RentMy
Legal

Privacy Policy

How Renterval LLC (operating as RentMy) collects, uses, and protects your information — written to be readable, designed to be comprehensive.

Renterval LLC (operating as RentMy)Last updated

Designed to satisfy

  • GDPR
  • UK-GDPR
  • CCPA / CPRA
  • Google API Limited Use
  • PCI-DSS

1. Introduction

RentMy is a software-as-a-service rental management platform. We build tools that help equipment, event, vehicle, and eCommerce rental businesses ("Customers") accept bookings, manage inventory, take payments, and grow. This policy applies to:

  • Visitors to rentmy.co and any RentMy-operated subdomain.
  • Account holders and invited team members of any RentMy Customer.
  • End-customers who book a rental on a website powered by RentMy ("Renters") — though the Customer (the merchant) is the data controller for Renter data; RentMy acts as a data processor.

If you have a question about this policy, contact us at [email protected].

2. Information we collect

We collect information you give us directly, information collected automatically when you use our services, and information from third parties you connect to RentMy.

Information you provide to us

  • Account information — name, email address, password, telephone number, company name, and billing address.
  • Profile and content — anything you enter into RentMy: products, inventory, customers, orders, waivers, signatures, photos, attachments, support tickets, and chat transcripts.
  • Payment information — card number, expiration, CVC, and billing details, processed and stored by our PCI-DSS Level 1 payment processors (see §6). We never store full card numbers on RentMy servers.
  • Identification documents — only when required by integrated services (e.g. Stripe Connect identity verification). RentMy does not retain these directly.
  • Communications — emails, calls, chat messages, demo-request forms, and survey responses.

Information we collect automatically

  • Device & technical data — IP address, browser type and version, operating system, device identifiers, screen size, time zone, and language.
  • Usage data — pages viewed, features used, referring URL, click and scroll behavior, search queries inside the app, and session timestamps.
  • Log data — server-side request logs, error stack traces, performance metrics, and security events.
  • Cookies & similar technologies — see §7 for the full list of vendors and purposes.

Information from third parties

  • Authentication providers — when you sign in with Google, Microsoft, or Apple, we receive your name, email, and profile photo.
  • Calendar providers — when you connect Google Calendar (see §5), we receive event metadata only for the events RentMy created or that you explicitly share.
  • Payment processors — Stripe, Square, PayPal, and Braintree send us tokenized references, the last four digits of cards, payment status, and dispute information.
  • Storefront integrations — Shopify, WooCommerce, WordPress, and Squarespace send order data scoped to RentMy-managed products.
  • Marketing & advertising partners — Google Ads, Meta, LinkedIn, and Bing may share aggregated conversion and audience data.

3. How we use your information

  • Provide the service — create and authenticate accounts, sync inventory, accept bookings, process payments, route deliveries, generate reports.
  • Customer support — answer your questions, troubleshoot, train, and improve our help content.
  • Billing & account management — invoice you, collect subscription fees, calculate taxes, prevent fraud, manage refunds and disputes.
  • Product improvement — analyze usage to fix bugs, prioritize features, and improve performance and reliability.
  • Marketing — send product updates, newsletters, and event invitations to customers (you can opt out at any time). We do not sell your data.
  • Security & compliance — detect abuse, enforce terms of service, comply with legal obligations, respond to lawful requests.

We do not use your business content (the products, customers, and orders you store in RentMy) to train machine-learning models, sell to third parties, or for advertising.

5. Google user data & APIs

RentMy's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google Sign-In (OAuth)

When you sign in with Google we receive your email address and basic profile fields (name, profile photo) solely for authentication purposes. We do not use this data for advertising, sell it, or share it with third parties for any purpose other than maintaining your login.

Google Calendar

If you connect Google Calendar, RentMy requests the minimum scopes required to:

  • Create, read, update, and delete events that RentMy itself created on your calendar.
  • Reflect your busy/free status when scheduling rental pickups, returns, and deliveries.

RentMy does not read events created by other applications, does not use Google Calendar data to train AI/ML models, and does not share Google Calendar data with any third party except as required to provide the service you've requested. You can disconnect Google Calendar at any time from RentMy's Integrations settings or from your Google Account permissions.

Retention & deletion of Google user data

Google user data (authentication tokens, calendar events RentMy has cached) is retained only while your account is active and the relevant integration is connected. When you disconnect the integration or delete your account, we delete this data within 30 days, except where retention is required by law (e.g. for billing or anti-fraud records).

Other Google services

RentMy uses Google Tag Manager, Google Analytics 4, Google Ads, and Google AdSense on its marketing site. See §7 for the cookie and processor disclosure for each.

6. Payment information

RentMy is a payment-pass-through platform. We never store your full card number, CVC, or bank-account number on RentMy servers. All cardholder data is collected, tokenized, and stored by PCI-DSS Level 1 certified processors. The processor depends on which integration you've connected:

ProcessorUsed forPrivacy policy
StripeCard payments, ACH, in-person terminals (S700), Stripe Connect identity verificationstripe.com/privacy
SquareCard payments, in-person terminals, gift cardssquareup.com/legal/privacy
PayPalOnline payments, PayPal Checkoutpaypal.com/legalhub/privacy-full
Braintree (a PayPal service)Card payments, hosted fieldsbraintreepayments.com/legal

RentMy receives only the information necessary to reconcile a payment to an order: tokenized payment-method reference, last four digits of the card, brand (Visa/MC/etc.), expiration month/year, transaction status, refund and chargeback metadata, and (where available) AVS/CVC verification results.

For subscription billing of your RentMy plan itself, your card data is processed by Stripe under the Stripe Connected Account Agreement. RentMy is named as the merchant of record for subscription invoices.

7. Cookies & tracking technologies

We use cookies, web beacons, local storage, and similar technologies. Where required by law (EEA, UK, Switzerland, California, Brazil), we ask for consent before setting non-essential cookies via our cookie banner.

Categories

  • Strictly necessary — authentication, load balancing, CSRF protection, fraud prevention. Cannot be disabled.
  • Functional — remember your preferences (currency, language, recently viewed, in-product chat state).
  • Analytical — measure how the site and product are used so we can improve them.
  • Marketing & advertising — measure ad-campaign effectiveness and personalize ads.

Vendors

VendorCategoryPurpose
Google Tag ManagerStrictly necessaryLoads tags conditionally based on consent
Google Analytics 4AnalyticalAggregated traffic and engagement metrics; IP anonymization enabled
Google AdsMarketingConversion measurement and remarketing
Google AdSenseMarketingWhere we run AdSense placements; interest-based ads (you can opt out at google.com/settings/ads)
Meta PixelMarketingFacebook / Instagram conversion measurement and audiences
LinkedIn Insight TagMarketingLinkedIn conversion measurement and audiences
Microsoft Bing UETMarketingBing / Microsoft Ads conversion measurement
Hotjar / session-replay (if enabled)AnalyticalHeatmaps and session replays of marketing pages, with PII masked
Tawk.to / Intercom (if enabled)FunctionalIn-page live chat support
HubSpotMarketing & analyticalCRM, demo-request forms, marketing email

You can manage non-essential cookies at any time via the "Cookie preferences" link in our footer, your browser settings, or industry opt-out tools such as the DAA opt-out and the EDAA opt-out.

8. Sharing your information

We share information only with the categories of recipients listed below, and only to the extent necessary for each purpose.

  • Service providers (sub-processors) — cloud infrastructure (AWS, Google Cloud), email delivery (Postmark, SendGrid), customer support tools (HubSpot, Intercom), error monitoring (Sentry), and analytics. A current list is available on request.
  • Payment processors — see §6.
  • Integration partners — only the data scoped to the integration you connect (Google Calendar, Shopify, WooCommerce, QuickBooks, Zapier, etc.).
  • Professional advisors — auditors, lawyers, and accountants under confidentiality.
  • Authorities — when required to comply with a valid legal request, court order, or to protect our rights or the safety of others.
  • Business transfers — if RentMy is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction; we'll notify you and any new owner will be bound by this policy.

RentMy does not sell your personal information for monetary value. Some advertising cookies (Meta Pixel, LinkedIn Insight Tag) may constitute "sharing" under the CCPA/CPRA — California residents can opt out via §9.

9. Your privacy rights

Everyone

  • Access a copy of the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your account and personal information (subject to legal retention).
  • Opt out of marketing emails via the unsubscribe link in any message.
  • Disconnect any third-party integration from RentMy's Integrations settings.

EEA, UK, and Switzerland (GDPR / UK-GDPR)

  • Right of access.
  • Right of rectification.
  • Right of erasure ("right to be forgotten").
  • Right to restrict processing.
  • Right to data portability.
  • Right to object to processing based on legitimate interests.
  • Right to withdraw consent.
  • Right to lodge a complaint with your local supervisory authority — for example, the UK ICO or your national EU DPA.

California (CCPA / CPRA)

  • Right to know what personal information we have collected, used, disclosed, and shared.
  • Right to delete personal information.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing of personal information.
  • Right to limit use and disclosure of sensitive personal information.
  • Right to non-discrimination for exercising any of the above.
  • You may designate an authorized agent to exercise these rights on your behalf.

Submit a "Do Not Sell or Share My Personal Information" request by emailing [email protected] with the subject line "CCPA Opt-Out". We respond to verifiable requests within 45 days.

Other US states

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), and other states with comprehensive privacy laws have similar rights. Contact us at [email protected] to exercise them.

10. Data retention

We retain personal information only as long as necessary for the purposes set out in this policy, unless a longer period is required or permitted by law. Typical retention periods:

Data typeRetention
Account profile & settingsLifetime of the account; deleted within 30 days of account closure
Customer-entered business data (products, orders, customers)Lifetime of the account; exportable on request prior to closure
Billing & tax records7 years (legal requirement)
Support tickets & communications3 years
Marketing email opt-out preferencesIndefinitely (so we don't email you again)
Server & security logs90 days (longer if needed for an incident)
Cookies & analytics identifiersPer vendor; typically 14–26 months for GA4, shorter for marketing cookies
Google user data (OAuth tokens, calendar cache)30 days after disconnection or account deletion

11. International data transfers

RentMy is headquartered in the United States. When we transfer personal data from the EEA, UK, or Switzerland to the US or other countries, we rely on one or more of the following safeguards:

  • The European Commission's Standard Contractual Clauses (2021) and the UK International Data Transfer Addendum, executed with each sub-processor that requires them.
  • The EU-US Data Privacy Framework (and UK extension) where the recipient is certified.
  • Adequacy decisions, where applicable.

You can request a copy of our SCCs by emailing [email protected].

12. Data security

We use technical and organizational measures appropriate to the risk, including encryption in transit (TLS 1.2+) and at rest (AES-256), least-privilege access controls, multi-factor authentication for staff, code review and dependency scanning, regular penetration testing, and continuous monitoring. No system is perfectly secure — if you believe your account has been compromised, contact us immediately at [email protected].

13. Children's privacy

RentMy is a B2B platform not intended for children. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA). If we become aware that we've collected data from a child below the applicable age, we will delete it promptly. Parents and guardians who believe their child has provided us with personal information may contact us at [email protected].

14. Automated decision-making

RentMy does not make decisions producing legal or similarly significant effects about you based solely on automated processing. Some platform features (e.g. fraud-risk scoring on payments) involve automated processing, but a human reviews any decision that materially affects you (such as suspending an account or denying a payout). You can request a human review of any automated decision by emailing [email protected].

15. Changes to this policy

We may update this policy from time to time. When we do, we'll change the "Last updated" date at the top and, for material changes, notify you by email or in the application before the changes take effect. Your continued use of the service after the effective date constitutes acceptance of the updated policy.

16. Contact us

For privacy questions, requests, or to exercise any of the rights described above:

  • Email: [email protected]
  • Phone: + (408) 728-8556
  • Mailing address: Renterval LLC, Privacy Office, San Jose, California, USA

Thanks for trusting RentMy with your data — we take that responsibility seriously.