1. Overview
This Privacy Policy explains how RentaKoto ("we", "our", "us") collects, uses, shares, and protects your personal information when you use the RentaKoto platform, including our website, mobile-optimized web app, and related services (collectively, the "Platform").
By creating an account or using the Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform.
2. Who We Are
RentaKoto is a property rental marketplace that connects Renters, Landlords, and Service Providers. We operate as an intermediary platform and are the data controller of the personal information you provide to us.
Contact: privacy@rentakoto.com
3. Information We Collect
We collect the following categories of personal information:
3.1 Account & Identity Data
- Name, email address, and password (for credential accounts), or OAuth identity token (for Google Sign-In accounts).
- Profile photo, phone number, address, date of birth, and nationality (collected during profile setup or KYC verification).
- User role (Renter, Landlord, or Service Provider) and role-approval status.
3.2 Identity Verification (KYC) Data
- Government-issued identification documents (e.g., passport, national ID, driver's license) and any supporting photos or biometric images required by the verification process.
- KYC documents are processed via our third-party identity verification partner, InnovatorX (Profile Check service). Documents are transmitted securely to InnovatorX and retained by us in encrypted storage only as long as required for compliance and dispute resolution.
- For Landlords and Service Providers, we also collect business registration documents, business name, and business address.
3.3 Property & Service Listing Data
- Property details: address, property type, amenities, pricing, photos, and geolocation coordinates.
- Service provider listings: service type, coverage area, pricing, and portfolio photos.
3.4 Booking, Contract & Payment Data
- Rental applications, viewing schedule requests, and lease/contract details.
- Digital signatures applied to rental agreements within the Platform.
- Payment records, including rent amounts, processing fees, payment schedules, transaction IDs, and payment status.
- Saved payment methods: card type, last 4 digits, expiry, and cardholder name. Full card numbers are never stored on our servers — card tokenization is handled by Stripe (for international payments) and Xendit (via NovusX payment gateway, for local Philippine payment methods).
3.5 Communications & Support Data
- Messages exchanged between users on the in-platform messaging system.
- Support ticket content and attachments submitted through the help center.
- Dispute submissions and supporting evidence (photos, descriptions) filed through the disputes system.
- Maintenance request descriptions, photos, and job review ratings.
3.6 Usage & Technical Data
- IP address, browser type, device type, operating system, and referring URL.
- Pages visited, features used, search queries, and interaction logs.
- Session authentication tokens and role cookies.
- AI search query text submitted to our AI-powered property search feature (powered by OpenAI).
3.7 Referral Data
- Referral codes generated or used by you, and records of referral relationships (e.g., team lead structures).
3.8 Push Notification Data
- Browser push subscription endpoints and VAPID keys used to deliver push notifications to your device. You may revoke push notification permission in your browser settings at any time.
4. How We Use Your Information
- Account management: Creating, maintaining, and securing your account.
- Platform operation: Enabling property browsing, listing, applications, bookings, digital contract signing, and rent payment processing.
- Identity verification: Processing KYC documents to verify Renter, Landlord, and Service Provider identities before granting full platform access.
- Payments: Processing rent payments and subscription fees through Stripe and Xendit (NovusX), including applying the applicable payment processing fee.
- Subscriptions: Managing your subscription plan (Renter, Landlord, or Service Provider) and enforcing plan-based feature quotas (e.g., AI search usage limits).
- Messaging: Facilitating real-time and asynchronous messages between Renters, Landlords, and Service Providers.
- AI-powered search: Sending your natural-language search queries to OpenAI to generate structured property search results. Queries may be used by OpenAI subject to their data usage policies.
- Address autocomplete: Sending location search queries to Google Places API to provide address suggestions. This is governed by Google's Privacy Policy.
- Support & dispute resolution: Responding to support tickets, mediating disputes, and processing maintenance requests.
- Referral program: Tracking referrals, calculating referral fees, and managing team lead relationships.
- Notifications: Sending transactional emails (via Resend) and browser push notifications about bookings, payments, messages, and platform updates.
- Platform improvement: Analyzing usage patterns to improve features, security, and performance.
- Legal compliance: Retaining records as required by applicable law and responding to lawful government requests.
5. Third-Party Services We Use
We share data with the following third-party service providers who process data on our behalf:
| Provider |
Purpose |
Data Shared |
| Google (OAuth) |
Sign-in authentication |
Name, email, profile photo from your Google account |
| Google Maps / Places API |
Address autocomplete and property geolocation |
Location search text; IP address (sent by browser) |
| Stripe |
Payment card tokenization and subscription billing |
Card details (tokenized), billing amount, customer ID |
| Xendit / NovusX |
Local Philippine payment processing (GCash, Maya, bank transfers) |
Payment amount, transaction reference, payer information |
| OpenAI |
AI-powered property search |
Natural-language search queries |
| InnovatorX (Profile Check) |
KYC / identity document verification |
Government ID photos, selfie/biometric images |
| Resend |
Transactional email delivery |
Email address, message content |
| Amazon S3 (or compatible) |
File and photo storage (property images, documents, avatars) |
Uploaded files and metadata |
| Railway / hosting provider |
Cloud infrastructure and deployment |
Application data and logs |
Each provider is bound by their own privacy policies and, where applicable, data processing agreements with us.
6. Sharing & Disclosure
- Between users: Profile information (name, photo, role, rating) is visible to other users as required by platform functionality (e.g., a Landlord seeing an applicant's name, a Renter seeing a Landlord's business name).
- Payment processors: Payment data is shared with Stripe and Xendit/NovusX solely for processing transactions.
- Referral relationships: Team leads can see limited information about referred users (e.g., referral status) as part of the referral program.
- Legal requirements: We may disclose personal information if required by law, court order, or government authority, or to protect the rights, safety, and property of RentaKoto, its users, or the public.
- Business transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred to the acquiring entity, subject to the same privacy protections.
- We do not sell your personal information to third parties.
7. Data Retention
- Account data is retained for as long as your account is active.
- KYC documents are retained for the period required by applicable law and for dispute resolution purposes.
- Payment records are retained for a minimum of 7 years for financial and tax compliance.
- Messages and contract records are retained for as long as the associated tenancy or service relationship is active, and for a reasonable period thereafter for dispute resolution.
- You may request deletion of your account and associated data by contacting us at privacy@rentakoto.com. Some data may be retained even after deletion where required by law or for legitimate business purposes (e.g., financial records).
8. Security
- All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
- Passwords are hashed and never stored in plain text.
- Payment card details are never stored on our servers — they are tokenized by Stripe or Xendit before being transmitted to us.
- Uploaded files are stored in encrypted S3-compatible storage with access controlled by signed URLs.
- We implement role-based access controls to limit internal access to your data.
- No security measure is 100% foolproof. In the event of a data breach that affects your rights, we will notify you as required by applicable law.
9. Your Rights
- Access: You may request a copy of the personal information we hold about you.
- Correction: You may update your profile information directly through the Platform settings, or contact us for corrections you cannot make yourself.
- Deletion: You may request deletion of your account and data, subject to retention obligations described above.
- Opt-out of notifications: You may manage push notification preferences in your browser and notification preferences within the Platform settings.
- Data portability: Where applicable under law, you may request a portable copy of your data.
To exercise any of these rights, contact us at privacy@rentakoto.com. We will respond within a reasonable timeframe.
10. Children's Privacy
The Platform is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will delete it.
11. International Data Transfers
RentaKoto operates globally and may transfer your data to servers located outside your country of residence (e.g., for cloud hosting, payment processing, or AI services). By using the Platform, you consent to such transfers. We take reasonable steps to ensure that international data transfers comply with applicable data protection laws.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you through the Platform (e.g., via the Terms acceptance screen) and update the "Effective Date" above. Continued use of the Platform after changes take effect constitutes your acceptance of the updated Policy.
13. Contact
If you have questions or concerns about this Privacy Policy or our data practices, please contact us: