Privacy Policy
How we collect, use, and protect your personal data
Privacy Policy
Last Updated: May 14, 2026 | Effective Date: May 14, 2026 | Version: 2.2
📋 CHANGES IN VERSION 2.2
- Added explicit "We do not sell your data" commitment (preamble + Section 6.5)
- Expanded Section 5.3 with AI training masking measures and opt-out
- Updated CCPA table (Section 11) to reflect that we do not sell or share personal information for targeted advertising
- See the standalone AI Usage and Data Commitment page for the full AI policy
📋 CHANGES IN VERSION 2.1
- Added Section 10.4 (Canadian Residents - PIPEDA rights)
- Added Section 10.5 (Australian Residents - Privacy Act 1988 rights)
- Added protection product data to Section 4.1
OUR COMMITMENT — WE DO NOT SELL YOUR DATA
RentalTide does not sell, rent, or trade your personal information to third parties for their own commercial purposes, and we never will. We do not share your data with advertisers, marketers, or data brokers. If our business model ever changes, this policy will be updated in advance and you will be notified directly. See Section 6.5 for the full commitment.
PRIVACY NOTICE
This Privacy Policy describes how RentalTide Inc. and its affiliates ("RentalTide," "we," "us," or "our") collect, use, share, and protect your personal information. By using our Services, you agree to the collection and use of information in accordance with this policy.
1. Introduction
RentalTide Inc. ("RentalTide," "we," "us," or "our"), a corporation incorporated in Delaware, United States, with additional registration in Canada, operates a SaaS booking and point-of-sale platform for asset rental businesses. Our corporate offices are located at 110 Didsbury Road, Ottawa, Ontario, K2J 4T4, Canada, and 1111B S Governors Ave STE 48363, Dover, DE 19904, United States.
This Privacy Policy applies to all personal information collected through our website (www.rentaltide.com), our application (app.rentaltide.com), mobile applications, APIs, and all related services (collectively, the "Services").
2. Scope and Application
This Policy applies to:
- Visitors to our website
- Rental operators using our platform ("Operators")
- Customers making bookings ("Renters")
- Business partners and their representatives
- Any individual whose personal information we process
Important Distinction: When Operators process their customers' data through our platform, they act as independent data controllers. Operators are responsible for their own privacy compliance and must publish their own privacy policies.
3. Data Controller
RentalTide Inc. is the data controller for personal information processed under this Privacy Policy. For questions about data processing, contact our Data Protection Officer at privacy@rentaltide.com
4. Information We Collect
4.1 Information You Provide
- Account Information: Name, email, phone number, business name, address
- Verification Data: Government ID, business registration, tax information, licenses
- Financial Information: Bank account details, credit card information, billing address, tax ID
- Booking Data: Reservation details, rental history, customer preferences
- Protection Product Data: Optional protection selections, waiver acknowledgments, claim information
- Communications: Support tickets, emails, chat messages, phone recordings
- User Content: Photos, reviews, feedback, waiver signatures
4.2 Information We Collect Automatically
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Pages visited, features used, click paths, session duration
- Location Data: GPS coordinates (mobile), IP-based location
- Cookie Data: See our Cookie Policy for details
- Log Data: Server logs, error reports, performance metrics
4.3 Information from Third Parties
- Payment Processors: Transaction details from Stripe
- Identity Verification: ID verification results from Stripe Identity
- Authentication Providers: Login information from Auth0
- Business Information: Public records, credit bureaus, sanctions lists
- Marketing Partners: Lead information, referral data
5. How We Use Your Information
5.1 Service Provision (Contractual Necessity)
- Process bookings and payments
- Manage operator accounts and dashboards
- Provide customer support
- Execute rental agreements and waivers
- Enable communication between operators and renters
5.2 Legal Compliance
- Anti-money laundering (AML) and Know Your Customer (KYC) checks
- Tax reporting and withholding
- Responding to legal requests and court orders
- Enforcing our terms and policies
- Protecting against fraud and illegal activities
5.3 Legitimate Business Interests
- Improving our Services through analytics
- Developing new features and products
- Sending service-related communications
- Preventing fraud and ensuring security
- Training our internal AI and machine learning models (see Section 5.3.1)
- Business transfers and corporate transactions
5.3.1 AI and Machine Learning Training
We use limited, masked data to train and evaluate our own internal AI features (docs chatbot, pricing recommendations, fraud detection, support routing, and similar). When we do so:
- Personally identifiable information is removed or redacted before data reaches any training pipeline. This includes names, email addresses, phone numbers, physical addresses, payment card numbers, bank account details, waiver signatures, government identifiers, and IP/device identifiers.
- Free-text fields (notes, messages, support transcripts) are reviewed and redacted of identifying detail before use.
- Financial figures are used in aggregate or scaled form and are never tied back to a specific customer.
- We use the minimum data needed to accomplish a specific improvement. We do not perform bulk training dumps.
- Your data is never sold, licensed, or shared with third-party AI providers for them to train their own models. When we use foundation-model APIs to power product features, we do so under enterprise agreements that prohibit those providers from using your data to train their own models.
Opt-out: You can opt your business out of internal AI training at any time by emailing privacy@rentaltide.com with the subject "AI training opt-out." We will exclude your data from all future training and evaluation runs within thirty (30) days and confirm in writing. Opting out has no effect on the quality of service you receive.
For the full policy see AI Usage and Data Commitment.
5.4 With Your Consent
- Marketing communications and newsletters
- Promotional offers and campaigns
- Participation in surveys and research
- Personalized advertising
6. How We Share Information
We may share your information with:
6.1 Service Providers:
- Stripe (payment processing, identity verification)
- Auth0 (authentication)
- AWS (cloud hosting)
- Intercom (customer support)
- Google Analytics (analytics)
- SendGrid (email delivery)
6.2 Business Partners:
- Operators (for bookings on their assets)
- Integration partners (with your consent)
- Insurance providers (for coverage claims)
- Marketing affiliates (referral programs)
6.3 Legal and Compliance:
- Law enforcement agencies
- Courts and tribunals
- Tax authorities
- Regulatory bodies
- Legal advisors
6.4 Corporate Transactions:
In case of merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. In such an event, this Privacy Policy will continue to govern the use of that information, or you will be notified of any new policy that materially differs.
6.5 What we will never do — No sale of personal information
We do not sell, rent, lease, or trade your personal information to third parties for their own commercial purposes, and we never will.
Specifically, we do not:
- Sell customer lists, booking histories, payment data, or any other personal information to data brokers, marketers, or advertisers.
- Share your data with third parties for targeted advertising or behavioural profiling.
- Allow third parties to use your data to train their own AI or machine-learning models.
- Receive any compensation from third parties in exchange for access to your personal information.
This commitment is in addition to — and stronger than — the minimum required by CCPA/CPRA, GDPR, and other applicable privacy laws. If our business model ever changes, we will update this Policy at least thirty (30) days before any change takes effect and notify you directly by email.
7. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including Canada, the United States, and other countries where our service providers operate.
We ensure appropriate safeguards through:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions where applicable
- Binding Corporate Rules for intra-group transfers
- Your explicit consent where required
8. Data Security
We implement industry-standard security measures including:
- 256-bit SSL/TLS encryption for data in transit
- AES-256 encryption for data at rest
- PCI DSS compliance for payment data
- Regular security audits and penetration testing
- Access controls and authentication requirements
- Employee training and confidentiality agreements
Security Disclaimer: No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You use our Services at your own risk.
9. Data Retention
We retain personal information for as long as necessary to:
- Provide our Services
- Comply with legal obligations (typically 7 years for financial records)
- Resolve disputes and enforce agreements
- Maintain security and prevent fraud
Specific retention periods:
- Account data: Duration of account plus 2 years
- Transaction records: 7 years
- Marketing data: Until consent withdrawn
- Cookie data: See Cookie Policy
- Support communications: 3 years
10. Your Privacy Rights
10.1 Rights for All Users
- Access your personal information
- Correct inaccurate data
- Delete your account and data (subject to legal requirements)
- Opt-out of marketing communications
- Request information about our data practices
10.2 Additional Rights for EEA/UK Residents (GDPR)
- Data portability (receive your data in a structured format)
- Restrict processing of your data
- Object to processing based on legitimate interests
- Withdraw consent at any time
- Lodge a complaint with supervisory authorities
10.3 Additional Rights for California Residents (CCPA/CPRA)
- Know what personal information we collect and how it's used
- Request deletion of personal information
- Opt-out of "sale" or "sharing" of personal information
- Non-discrimination for exercising rights
- Correct inaccurate personal information
- Limit use of sensitive personal information
10.4 Additional Rights for Canadian Residents (PIPEDA)
- Access your personal information held by us
- Challenge the accuracy and completeness of your data
- Withdraw consent (subject to legal or contractual restrictions)
- File a complaint with the Office of the Privacy Commissioner of Canada
10.5 Additional Rights for Australian Residents (Privacy Act 1988)
- Access your personal information
- Request correction of inaccurate data
- Complain about privacy breaches to the Office of the Australian Information Commissioner (OAIC)
- Opt-out of direct marketing at any time
- Request information about overseas disclosure of your data
11. California Privacy Rights (CCPA/CPRA)
This section applies only to California residents. We have collected the following categories of personal information in the last 12 months:
| Category | Examples | Sold | Shared for targeted advertising |
|---|---|---|---|
| Identifiers | Name, email, phone, IP address | No | No |
| Commercial Information | Booking history, preferences | No | No |
| Financial Information | Payment methods, billing address | No | No |
| Internet Activity | Browsing history, search queries | No | No |
| Geolocation | Coarse location from IP | No | No |
| Inferences | Preferences, characteristics | No | No |
Do Not Sell or Share My Personal Information
RentalTide does not sell or share your personal information for cross-context behavioural advertising. Because we do not sell or share personal information, there is nothing to opt out of — the commitment is the default.
If you have any concern that we may have sold or shared your information contrary to this commitment, please email privacy@rentaltide.com and we will investigate within thirty (30) days.
12. Children's Privacy
Our Services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will promptly delete such information.
13. Contact Us
For privacy-related inquiries:
Data Protection Officer:
Email: privacy@rentaltide.com
General Privacy Inquiries:
Email: legal@rentaltide.com
Mailing Addresses:
Canada: RentalTide Inc. Attn: Privacy Department 110 Didsbury Road Ottawa, Ontario K2J 4T4 Canada
United States: RentalTide Inc. Attn: Privacy Department 1111B S Governors Ave STE 48363 Dover, DE 19904 United States
Phone: 888-709-2650
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending email notification for material changes
- Obtaining consent where required by law