RentGuard
How it worksCoverageFor landlordsPricing
Sign inGet started
Legal

Privacy Policy — RentGuard NYC

Last updated: 2026-05-08

1. Introduction

1.1 Who we are

RentGuard NYC ("RentGuard," "we," "us," "our") is operated by RentGuard NYC LLC and provides building risk lookups, AI-assisted lease reviews, and FARE Act compliance checks for renters in New York City. The service is available at rentguard.nyc.

1.2 Scope

This Privacy Policy describes what personal information we collect, how we use it, who we share it with, how long we retain it, and the rights you have over it. It applies to all users of our website and services.

1.3 Important framing

RentGuard NYC is not a law firm and does not provide legal services. Submitting your lease to our service does not create an attorney-client relationship and does not establish the kind of confidentiality that exists with a lawyer. Lease text you submit is governed by this Privacy Policy and our Terms of Service.

2. Information We Collect

2.1 Information you give us

  • Account information. Email address (used for magic-link sign-in; we do not store passwords), and any optional profile fields you provide (e.g., display name).
  • Payment information. When you purchase a lease review or subscribe to Search Pass, you provide payment details to our payment processor (Stripe). We do not store full card numbers on our servers; we receive a token and the last four digits for receipts.
  • Lease PDFs. When you use the lease review tool, you upload a PDF lease. Lease PDFs typically contain your name, the rental address, lease term, monthly rent, security deposit terms, and other contractual details. Some leases include income or employment information; rare leases include Social Security numbers or government-issued ID numbers. We treat lease PDFs as the highest-sensitivity data class we handle.
  • Saved searches and saved buildings. Search Pass subscribers can save buildings they want to monitor.
  • Communications. Messages you send us through support email or contact forms.

2.2 Information we collect automatically

  • Usage data. Pages viewed, searches performed, features used, timestamps.
  • Device data. IP address, browser type, operating system, device identifiers.
  • Cookies and similar technologies. See Section 8.

2.3 Information from third parties

  • Public records. When you search a building, we retrieve public-record data from NYC.gov Open Data sources (HPD, DOB, 311, NYC Marshal, NYC Public Advocate). These records are about the building and its registered owner — not about you. We do not associate building public-record data with you except by virtue of your having searched for it.
  • Payment processor. Stripe returns transaction status, last four digits of the card, and similar metadata.

2.4 What we do not collect

  • We do not collect biometric data.
  • We do not collect health information.
  • We do not collect children's information knowingly (see Section 11).
  • We do not buy data about you from data brokers.

2.5 Anonymous use

You can run building lookups and lease reviews without creating an account. When you do, we associate the request with an anonymous browser identifier (anon_token) or, if you choose to receive a result by email, with the email address you provide. We treat this data under the same retention and security rules as account-linked data, and we do not attempt to identify the individual behind an anon_token beyond what is necessary to deliver the service.

3. How We Use Information

We use the information we collect to:

  • Provide the building risk lookup, lease review, and FARE Act compliance check.
  • Process payments and manage subscriptions.
  • Send you the building violation alerts you have subscribed to.
  • Improve the product (analytics, debugging, evaluating new clause-library entries).
  • Communicate with you about your account and our services.
  • Comply with our legal obligations.
  • Enforce our Terms of Service and prevent fraud or abuse.

We do not use customer lease data or building searches to train, fine-tune, or otherwise improve any AI model. See Section 4.

4. AI Processing

4.1 What we use AI for

We use third-party AI models to:

  • Generate plain-English summaries of public-record building data (gpt-4o-mini, hosted by OpenAI in the United States).
  • Identify clauses in your uploaded lease that match patterns in our NYC clause library, and to render a structured report (Claude Haiku 3.5 or a comparable US-hosted model from Anthropic).

4.2 What we do not do

  • We do not use customer lease data to train, fine-tune, or otherwise improve any AI model — ours, OpenAI's, or Anthropic's. We use these providers under terms that prohibit training on our submitted data.
  • We do not use Chinese-hosted, Russian-hosted, or other non-US-hosted AI providers for any user data.
  • We do not generate personalized legal recommendations. The lease review explains what clauses say and which laws they relate to; it does not tell you what to do, sign, or demand.

4.3 Limitations you should know about

AI models can make mistakes. They can miss clauses, misclassify clauses, or describe a law inaccurately. Reports include citations to the underlying NY statute or regulation; you should verify against the cited source and consult an attorney before relying on a report.

5. Sharing Information

We share information only as described below.

5.1 Service providers

We share information with vendors that help us run the service: Stripe (payments), our cloud hosting provider, our email service provider, our error-monitoring provider, and the AI providers identified in Section 4. These vendors process information on our behalf under written agreements. A current list of sub-processors is available on request from privacy@rentguard.nyc.

5.2 Affiliate links

When you click an affiliate link to Lemonade, Bellhop, or Moved, you leave our site. We do not pass your personal information to those companies through the link itself; the affiliate link includes a tracking ID that lets the partner credit us if you complete a purchase or sign up. The partner's own privacy policy governs what they collect once you arrive.

5.3 Legal requirements

We may disclose information if required by law, subpoena, court order, or other valid legal process; to protect the rights, property, or safety of RentGuard, our users, or others; or in connection with an investigation of suspected fraud or abuse.

5.4 Business transfers

If RentGuard is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you and any successor will be required to honor this Privacy Policy or provide notice of any change.

5.5 With your consent

We share information for any other purpose with your consent.

5.6 What we do not do

  • We do not sell your personal information.
  • We do not share your personal information with third parties for their direct marketing purposes.
  • We do not share lease text or building searches with landlords, real-estate brokers, or any party with a financial interest in the buildings or leases we surface.

6. Data Retention

6.1 Default retention

Data typeRetention
Account informationWhile your account is active, plus 90 days after closure
Lease PDFs and extracted lease text90 days from upload, then auto-purged. Saving the report (see next row) does not extend retention of the underlying PDF or extracted text.
Saved lease reportsWhile your account is active; you can delete at any time
Building search history12 months
Saved buildingsWhile your account is active; you can delete at any time
Payment records7 years (for tax and accounting)
Logs (usage, security)12 months
BackupsUp to 35 days from creation

6.2 Lease PDF specifics

Lease PDFs contain sensitive personal information. By default we delete them 90 days after upload. You can delete a lease PDF immediately at any time from your account dashboard. If you save the report, we retain the report (a structured summary) for as long as your account is active; the underlying PDF is still deleted at the 90-day mark.

6.3 Why we retain at all

We retain account, payment, and limited usage data to provide the service, process refunds, prevent fraud, debug issues, and comply with tax and legal obligations.

7. Data Security

We follow the requirements of the NY SHIELD Act (Gen. Bus. Law §899-bb), including:

  • Reasonable administrative, technical, and physical safeguards against unauthorized access, acquisition, alteration, or disclosure of private information.
  • Encryption in transit (TLS) and at rest for sensitive data including lease PDFs.
  • Access controls limiting access to personal information on a need-to-know basis.
  • Breach response procedures consistent with SHIELD Act notification requirements.

No system is perfectly secure. If a breach occurs, we will notify affected users in compliance with applicable law.

8. Cookies and Similar Technologies

We use cookies and similar technologies for:

  • Strictly necessary cookies — to log you in and keep you logged in, to remember your search session, to enable payment.
  • Functional cookies — to remember your preferences (e.g., recent buildings).
  • Analytics. We use Cloudflare Web Analytics for page-view analytics; it is cookieless and does not require a banner. We use PostHog for event analytics on paid funnel actions (e.g., paywall views, lease unlocks); PostHog uses a first-party cookie to deduplicate events.

We do not use advertising cookies. We do not allow third-party advertising trackers on our site.

You can control cookies through your browser settings. Disabling strictly necessary cookies will break core functionality.

9. Your Rights

9.1 Rights available to all users

Regardless of where you live, you can:

  • Access. Request a copy of the personal information we hold about you.
  • Correct. Request correction of inaccurate personal information.
  • Delete. Request deletion of your personal information, subject to limited exceptions for records we are legally required to retain (e.g., tax records).
  • Export. Request your saved lease reports and search history in a machine-readable format.
  • Unsubscribe. Opt out of any non-essential email at any time using the link in the email or in your account settings.

9.2 California residents (CCPA / CPRA)

If you are a California resident, you have the additional rights under the California Consumer Privacy Act, as amended by the CPRA, including:

  • The right to know what categories of personal information we collect, the sources, the purposes, and the categories of third parties we share with.
  • The right to delete personal information, subject to statutory exceptions.
  • The right to correct inaccurate personal information.
  • The right to opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CPRA.
  • The right to limit the use of sensitive personal information. We do not use sensitive personal information for any purpose other than providing the requested service.
  • The right to non-discrimination for exercising any of these rights.

To exercise these rights, email privacy@rentguard.nyc. We will respond within 45 days; we may extend by an additional 45 days where reasonably necessary.

9.3 New York residents

The NY SHIELD Act governs our security obligations to New York residents. We extend the access, correction, deletion, and export rights described in Section 9.1 to all New York users on an operational basis.

9.4 EU/UK / GDPR

We do not market RentGuard NYC to users outside the United States. The product is NYC-specific. Where a user from the EU/UK reaches the site:

  • We rely on (a) consent for non-essential cookies and (b) legitimate interest or contract performance for service-related processing as the lawful basis under Article 6(1) of the GDPR.
  • We extend the access, correction, deletion, and export rights described in Section 9.1.
  • We do not transfer EU/UK personal data to third countries beyond what is necessary to provide the service to a user who has affirmatively used our US-hosted service.
  • We are not currently registered with an EU supervisory authority and do not have an EU representative.

9.5 How to exercise your rights

Email privacy@rentguard.nyc with the request and the email address associated with your account. We may ask for additional information to verify your identity. We do not charge for these requests except where they are manifestly unfounded or excessive.

10. International Data Transfers

We are based in the United States and we host data in the United States. If you access RentGuard NYC from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

11. Children's Privacy

RentGuard NYC is not directed at children and we do not knowingly collect personal information from children under 18. If we learn we have collected personal information from a child under 18, we will delete it. If you are a parent or guardian and believe your child has provided us with personal information, please contact privacy@rentguard.nyc.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with a new "Last updated" date. If we make material changes, we will notify you by email or by a prominent notice on the site before the changes take effect.

13. Contact

Questions or requests about this Privacy Policy:

RentGuard NYC LLC [INSERT MAILING ADDRESS BEFORE PUBLISH] Email: privacy@rentguard.nyc

End of Privacy Policy.

RentGuard is not a law firm and does not provide legal advice. Building reports are generated from public NYC datasets and AI summarization. Records may be incomplete or out of date. Always verify information with primary sources. RentGuard is not responsible for decisions made based on this information.