LandlordKeep

Privacy Policy

Last updated: May 10, 2026

LandlordKeep ("LandlordKeep," "we," "our," "us") provides software that helps landlords manage rental-property maintenance. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. By using LandlordKeep you acknowledge the practices described here.

1. Roles: who is responsible for what

For account information you provide about yourself, LandlordKeep is the "controller" or "business" (under GDPR and CCPA, respectively). For information you upload about your tenants, vendors, and other third parties, you are the controller and we are your processor. That means you are responsible for having a lawful basis to collect that information, providing required notices to those individuals, and honoring their rights. We process such information only on your documented instructions and as described in our Terms of Service.

2. Information we collect

Information you provide

  • Account information: name, email address, and hashed password when you register; billing details (handled by our payment processor) if you subscribe to a paid plan.
  • Property & maintenance data: property addresses, equipment, vendors, maintenance schedules, repair logs, photos, and any notes or attachments you upload.
  • Tenant and vendor information: if you choose to record tenants, vendors, or contractors, the contact details and notes you enter.
  • Communications: messages you send through our contact, support, or feedback channels (and any metadata such as time and IP).

Information collected automatically

  • Usage data: pages viewed, features used, actions taken, referrer, and approximate location derived from IP address.
  • Device data: browser type and version, operating system, device identifiers, language, and time zone.
  • Log & security data: IP address, request timestamps, error logs, and similar technical data, retained for security, fraud prevention, and debugging.

Cookies and similar technologies

We use a small number of cookies and similar technologies:

  • Strictly necessary — required for sign-in, security, and saving preferences. These cannot be turned off.
  • Analytics — help us understand how the Service is used so we can improve it (currently Google Analytics 4). You can opt out using your browser settings, an opt-out extension, or the controls described in section 8 below.

We do not use advertising cookies or sell information to ad networks.

3. Lawful basis for processing (GDPR/UK GDPR users)

Where the GDPR or UK GDPR applies, we rely on the following lawful bases:

  • Performance of a contract — to provide the Service you requested (account management, property and maintenance features, billing).
  • Legitimate interests — to secure the Service, prevent fraud and abuse, debug problems, measure usage, and improve features. We balance these interests against your rights and freedoms.
  • Legal obligation — to comply with tax, accounting, and other legal requirements.
  • Consent — for any optional processing that requires it (e.g., non-essential analytics in regions that require opt-in). You can withdraw consent at any time.

4. How we use information

  • To provide, operate, secure, and improve the Service.
  • To send transactional emails (account verification, password resets, maintenance reminders, billing receipts).
  • To respond to questions, support requests, and contact-form submissions.
  • To detect, investigate, prevent, and respond to abuse, fraud, security incidents, and violations of our Terms of Service.
  • To enforce our agreements and to comply with legal obligations (such as tax, accounting, and lawful requests from authorities).

We do not sell or "share" (as those terms are defined under CCPA/CPRA) personal information. We do not use your property, tenant, or repair data to train third-party AI models. We do not make decisions producing legal or similarly significant effects about you using solely automated processing.

5. Service providers and disclosures

We share limited information with the vendors who help us run the Service, under contractual confidentiality and data-protection obligations:

  • Railway — application hosting and database infrastructure (United States).
  • Resend — transactional email delivery.
  • Stripe — payment processing for paid plans (we do not store full card numbers).
  • Google Analytics — aggregated usage analytics. You can opt out via your browser, the Google Analytics opt-out add-on, or by enabling "Do Not Track."

We may also disclose information: (a) to comply with applicable law, court order, or other legal process; (b) to enforce our Terms; (c) to protect the rights, property, or safety of LandlordKeep, our users, or the public; or (d) in connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this policy or notify you of any material change.

6. International data transfers

LandlordKeep is operated from the United States, and our service providers are primarily located in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S., which may have different data-protection laws than your country. Where required (for example, for transfers from the EEA, UK, or Switzerland), we rely on appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Addendum, or another lawful transfer mechanism.

7. Data retention

We retain account and property data for as long as your account is active. If you delete your account, we delete or de-identify your content within 30 days, except where retention is required by law or to resolve disputes, enforce agreements, or maintain backup and security records (which are typically purged on a rolling 90-day cycle). Aggregated or de-identified information may be retained indefinitely.

8. Security

We use industry-standard safeguards including encryption in transit (HTTPS/TLS), bcrypt-hashed passwords, role-based access controls, audit logging, and regular dependency updates. No system is perfectly secure; please use a strong, unique password and notify us promptly through our contact form if you suspect unauthorized access.

9. Data breach notification

If we determine that a personal-data breach has occurred and is likely to result in a risk to your rights, we will notify affected users and, where required, the relevant supervisory authority within the timeframes required by applicable law (for GDPR, generally within 72 hours of becoming aware).

10. Your rights and choices

Depending on where you live, you may have the following rights regarding personal information we hold about you:

  • Access — request a copy of your personal information.
  • Correction — correct inaccurate or incomplete information.
  • Deletion — request deletion of your personal information (also called the "right to be forgotten").
  • Portability — receive your personal information in a portable, machine-readable format.
  • Objection / restriction — object to or restrict certain processing, including processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting processing already carried out.
  • Lodge a complaint — with your local data protection authority (for EEA/UK residents) or your state attorney general (for U.S. residents).

You can exercise most of these rights from your account settings or by submitting our contact form with "Privacy Request" as the subject. We will respond within the timeframes required by law (generally 30 days under GDPR; 45 days under CCPA, extendable once). We may need to verify your identity before acting on a request. We will not discriminate against you for exercising your rights.

If your request relates to information about your tenants, vendors, or other third parties, contact the landlord directly — that landlord is the controller of that information and we process it only on their instructions.

California residents (CCPA / CPRA)

  • Right to know / access / delete / correct— as described above.
  • Right to opt out of sale or sharing — we do not sell or "share" personal information for cross-context behavioral advertising, so there is nothing to opt out of.
  • Right to limit use of sensitive personal information — we do not use sensitive personal information for purposes that require this right.
  • Shine the Light — we do not disclose personal information to third parties for their direct marketing purposes.
  • Authorized agents — you may designate an authorized agent to make a request on your behalf, subject to verification.

11. Children

The Service is intended for adults running rental properties. Consistent with the U.S. Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. In the EEA and UK we do not knowingly collect information from children under 16. If you believe a child has provided us information, let us know through our contact form and we will delete it.

12. Marketing communications

We send transactional emails as a necessary part of the Service (verification, billing, password resets, reminders you have configured, and similar). If we ever send marketing emails (for example, product announcements), each will include an unsubscribe link, and unsubscribing will not affect transactional messages.

13. Do Not Track and Global Privacy Control

Industry standards for "Do Not Track" signals are still evolving and we currently do not respond to them. Where required by law (e.g., California), we treat a Global Privacy Control (GPC) signal as a valid request to opt out of sale or sharing, even though we do not sell or share.

14. Changes to this Privacy Policy

We may update this policy from time to time. Material changes will be notified by email or in-app at least 30 days before taking effect, except where a shorter period is required by law or for security reasons. The "Last updated" date at the top reflects the current version. Prior versions are available on request.

15. Contact

Questions about this policy or your data? Use our contact form. For privacy or data-protection requests, please put "Privacy Request" in the subject line so we can route it correctly.