Legal

Privacy Policy

Last updated: May 7, 2026

Rentive AI (“Rentive AI”, “we”, “us”, or “our”) is a business operated by Dominik J Stefanski. Rentive AI operates a 24/7 voice AI maintenance platform for property management companies (“PMCs”). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices available to you.

This policy applies to our website at rentive.ai, our marketing pages, and the authenticated dashboard at rentive.ai/dashboard. If you are a tenant whose call was handled by a Rentive AI-powered phone number, please direct privacy questions to your property management company in the first instance. They are the controller of that data; we are a processor acting on their behalf.

1. Roles: Controller and Processor

For website visitors and PMC dashboard users, Rentive AI acts as a controller of your personal information.

For data flowing through the Service in the course of operating a PMC's voice agent (including tenant phone numbers, call recordings, transcripts, lease information, and vendor contact information), the PMC is the controller and Rentive AI is a processor acting on the PMC's documented instructions.

2. Information We Collect

2a. Information you provide directly

When you submit a demo or contact form, we collect: name, email address, company name, and approximate unit count. When you create a dashboard account, our auth provider (Clerk) processes name, email address, and login credentials. We may also receive profile metadata Clerk surfaces to us.

2b. Information processed on behalf of PMCs (voice agent)

When a PMC routes tenant calls through Rentive AI, the following data is collected and processed:

  • Tenant identifiers: name, phone number (caller ID), unit and property association
  • Lease information: lease start/end dates, unit assignment, and similar facts the PMC chooses to make available to the agent
  • Property and unit data: addresses, unit numbers, configuration, business hours, vendor lists
  • Call content: audio recordings, transcripts, AI-generated summaries, classification, triage outputs
  • Maintenance and dispatch records: tickets, vendors contacted, SMS exchanges, timestamps, outcomes
  • Vendor contact information: vendor name, phone number, trade, dispatch preferences

2c. Automatically collected information

When you browse our marketing site or dashboard we automatically collect basic usage information such as IP address, browser and device type, pages visited, referring URLs, and timestamps. We use first-party cookies and similar technologies to operate authentication and remember session state.

3. How We Use Information

  • Respond to demo requests and sales inquiries
  • Provide, secure, and operate the Service for PMCs (handling calls, generating tickets, dispatching vendors, sending notifications)
  • Improve the accuracy and reliability of our voice and triage systems, using de-identified or aggregated data
  • Send transactional notifications to designated PMC contacts
  • Bill and collect fees, prevent fraud and abuse, and enforce our Terms of Service
  • Comply with legal obligations and respond to lawful requests

We do not sell personal information. We do not use tenant call data for advertising or for training general-purpose models outside the operation of the Service.

4. Call Recording Disclosure

The Service records and transcribes inbound tenant calls handled by the AI agent. PMCs are responsible for providing any notice and obtaining any consent required by applicable call-recording laws (including “two-party” or “all-party” consent jurisdictions) before routing calls through the Service. Tenants who do not wish to have a call recorded should contact their property management company through an alternate channel.

5. Sub-Processors

We share data with the following sub-processors to operate the Service. Each operates under its own privacy policy and data processing terms.

Vapi

AI voice infrastructure: real-time call audio, model orchestration, live transcription

Data: Call audio, transcripts, caller phone numbers

Twilio

Telephony and SMS: routes inbound calls, sends SMS notifications to vendors

Data: Caller and vendor phone numbers, SMS content, call metadata

Supabase

Primary application database (PostgreSQL with row-level security), hosted in the United States

Data: All structured Customer Data (clients, properties, units, tenants, leases, vendors, calls, tickets, dispatches, KB)

Pinecone

Vector database for Knowledge Base semantic search

Data: Embeddings of Knowledge Base content; no raw tenant PII

Resend

Transactional email delivery to PMC notification contacts

Data: PMC notification email addresses, alert content

OpenAI

Embeddings and large-language-model inference for KB retrieval and triage assistance

Data: Knowledge Base content for embedding; relevant transcript or KB context for inference

Vercel

Web application hosting (Next.js dashboard and marketing site) in the United States

Data: Server logs, request metadata; user-submitted form fields in transit

Clerk

Authentication and identity for the dashboard

Data: Account email, name, login credentials, session metadata

We require sub-processors to maintain appropriate security and confidentiality protections, and will give reasonable advance notice of any new sub-processor that materially affects how Customer Data is processed.

6. Data Hosting and International Transfers

Customer Data is hosted in the United States (Supabase and Vercel are operated from US-East regions). Some sub-processors may process data in other regions in the course of their service (for example, model providers and CDN edges). We rely on the sub-processors' contractual commitments and standard contractual mechanisms where applicable.

7. Data Retention

  • Lead form submissions: retained as long as necessary to follow up on the inquiry, then archived or deleted.
  • Dashboard account information: retained while the account is active and for a reasonable period afterward.
  • Voice-agent data: calls, transcripts, recordings, tickets, and dispatches are retained for the duration of the PMC's active subscription plus 90 days after termination, unless earlier deletion is requested or longer retention is required by law.
  • Tenant and lease records: retained only as long as necessary to operate the Service for the PMC, subject to the PMC's instructions.
  • Backups and logs: retained for short, rolling periods consistent with our backup and observability practices, and overwritten in the ordinary course.

8. Security Posture

We use commercially reasonable safeguards including:

  • TLS in transit and encryption at rest with our cloud database provider
  • Row-level security policies in Supabase scoped by client_id so PMCs cannot read each other's data
  • Authenticated dashboard access via Clerk; webhooks gated by signature verification (Twilio signature, Vapi webhook secret)
  • Principle of least privilege for staff access; secrets are not exposed in API responses or client-side code
  • Logging and monitoring of system events

No method of transmission or storage is fully secure. If you believe you have discovered a vulnerability, please contact us immediately at dominikstefanski@rentive.ai.

9. Your Rights and Deletion Requests

Depending on your jurisdiction, you may have the right to access, correct, delete, port, or restrict the processing of personal information about you, or to object to certain processing. You may also have the right to withdraw consent where processing is based on consent.

To exercise these rights:

  • Tenants and other individuals whose data was processed on behalf of a PMC: please contact your property management company first. As a processor, we will support the PMC in responding to your request.
  • PMC dashboard users and website visitors: email dominikstefanski@rentive.ai with the request and enough information to verify your identity. We aim to respond within 30 days.

We do not discriminate against you for exercising any of these rights.

10. Sensitive Data: What We Do Not Process

The Service is not designed for, and Customers must not submit:

  • Protected health information (“PHI”) subject to HIPAA
  • Payment card data subject to PCI-DSS
  • Government-issued identifiers (e.g., Social Security numbers, passport numbers, driver's license numbers)
  • Bank account numbers or other financial account credentials

We are not a HIPAA business associate and do not sign Business Associate Agreements. We are not PCI-DSS certified.

11. Children's Privacy

The Service is intended for business use by property management companies. It is not directed to children under 13 (or 16 where applicable), and we do not knowingly collect personal information from minors. If you believe a minor has provided us information, please contact us so we can delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last updated” date at the top, and where appropriate by additional notice. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

13. Contact

Questions or concerns about this Privacy Policy: