Privacy Policy

Last updated: 9 March 2026

1. Who We Are

RentFig ("we", "us", "our") is a property management platform designed for landlords in England. We act as a data controller for the personal data we collect through our service at rentfig.com.

2. What Data We Collect

We collect and process the following categories of personal data:

Account Data

  • Full name, email address, and phone number
  • Organisation name and billing address
  • Password (stored as a secure hash — we never store plaintext passwords)

Property & Tenancy Data

  • Property addresses, EPC ratings, and compliance certificates
  • Tenant names, contact details, and tenancy agreement information
  • Rent amounts, payment records, and deposit details
  • Documents you upload (tenancy agreements, certificates, invoices)

Financial Data

  • Bank transaction data imported via Open Banking (TrueLayer)
  • Invoice and payment records
  • Subscription and billing information (processed by Stripe)

Usage Data

  • Log data (IP address, browser type, pages visited)
  • Activity logs within the application

3. How We Use Your Data

We use your personal data to:

  • Provide and maintain the RentFig service
  • Process rent payments and generate financial statements
  • Track compliance certificates and send expiry reminders
  • Send service notifications (e.g. payment confirmations, renewal alerts)
  • Improve our platform and develop new features
  • Comply with legal and regulatory obligations

4. Legal Basis for Processing

We process your data under the following legal bases (UK GDPR):

  • Contract: Processing necessary to provide the service you have subscribed to
  • Legal obligation: Retention of financial records as required by HMRC and UK tax law
  • Legitimate interest: Improving our service, preventing fraud, and ensuring platform security
  • Consent: Where you opt in to marketing communications

5. Data Retention

We retain your data for as long as your account is active, plus a mandatory retention period of 6 years after account closure or tenancy end. This retention period is required to comply with UK tax and financial record-keeping obligations.

After the 6-year retention period, your data is automatically archived and then permanently deleted. You may request early deletion of non-financial data at any time, but we are legally required to retain financial records for the full 6-year period.

6. Tenant Data

RentFig operates a one-directional communication model for tenants. Tenants receive messages, invoices, and PDF statements from landlords but do not have accounts on RentFig and cannot log in or interact with the platform directly.

Landlords are responsible for informing their tenants that their data is stored in RentFig and providing them with a copy of this privacy policy upon request.

7. Data Sharing

We share your data only with the following third parties:

  • Supabase: Database hosting and authentication (EU/UK data centres)
  • Stripe: Subscription billing and payment processing
  • TrueLayer: Open Banking transaction imports (with your explicit consent)
  • Vercel: Application hosting

We do not sell your personal data to third parties. We do not share your data with advertisers.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data (available via Settings > Data Export)
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your data (subject to the 6-year financial retention requirement)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interest
  • Withdrawal of consent: Withdraw consent for marketing at any time

To exercise any of these rights, use the Data Export feature in your account settings or contact us at privacy@rentfig.com.

9. Cookies

We use essential cookies required for authentication and session management. We do not use advertising or tracking cookies. Analytics cookies (if enabled) are anonymised and do not track individual users.

10. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest, row-level security policies, and regular security reviews.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes via email or an in-app notification. The "last updated" date at the top of this page indicates when this policy was last revised.

12. Contact

If you have questions about this privacy policy or our data practices, contact us at:

Email: privacy@rentfig.com