Back to home

Privacy Policy

Last updated: 8 February 2025

1. Introduction

Rentlatch ("we", "us", or "our") is a rental compliance tracking service operated by Joshua Mackus as an Australian sole trader (ABN 89 678 672 150). We provide software to help Victorian self-managing landlords track safety checks, minimum standards, and compliance deadlines for their rental properties.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website at rentlatch.com and our services.

While businesses with annual turnover under $3 million are not automatically covered by the Privacy Act 1988 (Cth), we voluntarily adopt best practices aligned with the Australian Privacy Principles (APPs) because we believe you deserve transparency and control over your data.

2. Information We Collect

We collect the following types of personal information:

Account Information

  • Name and email address — to create and manage your account, and to communicate with you about your properties and compliance deadlines

Property Information

  • Property addresses — to identify and organise compliance tracking for your rental properties
  • Compliance dates and deadlines — including gas safety check dates, electrical safety inspection dates, smoke alarm service dates, and other regulatory deadlines

Documents

  • Uploaded compliance documents — such as gas safety certificates, electrical safety reports, condition reports, and other property-related documentation you choose to store with us

Technical Information

  • Usage data — including pages visited, actions taken, browser type, device information, and IP address
  • Cookies and similar technologies — for authentication, preferences, and analytics (see Section 7)

Payment Information

Payment processing is handled entirely by Stripe. We do not receive, store, or have access to your credit card numbers, bank account details, or other payment credentials. Stripe provides us only with limited information such as the last four digits of your card and billing address for transaction records.

3. How We Use Your Information

We use your personal information to:

  • Provide our services — track compliance deadlines, store documents, and manage your property portfolio
  • Send compliance reminders — notify you of upcoming deadlines via email so you never miss a required safety check
  • Process transactions — manage your subscription and billing through Stripe
  • Communicate with you — respond to enquiries, provide support, and send important service updates
  • Improve our services — analyse usage patterns to enhance functionality and user experience
  • Ensure security — detect and prevent fraud, abuse, or unauthorised access
  • Comply with legal obligations — where required by Australian law

We will not use your personal information for purposes other than those described in this policy without your consent.

4. Third-Party Service Providers

We work with trusted third-party service providers to deliver our services. These providers only access your data as necessary to perform their functions and are contractually obligated to protect your information.

Clerk

Authentication & Identity

Privacy Policy →

Manages user registration, login, and session security. Processes your email address and authentication credentials.

Data location: United States

Stripe

Payment Processing

Privacy Policy →

Processes subscription payments securely. We never see or store your full card details.

Data location: United States (PCI-DSS compliant)

Resend

Email Delivery

Privacy Policy →

Sends transactional emails including compliance reminders, account notifications, and support responses.

Data location: United States

Vercel

Hosting & Infrastructure

Privacy Policy →

Hosts our website and application. Primarily uses Sydney (Australia) region with global edge network for performance.

Data location: Sydney, Australia (primary) with US edge

Neon

Database

Privacy Policy →

Stores your account data, property information, and compliance records in a PostgreSQL database.

Data location: Sydney, Australia (ap-southeast-2)

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Storage and Security

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.

Security Measures

  • Encryption in transit — All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
  • Encryption at rest — Your data is encrypted when stored in our database
  • Secure authentication — We use Clerk's enterprise-grade authentication system with support for multi-factor authentication
  • Access controls — Only authorised personnel can access production systems, with activity logging
  • Regular security updates — We keep our infrastructure and dependencies up to date

Data Location

Your data is primarily stored in Australia (Sydney region) via our database provider Neon. Some data may be processed through US-based services (Clerk, Stripe, Resend) as described in Section 4. By using our services, you consent to this transfer of data outside Australia to jurisdictions that may have different data protection laws.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations (e.g., tax records for 7 years)
  • Resolve disputes and enforce our agreements

When you delete your account:

  • Your property data, compliance records, and uploaded documents will be permanently deleted within 30 days
  • Backup copies may persist for up to 90 days before automatic deletion
  • We may retain limited information required for legal compliance (e.g., billing records)

7. Cookies and Analytics

We use cookies and similar technologies for:

Essential Cookies

Required for the service to function, including authentication tokens and session management. These cannot be disabled.

Analytics

We may use privacy-focused analytics to understand how our service is used. We do not use invasive tracking or sell data to advertisers. Any analytics data is aggregated and does not identify individual users.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using our service.

8. Your Rights

Although we are not legally required to comply with the APPs, we voluntarily provide you with the following rights:

Access

You can request a copy of the personal information we hold about you. We will respond within 30 days.

Correction

If your personal information is inaccurate, incomplete, or out-of-date, you can update it directly in your account settings or contact us to request correction.

Deletion

You can request deletion of your account and personal information at any time. You can delete your account through your account settings or by contacting us. We will process deletion requests within 30 days, subject to any legal retention requirements.

Data Export

You can request an export of your data in a portable format. Contact us to make this request.

Withdraw Consent

Where we rely on your consent to process personal information, you can withdraw that consent at any time. This will not affect the lawfulness of processing before the withdrawal.

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

If we make material changes, we will notify you by email or by posting a prominent notice on our website before the changes take effect. We encourage you to review this policy periodically.

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

11. Contact Us and Complaints

If you have questions about this Privacy Policy, wish to exercise your rights, or have a privacy complaint, please contact us:

Rentlatch Privacy Enquiries

Email: hello@rentlatch.com

Operated by: Joshua Mackus (ABN 89 678 672 150)

We take privacy complaints seriously and will respond within 30 days. We will work with you to resolve your concerns.

OAIC Complaints

If you are not satisfied with our response to your privacy complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner

Website: www.oaic.gov.au/privacy/privacy-complaints

Phone: 1300 363 992

Post: GPO Box 5288, Sydney NSW 2001

Note: As a business with under $3 million annual turnover, we are not automatically covered by the Privacy Act 1988. However, the OAIC may still be able to assist with privacy concerns.

12. Summary

What We CollectWhy
Name, emailAccount management, communications
Property addressesOrganise compliance tracking
Compliance datesTrack deadlines, send reminders
Uploaded documentsStore certificates and reports
Usage dataImprove service, security
Payment info (via Stripe)Process subscriptions

© 2026 Rentlatch. ABN 89 678 672 150.