Each of these providers is contractually bound by their own data processing agreements, and is used only for the specific operational purpose listed above. None of them resell or repurpose your data.

AI usage — full disclosure

We are an AI-forward platform. We use machine learning internally to make the product better — for things like:

• Improving the docs AI chatbot at the bottom-right of every page.
• Suggesting smarter pricing recommendations and demand forecasts.
• Detecting unusual patterns that might indicate fraud or operational problems.
• Auto-categorizing support requests and routing them to the right person faster.

To do this well, we sometimes use limited, masked data from the platform to train and evaluate these systems internally.

What "limited and masked" means

When we use platform data for internal AI training or evaluation:

• Personally identifiable information is removed or redacted before it reaches any training pipeline. This includes customer names, email addresses, phone numbers, physical addresses, payment card numbers, and waiver signatures.
• Free-text fields (notes, messages, descriptions) are reviewed and redacted of any identifying detail before use.
• Financial figures may be used in aggregate or scaled form but are never tied back to a specific customer.
• We use only the smallest subset of data needed to accomplish a specific improvement, not bulk dumps.
• This data is never sold, licensed, or shared with third-party AI providers for their own model training.

Your right to opt out

If you would prefer that none of your business's data — masked or otherwise — be used for our internal AI training or evaluation, you can opt out at any time.

Email privacy@rentaltide.com with the subject line "AI training opt-out" and include the email address associated with your RentalTide account. We will exclude your data from all future internal AI training runs within 30 days and confirm the change in writing.

Opting out has no effect on the quality of service you receive. The platform behaves identically whether you opt in or out.

Customer data and end-user rights

Your customers — the people who book rentals through your booking page — have rights under privacy laws like GDPR (Europe) and CCPA (California). If a customer of yours contacts us directly with a privacy request, we will route them back to you, since you are the data controller for your customer data and we are the data processor.

To help you respond to those requests, RentalTide provides:

• A full data export tool (Admin → Storage → Export).
• Account deletion tools that scrub customer records when requested.
• Audit logs so you can see exactly when and how a customer's data was accessed.

Security

We use industry-standard practices: encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, audit logging, and continuous vulnerability scanning. Stripe and AWS are PCI DSS compliant, so payment card data never touches our application servers directly.

If you discover a security issue, please email security@rentaltide.com rather than filing a public issue. We respond to all reports within one business day.

Questions, requests, or concerns

For anything privacy-related, write to privacy@rentaltide.com. A real human reads every message.

Specifically, you can email us to:

• Opt out of internal AI training.
• Request a copy of all data we hold about your business.
• Request deletion of your account and all associated data.
• Ask for the current list of sub-processors and their contact information.
• Report a suspected privacy issue.

We aim to respond within two business days and resolve substantive requests within 30 days.