Privacy Policy

Rental Analyst is a web-based real estate analytics service operated as a business based in Ontario, Canada. We are the organization responsible for personal information under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

Privacy inquiries can be directed to our Privacy Officer at: info@rentalanalyst.ca

We collect only the information necessary to provide the service.

Information you provide directly:

• Email address (used for account creation and authentication)
• Property data you enter: purchase price, mortgage details, rent, expenses, address or nickname
• Payment information (processed directly by Stripe — we do not store card numbers)
• Subscription tier and billing preferences

Information collected automatically:

• Authentication session tokens (via Supabase Auth)
• Account metadata: onboarding completion date, feature usage flags, dashboard preferences
• Browser type and approximate timezone (for display purposes only)
• IP address (retained by Supabase and Vercel infrastructure for security purposes)

We do not collect government identification numbers, Social Insurance Numbers, financial account numbers, or sensitive personal information beyond what is listed above.

We collect and use personal information only for the following purposes, as required by PIPEDA (Schedule 1, Principle 4.2):

• To create and manage your account and authenticate your identity
• To provide this service, including calculating and displaying property analytics
• To process subscription payments and manage billing through Stripe
• To send transactional emails: account login links, payment receipts, and service notices
• To improve the product based on aggregate, anonymized usage patterns
• To comply with applicable laws and respond to legal requests
• To prevent fraud and enforce our Terms of Service

We will not use your personal information for any new purpose without first obtaining your consent or as otherwise permitted by law.

By creating an account and using this service, you consent to the collection, use, and disclosure of your personal information as described in this policy. This consent is required to provide the service.

You may withdraw consent at any time by deleting your account (see Section 9). Withdrawing consent may mean we can no longer provide you with the service.

Quebec residents: In accordance with Quebec's Act respecting the protection of personal information in the private sector (Law 25 / Bill 64), we obtain express consent before collecting your personal information, and we will not use automated decision-making processes that produce legal or similarly significant effects on you without disclosure.

We do not sell, rent, or trade your personal information. We share it only as follows:

Service providers (data processors):

• Supabase Inc. — database and authentication infrastructure. Data may be stored on servers in the United States. Supabase is SOC 2 Type II certified.
• Stripe Inc. — payment processing. Stripe processes payment information under their own privacy policy and PCI-DSS compliance framework.
• Vercel Inc. — web hosting and deployment infrastructure.

Each service provider is contractually bound to protect your information and use it only for the purposes we specify.

Cross-border transfers:

Some service providers process data in the United States. By using this service, you acknowledge that your information may be transferred to and processed in the United States, where privacy laws may differ from those in your province. We take reasonable steps to ensure adequate protection through contractual safeguards.

Legal requirements:

We may disclose your information where required by law, court order, or to protect the rights, property, or safety of our users or the public.

We use only functional cookies and session tokens necessary for authentication and user preferences. We do not use advertising cookies, third-party tracking pixels, or behavioural analytics tools.

• Authentication session token (Supabase) — required to keep you logged in
• Theme preference (light/dark) — stored in browser local storage
• Dashboard preference flags — stored in Supabase user metadata

You can clear cookies through your browser settings, but this will sign you out of your account.

We retain personal information only as long as necessary for the purposes described in this policy:

• Active account data: retained for the duration of your account
• Property data you enter: retained until you delete it or your account
• Payment records: retained for 7 years as required by Canadian tax law
• Authentication logs: retained for up to 90 days for security purposes
• Deleted account data: permanently purged within 30 days of account deletion request

Under PIPEDA and applicable provincial laws, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete personal information
• Withdrawal of consent: Withdraw your consent to our collection and use of your information
• Deletion: Request deletion of your account and associated personal information
• Complaint: File a complaint with the Office of the Privacy Commissioner of Canada

Quebec residents also have the right to data portability (receive your data in a structured, commonly used format) and to be informed of any automated decision-making that produces significant effects on you.

British Columbia and Alberta residents: You have equivalent rights under BC's Personal Information Protection Act (PIPA) and Alberta's Personal Information Protection Act respectively. Complaints may also be directed to the respective provincial Privacy Commissioner.

To exercise any of these rights, contact us at info@rentalanalyst.ca. We will respond within 30 days.

You may request deletion of your account and all associated personal information at any time by emailing info@rentalanalyst.ca with subject line "Account Deletion Request." We will confirm deletion within 30 days. Payment records will be retained as required by Canadian tax law (7 years) but will not be used for any other purpose.

We implement reasonable technical and organizational safeguards to protect your personal information, including:

• Encrypted data transmission (TLS 1.2+) for all communications
• Authentication via Supabase Auth with industry-standard session management
• Payment data handled exclusively by Stripe under PCI-DSS Level 1 compliance
• Access to personal information restricted to personnel who need it to provide the service

No method of transmission over the internet is 100% secure. In the event of a privacy breach that poses a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada as required by PIPEDA.

Rental Analyst is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us at info@rentalanalyst.ca and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the application at least 14 days before the change takes effect. Continued use of the service after notice constitutes acceptance of the updated policy.

The current version of this policy is always available at rentalanalyst.ca/privacy.

For privacy inquiries, access requests, or complaints, contact our Privacy Officer:

If you are not satisfied with our response, you may contact the applicable privacy authority:

• Federal: Office of the Privacy Commissioner of Canada — priv.gc.ca
• Quebec: Commission d'accès à l'information — cai.gouv.qc.ca
• British Columbia: Office of the Information and Privacy Commissioner — oipc.bc.ca
• Alberta: Office of the Information and Privacy Commissioner — oipc.ab.ca