RentalTideRentalTideDocs
Dashboard

Data privacy and AI usage

Our commitment that we do not and will not sell your data, what we do collect, how we use it, and how to opt out of AI training

Data privacy and AI usage

We treat your business data and your customers' personal information as a responsibility, not an asset to be monetized. This page explains in plain language what we do — and do not — do with the data you store in RentalTide.

For the formal legal record, see the Privacy Policy and AI Usage and Data Commitment on rentaltide.com.

If you have any privacy question that this page does not answer, email privacy@rentaltide.com and a human will respond.

We do not sell your data. We never will.

This is the simplest and most important commitment we make to you and your customers.

  • We do not sell customer lists, booking history, payment data, or any other information you put into RentalTide.
  • We do not share your data with advertisers, marketers, or data brokers.
  • We do not allow third parties to use your data for their own commercial purposes.
  • We will not do these things in the future. If our business model ever changes, this page changes first, and you will be notified directly.

Why we can promise this

RentalTide makes money from a transparent platform fee on rentals and from credit card processing. As long as you are running rentals and accepting payments through us, we are aligned: we succeed when you succeed. There is no incentive for us to monetize your data on the side, and we have explicitly chosen a business model that keeps it that way.

We believe that businesses that sell their customers' data lose the trust of those customers, eventually lose the customers themselves, and ultimately damage the entire industry. That is not a tradeoff we are willing to make.

What we do collect

To operate the platform, we collect and store:

  • Business data: location settings, inventory, pricing, bookings, transactions, staff records, and financial reports.
  • Customer data: names, contact information, payment methods, waiver signatures, and rental history — entered either by you or by your customers during the booking flow.
  • Operational telemetry: page views, performance metrics, and error reports that help us keep the platform fast and reliable.
  • Support communications: messages exchanged with our support team.

All of this is used only to operate, support, secure, and improve the RentalTide platform for you.

Who we share data with (sub-processors)

To run the platform, we share specific data with trusted infrastructure providers, only as required to deliver the service:

ProviderWhat they handle
Amazon Web ServicesDatabase hosting, file storage, compute infrastructure
StripePayment processing, payouts, and Stripe Capital
Auth0Authentication and login
SendGrid / TwilioEmail and SMS delivery to your customers
PineconeVector search for documentation and customer support

Each of these providers is contractually bound by their own data processing agreements, and is used only for the specific operational purpose listed above. None of them resell or repurpose your data.

Websites we host for you

If we built and host your public-facing website (either on a RentalTide subdomain or your own custom domain), the same privacy commitments apply to that site and to the visitors who use it.

  • No third-party trackers or ad pixels by default. Hosted sites do not ship with Google Analytics, Meta Pixel, or any advertising or marketing trackers. If you choose to add them yourself, you are responsible for the corresponding consent banner.
  • First-party cookies only. Only strictly-necessary cookies are set by default (session state, booking-flow state, CSRF). No marketing or cross-site tracking cookies are set unless you explicitly add them.
  • Contact form submissions are stored against your RentalTide account, never shared with third parties, and are included in the same export and deletion tooling as the rest of your data.
  • Custom domains. DNS and TLS are handled by us with automatic HTTPS certificate provisioning. Traffic flows through the same encrypted, region-controlled infrastructure as the rest of the platform.
  • No retargeting. We do not feed visitor data from hosted sites into any advertising or retargeting network, ours or anyone else's.

As consent banner requirements are finalised in Australia and other jurisdictions, we plan to ship a built-in compliant banner for hosted sites so you do not need to add one yourself.

AI usage — full disclosure

We are an AI-forward platform. We use machine learning internally to make the product better — for things like:

  • Improving the docs AI chatbot at the bottom-right of every page.
  • Suggesting smarter pricing recommendations and demand forecasts.
  • Detecting unusual patterns that might indicate fraud or operational problems.
  • Auto-categorizing support requests and routing them to the right person faster.

To do this well, we sometimes use limited, masked data from the platform to train and evaluate these systems internally.

What "limited and masked" means

When we use platform data for internal AI training or evaluation:

  • Personally identifiable information is removed or redacted before it reaches any training pipeline. This includes customer names, email addresses, phone numbers, physical addresses, payment card numbers, and waiver signatures.
  • Free-text fields (notes, messages, descriptions) are reviewed and redacted of any identifying detail before use.
  • Financial figures may be used in aggregate or scaled form but are never tied back to a specific customer.
  • We use only the smallest subset of data needed to accomplish a specific improvement, not bulk dumps.
  • This data is never sold, licensed, or shared with third-party AI providers for their own model training.

Your right to opt out

If you would prefer that none of your business's data — masked or otherwise — be used for our internal AI training or evaluation, you can opt out at any time.

Email privacy@rentaltide.com with the subject line "AI training opt-out" and include the email address associated with your RentalTide account. We will exclude your data from all future internal AI training runs within 30 days and confirm the change in writing.

Opting out has no effect on the quality of service you receive. The platform behaves identically whether you opt in or out.

Customer data and end-user rights

Your customers — the people who book rentals through your booking page — have rights under privacy laws like GDPR (Europe) and CCPA (California). If a customer of yours contacts us directly with a privacy request, we will route them back to you, since you are the data controller for your customer data and we are the data processor.

To help you respond to those requests, RentalTide provides:

  • A full data export tool (Admin → Storage → Export).
  • Account deletion tools that scrub customer records when requested.
  • Audit logs so you can see exactly when and how a customer's data was accessed.

Australian Privacy Act compliance

For customers and end-users in Australia, RentalTide is designed to align with the Australian Privacy Principles (APPs) and the reforms introduced by the Privacy and Other Legislation Amendment Act 2024.

What we do today

  • APP 1 — open and transparent management. This page and our Privacy Policy set out exactly what we collect, why, and who we share it with.
  • APP 5 — notification of collection. Your booking page and any hosted website built by us link to a privacy notice at the point of data collection.
  • APP 6 — use and disclosure. Personal information is used only to operate, support, and improve the platform. We do not sell it, share it for advertising, or repurpose it for any unrelated secondary use.
  • APP 8 — cross-border disclosure. Sub-processors used to deliver the service are listed above. On request we will confirm the AWS region(s) your data is stored in and the transfer mechanism we rely on for any data leaving Australia.
  • APP 11 — security. TLS 1.2+ in transit, encryption at rest, role-based access, audit logging, continuous vulnerability scanning, and PCI-compliant payment handling.
  • APP 12 and 13 — access and correction. Your customers can request export, correction, or deletion of their data; we provide the tooling so you can respond as the data controller.
  • Notifiable Data Breaches scheme. In the event of a breach likely to result in serious harm, we will notify affected individuals and the OAIC within the statutory timeframes.

What we are working on ahead of upcoming deadlines

  • Automated decision-making disclosures (required in privacy policies by December 2026). We will expand our AI section to identify which decisions are fully or substantially automated and which always have a human in the loop.
  • Children's Online Privacy Code. We do not knowingly collect data from under-16s. As the OAIC code is finalised we will align our handling and disclosures accordingly.
  • Built-in consent banner for hosted sites, sized to Australian and other jurisdictional requirements.
  • Statutory tort for serious invasions of privacy. We are reviewing our incident-response playbook in light of the new statutory cause of action that took effect in June 2025.

Who is the APP entity?

For data your business puts into RentalTide (including data your customers enter through your booking page or hosted website), you are the APP entity and data controller and RentalTide acts as your processor on your instructions. We route any direct privacy requests from your end-customers back to you, and we provide the tooling needed to respond.

For data we collect directly from you as a RentalTide subscriber (your account, billing, and support communications), RentalTide is the APP entity.

Australian privacy contact

Email privacy@rentaltide.com for any Australian Privacy Act request, including access, correction, complaint, or opt-out. We aim to respond within two business days and resolve substantive requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Security

We use industry-standard practices: encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, audit logging, and continuous vulnerability scanning. Stripe and AWS are PCI DSS compliant, so payment card data never touches our application servers directly.

If you discover a security issue, please email security@rentaltide.com rather than filing a public issue. We respond to all reports within one business day.

Questions, requests, or concerns

For anything privacy-related, write to privacy@rentaltide.com. A real human reads every message.

Specifically, you can email us to:

  • Opt out of internal AI training.
  • Request a copy of all data we hold about your business.
  • Request deletion of your account and all associated data.
  • Ask for the current list of sub-processors and their contact information.
  • Report a suspected privacy issue.

We aim to respond within two business days and resolve substantive requests within 30 days.

Was this page helpful?
Need help? Contact Support.See what’s new. Check out changelog.Questions? Book a video chat.
Ask AI
Responses are generated using AI and may contain mistakes.
Ask questions about RentalTide and get help with your integration.