DRAFT — not legal advice and not yet reviewed by counsel. This document is a working draft and must be reviewed by a licensed attorney before it is relied upon.
BACK TO TERMINAL
PILOT // PRIVACY

Privacy
Policy

Pilot OS by Rentwith Pilot LLC, a subsidiary of Astrae Holdings LLC · Effective Date: June 27, 2026 · Last Updated: June 27, 2026

Rentwith Pilot LLC ("Pilot," "we," "us," or "our"), a subsidiary of Astrae Holdings LLC, operates the Pilot OS platform, accessible at rentwithpilot.com (the "Service"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

01. Information We Collect

1.1 Information You Provide Directly

We collect information you voluntarily provide when you register for an account, use the Service, or contact us. This includes:

  • Account registration data: name, email address, phone number, and password
  • Business or landlord profile information: company name, property addresses, business type
  • Financial information: bank account details for payouts via Stripe Connect, billing information for subscription payments
  • Property and tenant data: lease agreements, rent amounts, maintenance records, tenant contact information, and communications you upload or generate within the platform
  • Communications: messages, emails, or support tickets you send to us

1.2 Information Collected Automatically

When you access the Service, we automatically collect certain information, including:

  • Log data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps
  • Device information: hardware model, unique device identifiers, and mobile network information
  • Usage data: features accessed, actions taken, session duration, and click patterns
  • Cookies and tracking technologies: as described in Section 5 below

1.3 Information from Third Parties

We may receive information about you from third-party services integrated with the platform, including:

  • Stripe: payment processing, identity verification, and 1099-K tax reporting data
  • Identity verification providers: government-issued ID data if you undergo verification
  • TransUnion SmartMove: tenant screening status and report results (see Section 08); applicant Social Security numbers are entered directly with TransUnion and are not received or stored by Pilot
  • Analytics providers: aggregated behavioral data to improve platform performance

02. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process transactions and send related notices (receipts, rent confirmations, lease renewals)
  • Communicate with you about your account, updates, and support requests
  • Send transactional emails and, where permitted, marketing communications (you may opt out at any time)
  • Comply with legal obligations, including tax reporting requirements under IRS regulations and applicable state law
  • Detect, prevent, and investigate fraud, abuse, or security incidents
  • Improve the platform through analytics, A/B testing, and user research
  • Enforce our Terms of Service and other agreements
  • Personalize your experience and surface relevant features
  • Measure and attribute the performance of our marketing and advertising, including conversion tracking with advertising partners (see Section 3.6), where you have consented
  • Build internal customer segments and personas from your account and usage data to understand who benefits most from Pilot and to improve, prioritize, and market the Service (see "Profiling and Customer Insights" below)

Profiling and Customer Insights

We analyze account attributes (such as role, plan, and portfolio size) together with how you use the Service to group users into internal segments or "personas." We use these insights to improve the product, prioritize features, measure marketing effectiveness, and reach similar prospective customers. This profiling is used for product and marketing analytics only — it does not produce legal or similarly significant decisions about you, and it is never used to make rental, credit, or housing decisions. Where required by law, this analysis relies on your consent or our legitimate interests, and you may object as described in Section 10.

03. How We Share Your Information

We do not sell your personal information for money.

With your consent, we do "share" certain online identifiers with advertising partners for cross-context behavioral advertising as described in Section 3.6, which some U.S. state laws (such as California's) treat as a form of sharing. You can opt out at any time (see Section 10). Otherwise, we share your data only in the following circumstances:

3.1 Service Providers

We share information with trusted third-party vendors (sub-processors) who assist us in operating the Service, including payment processing (Stripe), cloud infrastructure and database (Supabase, Vercel), file storage and content delivery (BunnyCDN), rate limiting and caching (Upstash Redis), AI processing (OpenRouter), tenant screening (TransUnion SmartMove), email delivery (Resend), analytics providers, and customer support tools. These providers are contractually bound to use your data only to perform services on our behalf.

3.2 Landlord-Tenant Data Sharing

If you are a landlord using the platform, certain information you enter (including tenant contact data, lease terms, and payment records) is accessible to the relevant tenant users on that property within the platform. By uploading tenant information, you represent that you have appropriate authorization to do so.

3.3 Legal Compliance and Protection

We may disclose your information if required to do so by law, subpoena, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.4 Business Transfers

In the event of a merger, acquisition, financing, or sale of all or substantially all of our assets, your information may be transferred to the successor entity. We will notify you of any such change via email or prominent notice on the Service.

3.5 Aggregated and De-identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you for research, analytics, or industry benchmarking purposes.

3.6 Advertising and Measurement Partners

Only after you accept analytics/advertising cookies, we use advertising and measurement technologies from Google (Google Analytics & Google Ads), Meta (Facebook/Instagram), TikTok, and LinkedIn to understand how our marketing performs and to reach prospective customers. Through these technologies — including browser pixels and server-side "conversions" APIs (for example, the Meta Conversions API and the Google Analytics Measurement Protocol) — we may transmit online identifiers and event data such as a hashed (pseudonymized) email address, IP address, device/browser information, advertising cookie IDs, and the marketing actions you took (for example, signing up or subscribing).

We do not receive money for this, and we do not share your property, tenant, payment, or screening data with advertising partners. Under certain U.S. state privacy laws this activity is considered "sharing" for cross-context behavioral advertising (and, in some states, "targeted advertising" or "profiling"). You can decline or withdraw consent at any time using our cookie banner / cookie manager; when you do, both the browser pixels and the server-side conversions described above stop. See Section 10 for your opt-out rights, and Section 5 for cookie details.

04. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data is retained for the life of your account and up to 7 years after account closure for tax, legal, and audit purposes
  • Financial records (payments, invoices, 1099-K data) are retained for a minimum of 7 years per IRS record-keeping requirements
  • Property and lease records are retained until you delete them or close your account, after which they are purged within 90 days
  • Log and analytics data is retained for up to 24 months

You may request deletion of your account and associated data at any time subject to the retention requirements above. See Section 10 for how to exercise this right.

05. Cookies and Tracking Technologies

We use cookies, pixel tags, and similar technologies to operate and improve the Service. Categories include:

  • Strictly necessary cookies: required for authentication, session management, and security
  • Functional cookies: remember your preferences and settings
  • Analytics cookies: help us understand how users interact with the platform (e.g., session recordings, page-level analytics). We use analytics providers including PostHog and Google Analytics
  • Marketing cookies: used to measure the effectiveness of our advertising campaigns (Meta Conversions API, Google Ads, TikTok Pixel)

Consent. Analytics and marketing technologies — including the browser pixels and the server-side measurement described in Section 3.6 — load and fire only after you accept via our cookie banner. Strictly necessary cookies do not require consent. You may decline or withdraw consent at any time through the cookie banner / cookie manager or your browser settings; withdrawing consent stops both the client-side pixels and the server-side conversions going forward. Note that disabling certain cookies may impair Service functionality.

06. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

  • Encryption of data in transit using TLS 1.2+
  • Encryption of data at rest within our database infrastructure
  • Row-level security (RLS) policies enforced at the database layer to ensure multi-tenant data isolation
  • Role-based access controls (RBAC) for platform administrators and staff
  • Regular security audits and penetration testing

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your information, we will notify you in accordance with applicable law.

07. AI Processing

Certain features of the Service (such as AI Lease Analysis, AI Maintenance Triage, and the AI support assistant) use third-party large language model (LLM) providers accessed through OpenRouter. With respect to this processing:

  • PII redaction: personally identifiable information is automatically redacted from content before it is transmitted to the AI provider, so that names, contact details, and similar identifiers are removed or masked prior to processing
  • No model training: we do not permit our AI providers to use your content to train, fine-tune, or improve their models
  • Purpose limitation: AI processing is used only to generate the requested feature output and is not used to build advertising or marketing profiles about you

08. Tenant Screening Data (FCRA)

Tenant screening is provided through an integration with TransUnion SmartMove. When an applicant is screened, sensitive applicant information — including date of birth, income information, and Social Security number — is collected and verified directly by TransUnion. Pilot does not collect, store, or have access to applicant Social Security numbers, and Pilot is not a consumer reporting agency under the Fair Credit Reporting Act (FCRA).

  • Consumer reports (credit, criminal, and eviction history) are generated by TransUnion and made available to the requesting landlord; TransUnion's handling of this data is governed by TransUnion's own privacy notices
  • Within Pilot, we retain only limited screening metadata (such as the request status, the report identifier, and a pass/fail or recommendation result) necessary to operate the feature and to evidence FCRA/ECOA compliance
  • Screening-related records are retained for a minimum of five (5) years consistent with FCRA and ECOA recordkeeping requirements before being purged
  • Landlords are the parties responsible for permissible-purpose certification, applicant disclosures and authorizations, and adverse-action notices required under the FCRA and ECOA

09. Third-Party Links and Integrations

The Service may contain links to third-party websites or integrate with third-party services (such as payment portals, accounting software, or property listing platforms). We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies independently.

10. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

Access

Request a copy of the personal information we hold about you.

Correction

Request correction of inaccurate or incomplete data.

Deletion

Request deletion of your personal information, subject to legal retention obligations.

Portability

Request your data in a machine-readable format.

Opt-out

Unsubscribe from promotional communications at any time.

California Residents (CCPA / CPRA)

California residents have rights under the California Consumer Privacy Act, as amended by the CPRA, including the right to know what personal information we collect and disclose, to request access and deletion, to correct inaccurate information, and to be free from discrimination for exercising these rights.

We do not sell your personal information for money. We do "share" certain online identifiers for cross-context behavioral advertising as described in Section 3.6. You have the right to opt out of this sharing. Your Privacy Choices: to opt out, visit Your Privacy Choices to review or change your selection at any time, decline (or withdraw) consent in our cookie banner, or send a Global Privacy Control (GPC) signal from your browser, which we honor as a valid opt-out. We do not knowingly share or sell the personal information of consumers under 16, and we do not use sensitive personal information for purposes that require an opt-out right.

EEA, UK & Switzerland (GDPR / UK GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and UK GDPR apply to our processing of your personal data, and you have additional rights and protections:

  • Legal bases. We process your personal data on the bases of performance of a contract (to provide the Service), our legitimate interests (to operate, secure, and improve the Service), compliance with legal obligations (such as tax and FCRA/ECOA recordkeeping), and, where required, your consent (for example, certain cookies and marketing).
  • Right to object and restrict. You may object to processing based on our legitimate interests and request that we restrict processing in certain circumstances.
  • Right to lodge a complaint. You have the right to lodge a complaint with your local data protection supervisory authority (for example, the UK Information Commissioner's Office or your EU member-state authority).
  • International transfers. Where personal data is transferred outside the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum) to protect your data.
  • Data Processing Addendum. If you use Pilot to process other people's personal data (for example, your tenants' or applicants'), our processing on your behalf is governed by our Data Processing Addendum.

You can exercise your access (data portability) and deletion rights on a self-serve basis at any time from your account settings, which lets you export a machine-readable copy of your data and request deletion of your account directly. You may also exercise any of these rights by contacting us at privacy@rentwithpilot.com. We will respond within 30 days (or the time period required by applicable law).

11.Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@rentwithpilot.com and we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

Email: privacy@rentwithpilot.com

General Support: support@rentwithpilot.com

Company: Rentwith Pilot LLC, a subsidiary of Astrae Holdings LLC

Address: Rancho Cucamonga, California

Website: rentwithpilot.com

Terms of ServicePrivacy PolicyYour Privacy ChoicesDPADisclaimerAUPDMCAOS Terminal

© 2026 Rentwith Pilot LLC, a subsidiary of Astrae Holdings LLC // rentwithpilot.com