RentDash
ENSKCSDE

Privacy Policy

Last updated: 2026-04-11

⚠️ This document is a working draft.

1. Data Controller

The data controller responsible for processing your personal data under this Privacy Policy is:

Kristián Partl — Krpasoft
Príkladná ulica 123
851 01 Bratislava
Slovensko
info@rentdash.example

2. Personal data we collect

  • Account data — email address, name, password hash, provided by you at registration.
  • Session data — a session identifier stored in an HttpOnly cookie, used to keep you signed in.
  • Language preference — stored in a cookie so the app loads in your chosen language.
  • Application data — properties, tenants, leases, financial records, and documents you enter into the service.
  • Technical data — IP address and user-agent string, logged by Cloudflare for security purposes.

We do not use analytics trackers, advertising cookies, or third-party tracking of any kind.

3. Purposes and legal basis of processing

  • Providing the service (Art. 6(1)(b) GDPR — performance of a contract): authentication, account management, application functionality.
  • Security and fraud prevention (Art. 6(1)(f) GDPR — legitimate interest): rate limiting, audit logging, anomaly detection.
  • Legal compliance (Art. 6(1)(c) GDPR): retention of billing and tax records where required by law.

4. Data retention

Account data is retained while your account is active and deleted within 30 days of account closure, unless longer retention is required by law (for example accounting records). Application data you enter is retained for as long as your account exists and exported to you on request before deletion.

5. Recipients and processors

We use a minimal set of infrastructure providers that act as processors on our behalf:

  • Cloudflare, Inc. — hosting, CDN, database (D1), object storage (R2). EU data residency.
  • Stripe, Inc. (future, Phase 6) — payment processing for paid plans, including Stripe Tax for EU VAT compliance.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

6. Your rights under GDPR

Under the General Data Protection Regulation you have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Correct inaccurate data (Art. 16).
  • Request erasure of your data (Art. 17).
  • Restrict processing (Art. 18).
  • Export your data in a portable format (Art. 20).
  • Object to processing based on legitimate interest (Art. 21).
  • Withdraw consent where processing is based on consent (Art. 7(3)).

To exercise any of these rights, contact us at info@rentdash.example. We will respond within 30 days.

7. Right to lodge a complaint

You have the right to lodge a complaint with the competent supervisory authority:

Úrad na ochranu osobných údajov Slovenskej republiky
https://dataprotection.gov.sk/

8. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via email to registered users at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.