Privacy Policy

Effective May 21, 2026

This Policy describes what data is processed using the Rent Assistance mobile app (the "App"), how we use it, who we share it with, and what rights you have. By using the App, you confirm you have read this Policy and accept its terms.

1. Who we are

The App is developed and maintained by independent individuals. Privacy contact: [email protected].

1.1. Purpose of the App and the roles of the parties in personal data processing

Rent Assistance is a personal bookkeeping tool for an owner who rents out real estate. The App is essentially a private "electronic notebook" in which you keep your own records of properties, meters, contracts, payments, and tenant contacts. The content and form of the entered information are determined entirely by you; the App does not verify entered data, does not cross-check it against government registries, identity documents, telecom carriers or any other sources, and does not use tenant data for any of its own purposes.

Roles of the parties in personal data processing:

You (user, landlord) are the controller (operator) of personal data of your tenants. You alone determine the purposes and means of processing, the composition of the information entered, the retention period and the persons who have access. You are responsible for having a lawful basis for processing tenant data (rental agreement, data subject's consent, legitimate interest) and for notifying tenants about the processing of their data in the manner required by the applicable law.
We (the App's developer) act as a processor — a person performing processing on the controller's instructions. We only provide you with technical infrastructure (the mobile app, our cloud infrastructure provider's servers, push notifications, the optional Telegram Bot API and AI recognition integrations) for you to keep your own records. We do not determine the purposes of tenant data processing, do not use such data for our own needs, do not share it with third parties beyond those listed in section 4, and have no independent interest in this data.
With respect to your own data (email, name, App settings, subscription status, technical device identifiers) we act as the controller — to the extent necessary to provide you with the App, technical support, and payment processing.

By using the App, you instruct us to process your tenants' personal data on the terms of this Policy. The list of actions is limited to technical operations: collection from you, storage in our cloud infrastructure provider's secure environment, transfer between your devices, and deletion on your command or upon expiry of the retention periods set out in section 5. We do not carry out any independent processing of tenant data beyond these technical operations.

2. Data we collect

2.1. Account data

Email and name — at sign-up via our authentication service.
Password hash — stored by the authentication service; we never have access to your plaintext password.

2.2. Property data

Property name and address, type, area, floor, room count.
Financial parameters: rent amount, currency, market value.
Notes and photos of the property.

2.3. Tenant data (entered and determined by you)

The App contains free-form text fields for tenant record-keeping. The composition and accuracy of the entered data are determined by you. The App does not require uploading documents, does not cross-check entered information against identity documents or any government registries, does not verify that a phone number belongs to a specific person, and performs no other verification.

Name — a free-form text field. May contain a real name, a nickname, a conventional label (e.g., "Apt 5", "Tenant", "Upstairs neighbor") or any other text of your choice. We do not interpret the content and do not verify whether it matches a real natural person.
Phone — a free-form text field. May contain a phone number in any format, a dash, the character "—", or any other text. The App does not send confirmation SMS, does not call the entered number, and does not check it against telecom carrier databases.
Email (optional), profile photo (optional), notes (optional) — entered by you at your discretion.
Telegram username and chat_id — filled automatically only if your tenant, on their own initiative, scans the pairing QR code and connects to the Telegram bot themselves. Without the tenant's explicit action these fields remain empty.

Important: you enter tenant data on your own behalf as the controller (see section 1.1). The decision on what information to enter and in what form is yours alone. Before saving real identifying data of a specific natural person, ensure you have a lawful basis for processing it (rental agreement, data subject's consent, legitimate interest).

2.4. Contract data

Dates, rent amount, payment day, deposit, change history.
Attached contract files (if you upload them).

2.5. Meter and reading data

Resource type, tariffs, meter numbers, calibration dates.
Readings and meter photos.
Consumption history and cost calculation.

2.6. Payments

Amounts, dates, status, description, receipt photos (if attached).

2.7. Technical data

Push tokens (mobile platform push notification service) — for sending notifications.
Device platform (iOS/Android) and last activity timestamp.

2.8. Email from the website subscription form

When subscribing for release notifications via the form on rentassistance.app, we process only the email address you provide. The email is transferred to the web-form processing service we use, which forwards it to our service mailbox. The processing purpose is to send you one notification about the application's release. The email is deleted within 30 days after the notification is sent or upon your request. For more information on consent — see Consent to Personal Data Processing; on cookies — see Cookie Policy.

2.9. What we do NOT collect

Government IDs, social security / tax numbers, dates of birth, residence addresses of tenants.
Biometric data (fingerprint, Face ID are used only locally on the device for app unlock).
Bank details, card numbers.
User location (the app does not request location permission).
Data from other apps, contacts, SMS, calls.

About photos. Photos you upload (meters, property covers, receipts) may contain EXIF metadata, including GPS coordinates. This metadata is stored alongside the file. If you don't want geolocation in photos — disable it in your device camera settings.

3. Where and how we store data

Data is stored on the infrastructure of our cloud services provider, which operates the following components:

authentication service — accounts (email, name);
cloud database — structured app data (properties, tenants, contracts, payments, etc.);
cloud file storage — photos and documents;
server infrastructure — background processing (recognition, notifications, cleanup of expired data);
push notification service — delivering notifications to user devices.

Data transfer between your device and the Operator's infrastructure is encrypted via HTTPS / TLS.

4. Sharing with third parties

We share the minimum necessary data with the following services solely to provide App features:

4.1. Cloud infrastructure provider

All app data is stored and processed on the infrastructure of our chosen cloud services provider. The provider operates the storage, authentication, push notification and server-side logic services listed in section 3.

4.2. External AI recognition service

When you use the AI recognition feature for contracts or meter readings, photos are sent to an external AI text recognition service.

Sent: contract or meter photo (without your account info or email).
Purpose: extract text data from the image.
Storage: photos are processed in real time and not stored — neither on our servers nor in cloud storage. After recognition completes, the source photo is deleted automatically.
The AI prompt explicitly instructs the model not to extract government IDs, tax numbers, dates of birth, or other sensitive personal data, even if present on the photo.

4.3. Telegram Bot API

If you or your tenant connect a Telegram bot, the following is transmitted via Telegram Bot API:

Message text (between you and the tenant), meter photos sent by the tenant to the bot.
Tenant's Telegram chat_id and username — to identify them in the bot.

Telegram is an independent data controller for messages within their network. Telegram Privacy Policy.

4.4. Google Play (install and subscription)

When you install the App and subscribe, the Google Play / Apple App Store handles your payment. We do not receive your card number or other payment details — only subscription status (active / canceled / expired) via the corresponding store API.

4.5. No other sharing

We do not sell your data. We do not share it with ad networks, analytics brokers, or any third parties beyond those listed above.

5. How long we keep data

While your account is active — data is kept indefinitely so the App can function correctly. As the controller, you determine the retention period and the composition of stored data.
Telegram bot messages (correspondence with the tenant, photo identifiers) are auto-deleted 15 days after receipt.
If you delete your account (see section 7) — all your data, including tenant data you entered, is removed automatically within 30 days.
Server function logs (no tenant personal data, only operation IDs and technical events) are kept up to 30 days.

6. Security

We use the standard security mechanisms of the cloud platform:

Encryption in transit (HTTPS/TLS).
Encryption at rest on the infrastructure provider's servers.
Security rules for data access — each user can access only their own data.
Account protection: password (required), PIN or biometrics (optional, locally on device).

Despite all measures, no internet transmission method is 100% secure. We cannot guarantee absolute protection from breaches but commit to notify you and the relevant authorities within 72 hours of detecting a breach.

7. Your rights

You have the right to:

Access your data — all your data is visible in the App itself.
Modify or delete any of your data via the App interface (properties, tenants, contracts, etc.).
Delete your account entirely — in the App: Settings → Security → Delete account. After confirmation, all your data (including Storage photos) is deleted within 30 days.
Withdraw consent for the Telegram bot — by stopping the bot via the /stop command or deleting the tenant record in the App.
Request a data export — write to [email protected], we'll respond within 10 business days (Articles 14, 20 of Russian Federal Law No. 152-FZ); the term may be extended by another 5 business days with notice to the applicant.
File a complaint with the data protection authority of your jurisdiction.

8. Children

The App is not intended for persons under 18. We do not knowingly collect data from minors. If you discover that a child has provided us with their data — please write to us, we will delete it.

9. Compliance with applicable data protection law

With respect to users and tenants located in the Russian Federation, processing of personal data is carried out subject to Federal Law No. 152-FZ "On Personal Data" of 27.07.2006 and other regulations of the Russian Federation. Specifically:

The controller (operator) of tenants' personal data is the App's user (landlord). All controller obligations under Articles 18.1, 22 and other provisions of 152-FZ (notifying the data subject, ensuring data subject rights, responding to requests and complaints, notifying Roskomnadzor where required) are performed by the user.
The App's developer acts as a processor performing processing on the controller's instructions, within the meaning of Part 3 of Article 6 of 152-FZ. The instructions are recorded in this Policy and in the Terms of Service accepted by you.
If a data subject (tenant) contacts the developer directly with a request to access, modify, delete or block their personal data, we forward such a request to the user-controller and/or fulfill it to the extent technically possible (for example, by executing the user's command to delete the tenant record).
Personal data processing is performed with data protection measures compliant with Russian Federation law. The choice of technical infrastructure is driven by functionality, security and availability requirements.

For users in other countries, local data protection requirements apply (including GDPR, CCPA, etc.) with respect to data subject rights and the processor's obligations.

10. Changes to this Policy

We may update this Policy. We will notify you of material changes in the App or by email at least 30 days before they take effect. Continued use of the App after notification constitutes acceptance.

11. Contact

For privacy and data protection questions, write to [email protected]. We respond within 10 business days (the response time for personal data subject requests under Russian Federal Law No. 152-FZ, Articles 14 and 20).