Tenby

Privacy Policy

Last updated: March 2026

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, phone number (optional), and role (landlord or tenant).

Property & Lease Data: Landlords provide property addresses, unit details, lease documents, and tenant information. This data is stored securely and used solely to provide our services.

Payment Information: Rent payments and deposits are processed through Stripe. We never store credit card numbers, bank account numbers, or other payment credentials on our servers. Stripe handles all payment data under PCI-DSS Level 1 compliance.

Tenant Screening Data: When landlords order background checks, applicant data (name, date of birth, SSN last 4 digits, address) is transmitted directly to our screening partner (Checkr) and handled under FCRA compliance. Full SSN is never stored in Tenby.

Usage Data: We collect anonymous analytics (page views, feature usage, crash reports) through PostHog and Sentry to improve app stability and features. We do not sell or share this data with advertisers.

Photos & Documents: Maintenance request photos, inspection images, lease documents, and expense receipts are stored in encrypted cloud storage (Supabase Storage) and accessible only to authorized users.

2. How We Use Your Information

  • Provide and operate the Tenby platform
  • Process rent payments and security deposits via Stripe
  • Run AI-powered lease analysis and compliance checking (via Anthropic Claude API)
  • Send push notifications for rent reminders, maintenance updates, and lease alerts
  • Generate financial reports and tax documents (Schedule E)
  • Perform tenant background screening (via Checkr)
  • Improve app performance and fix bugs

3. Information Sharing

We do not sell your personal information. We share data only with:

  • Stripe: Payment processing (PCI-DSS compliant)
  • Checkr: Background screening (FCRA compliant)
  • Anthropic: AI lease analysis and maintenance triage (no PII sent to AI models — only document text and anonymized context)
  • Supabase: Database and file storage (SOC 2 Type II compliant)
  • Between landlord and tenant: As necessary to facilitate the landlord-tenant relationship (messages, lease terms, maintenance updates)

4. Data Security

We protect your data with:

  • Encrypted storage at rest and in transit (TLS 1.3)
  • Row Level Security on all database tables (landlords see only their data, tenants see only their unit)
  • Authentication tokens stored in device secure storage (iOS Keychain, Android Keystore)
  • Webhook signature verification for all payment and screening events
  • Rate limiting on all API endpoints
  • Immutable audit logs for compliance-critical actions

5. Your Rights

You have the right to:

  • Access: View all data we have about you in the app
  • Correct: Update your profile and property information at any time
  • Delete: Delete your account and all associated data from Settings > Delete Account
  • Export: Download your payment history and financial reports
  • Opt out: Disable push notifications, analytics, or credit reporting at any time

For California residents: we comply with the CCPA. For EU residents: we comply with GDPR. Contact us at privacy@tenby.app for data requests.

6. Data Retention

We retain your data as long as your account is active. When you delete your account, all personal data is permanently removed within 30 days. Financial records required for tax compliance may be retained for up to 7 years as required by law. Tenant screening data is disposed of within 30 days per FCRA requirements.

7. Children's Privacy

Tenby is not intended for users under 18 years of age. We do not knowingly collect information from children.

8. Changes to This Policy

We may update this policy as our practices evolve. Significant changes will be communicated via in-app notification or email. Continued use of Tenby after changes constitutes acceptance.

9. Contact

Questions about privacy? Email privacy@tenby.app.