Privacy Policy
At Rentcla we take your data privacy very seriously. This policy explains what data we collect, why we need it, and what rights you have. We comply with the EU General Data Protection Regulation (GDPR).
Last updated: 1 de junio de 2026
1. Data controller
Rentcla is a brand of CALNautic S.L., based in Spain. For any data protection queries you can write to privacy@rentcla.com.
2. What data we collect
We collect: (a) account data: name, email, hashed password; (b) organization data: name, NIF/CIF, fiscal address; (c) portfolio data: properties, tenants, contracts, payments — that you voluntarily enter; (d) technical data: IP address, browser, OS, for security and analytics.
3. What we use it for
We use your data to: (a) provide the contracted service; (b) issue invoices and manage collections; (c) send you operational communications (major service changes, security alerts); (d) with your consent, send you marketing communications; (e) comply with legal and tax obligations.
4. Legal basis
The legal basis is: (a) contract execution (service delivery); (b) compliance with legal obligations; (c) consent (marketing and non-essential cookies); (d) legitimate interest (product improvement, security).
5. Where it's stored
Your data is stored on EU servers (currently Neon, Frankfurt region, Germany). Backups are also stored in the EU. We do not transfer data outside the European Economic Area without adequate safeguards.
6. Sub-processors
We use the following sub-processors, all GDPR-compliant: Stripe (payments), Cloudflare (infrastructure and CDN), Resend (transactional email). The full and updated list is available at rentcla.com/privacy/subprocessors.
7. Your rights
You have the right to: (a) access your data; (b) rectify it; (c) erase it; (d) restrict its processing; (e) port it; (f) object to processing; (g) not be subject to automated decision-making with legal effects. To exercise them, write to privacy@rentcla.com. You may also file a complaint with your local DPA.
8. Retention
We keep your data while you maintain an active account. After cancellation, we keep identifying personal data for the legally applicable period (6 years for tax data) and aggregated anonymized data indefinitely for analytics.
9. Security
We apply technical and organizational measures: TLS 1.3 encryption in transit, AES-256 at rest, two-factor authentication, daily backups, role-based access controls, audit log. In case of a security breach we will notify affected users and the DPA in under 72 hours.
10. Changes to this policy
If we modify this policy significantly, we will notify you by email and with an in-app notice at least 30 days before it takes effect.
Documentos relacionados