Privacy Policy

Last updated: 01/02/2026

1. Purpose and identification of Rentila

This Privacy Policy reflects Rentila's (the "Software") commitment to respecting your privacy and protecting your personal data (the "Data") collected and processed when you use the Software under the conditions described in our Terms of Use (available at the following URL: /terms/).

Identity of the Data Controller (for processing carried out directly by Rentila):
Rentila is published by Rentila ltd, a company incorporated under Bulgarian law, with its registered office at 119 Oboriste, Sofia, 1505, Bulgaria, registered with the Commercial Register of Sofia, Bulgaria, under number 13028629.
For any questions regarding the protection of your data, you may contact our Data Protection Officer (DPO) or GDPR representative, whose contact details are provided in Article 15.

For the purposes of this Privacy Policy:

Landlords refer to users who are property owners or managers using the Services to manage their rentals and process the personal data of their Tenants (hereinafter "the Landlord(s)").
Tenants refer to users occupying a rented property, whose personal data may be collected and managed by a Landlord through the Software (hereinafter "the Tenant(s)").
Users refer, collectively or individually, to any person using the Software, including Landlords and Tenants (hereinafter "the User(s)").

In accordance with the General Data Protection Regulation (GDPR), Rentila processes or sub-processes your data on various legal bases, including:

Performance of a contract (for example, provision of Services and account management).
Compliance with legal obligations (accounting, tax obligations, etc.).
Legitimate interest (for example, Software security, anonymised audience measurement, fraud prevention).
Explicit consent (particularly for certain cookies or for sending marketing communications, where required).

Important: The purpose of this Policy is to inform you about the information that may be collected, how it is used, and your rights. It may be updated as indicated in Article 14.

2. Content uploaded to the Software

All personal information and photographs that you voluntarily upload (in your profile, in messages, or in your property descriptions) are not publicly accessible and cannot be collected or used by third parties.

However, if you have enabled the "Public" option in your property description, certain information from that listing (property address, photographs, rent price, etc.) will be made visible and publicly accessible.

3. Cookies

Browsing the Software may result in cookies being automatically placed in your browser. Cookies are small text files that allow our servers to identify you and offer you personalised information. Their purpose is primarily to simplify navigation and improve the usability of the Software.

There are several categories of cookies placed in your browser:

Strictly necessary cookies (placed by Rentila for the proper functioning of the Software, such as logging into your account).
Audience measurement cookies (Google Analytics, etc.).
Cookies related to customer support tools (Crisp, etc.).

In accordance with applicable regulations (GDPR and the ePrivacy Directive), Rentila obtains your prior consent before placing non-strictly necessary cookies. An information banner or preference management module may appear during your first visit.
You may manage your cookie preferences at any time by using this module or by configuring your browser settings.

You may refuse the installation of certain cookies by changing your browser settings, but this may prevent access to certain features of the Software.

For more information on managing or deleting cookies, you may consult the help pages specific to each browser:

For further information, you may also visit Aboutcookies.org, as well as Google's settings. Rentila ensures that any use of cookies or third-party services compliant with the GDPR includes, where necessary, appropriate safeguards (standard contractual clauses, etc.) for any transfer of data outside the EEA.

4. Data collected

The Data collected and subsequently processed by the Software is the information you voluntarily provide when opening your User account (the "Account") via the registration form, and includes at a minimum:

Surname and first name(s)
A valid email address (your identifier for accessing your Account)
A password of your choice

Certain advanced features of the Software may require you to provide additional Data, such as:

Telephone number
Postal address
Banking details
Information about your properties and equipment
Information about your tenants
Rental income and expenses

Data collected automatically by the Software includes your IP address (your computer's address) as well as information related to your browser version, the page viewed, and the date of the request.

Failure to provide certain mandatory data may restrict your access to certain features of the Software.

4.2. Data retention periods

Rentila retains your Data for the period strictly necessary for the purposes for which it was collected, as described in this Policy, or to comply with applicable legal obligations. Retention periods vary depending on the nature and purpose of the data:

Account Data (name, email, password): retained for the lifetime of the Account. After the Account is deleted, data may be retained for a limited period in order to meet any legal obligations or for dispute management purposes.
Rental data (leases, rent receipts, payments): retained for the period necessary to manage the rental relationship and any resulting legal obligations.
Financial and accounting data: retained in accordance with applicable accounting and tax obligations.
Connection data and technical logs: retained for a limited period necessary for security and fraud prevention purposes.
Customer support data: retained for the period necessary to process your request and improve our services.
Non-strictly necessary cookies: in accordance with applicable regulations (ePrivacy Directive).
Data processed by artificial intelligence services: not retained by the providers (OpenAI, Google Gemini) beyond real-time processing of the request. Generated results are retained within the Account according to the rules applicable to the relevant data category.
Payment data: retained for the duration of the contractual relationship and, where applicable, for the period necessary to comply with applicable legal obligations.

Upon expiry of the applicable retention period, Data is deleted or anonymised. Rentila reserves the right to delete Data before the expiry of these periods, particularly in the event of Account inactivity or voluntary deletion by the User.

5. Responsibility for the processing of personal data

In the context of using Rentila's Services, responsibility for the processing of personal data is allocated as follows:

5.1. The Landlord as Data Controller

The Landlord who uses Rentila to manage their rentals is the data controller for the personal data they collect and process through the Software. This includes, but is not limited to:

Data relating to Tenants and prospective tenants (name, contact details, contracts, payments, etc.).
Financial data related to rental management (income, expenses, rent payments).

As Data Controller, the Landlord undertakes to:

Comply with the GDPR and all applicable data protection regulations.
Inform Tenants and other data subjects about the processing of their personal data, including the use of Rentila.
Ensure they have a lawful basis for the collection and use of data (contract, consent, legal obligation, etc.).
Handle Tenant requests regarding their rights (access, rectification, erasure, objection, portability).

5.2. Rentila as Data Processor

Rentila acts as a data processor within the meaning of Article 28 of the GDPR. This means that Rentila:

Hosts and processes the Landlord's data to enable them to manage their rentals.
Does not make any decisions regarding the use of Tenant or prospective tenant data.
Does not use such data for commercial purposes, unless specifically instructed and consented to by the Landlord.

A data processing agreement (Data Processing Agreement — DPA) is formed between the Landlord and Rentila upon acceptance of the Terms of Use and this Privacy Policy. The minimum obligations set out in Article 28 of the GDPR are deemed to be incorporated therein.

5.3. Cases where Rentila is the Data Controller

Rentila is the data controller for certain specific data collected independently of the Landlord's instructions, including:

Software usage data: connection logs, activity logs, statistics to improve the Services.
Technical support: storage and analysis of communications for support and security purposes.
Security and maintenance: detection of fraudulent access, measures to protect against cyberattacks.

In such cases, Rentila undertakes to inform Landlords and Tenants of the purposes of the processing and to respect their rights in accordance with the GDPR.

5.4. Tenants' rights

Tenants whose data is entered on Rentila must contact their Landlord directly for any requests related to their GDPR rights (access, rectification, erasure, objection, portability). Rentila, as a data processor, cannot respond to such requests without instructions from the Landlord.

No fully automated decision-making: Rentila does not carry out fully automated decision-making that produces legal effects or similarly significant effects on Users within the meaning of Article 22 of the GDPR. Where artificial intelligence tools are used as part of the Services (see Article 11), their results are provided as assistance only and do not replace human decision-making. Landlords remain solely responsible for the decisions they make regarding their Tenants.

6. Purposes of processing

The Data identified as mandatory in the registration form or any other form within the Software is necessary in order to benefit from the Software's features. We use this information to:

Manage and maintain our Site.
Enable you to benefit from personalised features.
Process any report or correspondence from you.
Provide artificial intelligence-assisted features, such as document generation, information summarisation, or writing assistance (see Article 11).

Automatically collected Data (e.g. IP address, logs) enables us to compile usage statistics and strengthen the security of the Software.

In certain cases, we may personalise the offers we present to you (for example, Partner offers) based on your interests. Such advertising targeting and profiling only takes place if you have consented or on the basis of legitimate interest where permitted by applicable regulations. You may withdraw your consent or object to these operations at any time (see the section on your rights).

We do not use your email address or any other personally identifiable information without your agreement, except in the following cases:

Registration as a member of the Software: a welcome email is sent to activate your Account and remind you of your login credentials.
Account closure: in the event of a deletion or deactivation request, a notification email is sent.
Events, Games, and Competitions: Rentila may inform you by email of games, competitions, or special events it organises.
Information about the Software and the services offered: Rentila may send notifications or newsletters relating to the Software.
Support: in the event of a support request or question, Rentila responds by email.

7. Recipients of Data

Rentila is committed to protecting your privacy and the confidentiality of your Data.

We undertake never to share or disclose your Data to third parties, except in the following situations:

In response to a legal or administrative obligation (judicial authority, police authorities, etc.).
Where you have given us your prior consent.
In the event of a breach of our Terms of Use requiring transmission to authorised entities.

Access to your personal data is limited to:

Authorised personnel within our company.
Our sub-processors (e.g. hosting provider, email delivery service, Crisp customer support, artificial intelligence providers, etc.) to the extent necessary for their duties.
Where applicable, public and private bodies in order to comply with legal obligations.

Non-exhaustive list of our sub-processors:

OVH (hosting) — servers located in the EU
Google Analytics (audience measurement) — may involve transfers outside the EEA under standard contractual clauses
Crisp (customer support/chat) — servers located in the EU
Amazon SES (email delivery) — servers located in the EU
Sparkpost/MessageBird (email delivery) — servers located in the EU
Stripe (payment processor) — servers located in the EU
GoCardless (payment processor) — servers located in the EU
Powens (bank account synchronisation / banking aggregation) — servers located in the EU
PayPal (payment processor) — servers located outside the EU; transfers governed by standard contractual clauses (SCCs) in compliance with the GDPR
OpenAI (artificial intelligence services — API) — servers located in the United States; transfers governed by standard contractual clauses (SCCs) and OpenAI's Data Processing Addendum. Data transmitted via the API is not used to train OpenAI's models.
Google Gemini (artificial intelligence services — API) — servers may be located outside the EEA; transfers governed by standard contractual clauses (SCCs) and Google Cloud's Data Processing Addendum. Data transmitted via the API is not used to train Google's models.

Rentila ensures that each sub-processor provides sufficient guarantees regarding the implementation of appropriate technical and organisational measures, in accordance with Article 28 of the GDPR. In the event of data transfers outside the European Economic Area, Rentila ensures that adequate safeguards are in place (standard contractual clauses adopted by the European Commission, adequacy decisions where applicable, or any other mechanism compliant with Chapter V of the GDPR).

Notification in the event of a sub-processor change: In accordance with Article 28(2) of the GDPR, in the event of the addition or replacement of a sub-processor handling personal data of Tenants or Landlords, Rentila will inform the relevant Landlords by email at least 30 days before the change takes effect. Landlords will have this period to raise reasoned objections. In the absence of any objection within this period, the new sub-processor will be deemed accepted. In the event of a legitimate objection and if no alternative solution is found, the Landlord may terminate their subscription without penalty.

8. Data security and retention

Rentila places great importance on the security and protection of your Data. We implement all necessary measures to limit the risks of loss, deterioration, or misuse. Specifically:

Rentila uses a 256-bit SSL (Secure Socket Layer) connection to secure data transmission.
Your User account is protected by a personal password (stored in encrypted form).
Rentila provides a two-factor authentication (2FA) feature that Users are strongly encouraged to enable to enhance the security of their Account.
Rentila automatically detects suspicious logins (unusual location, repeated attempts, etc.) and may temporarily suspend access to the Account if a risk is detected.
Rentila automatically notifies the User by email in the event of changes to sensitive Account information (email address, password, banking details, etc.).
A secure cookie system is provided.
Your private messages are only accessible to the Software administrator, and only upon your request and express authorisation.
Data transmitted to artificial intelligence providers (OpenAI, Google Gemini) is sent via encrypted connections (TLS) and is not retained by these providers beyond the time necessary to process the request.

Data is retained for the period strictly necessary to provide the Services or to meet legal obligations, as set out in Article 4.2.

Data is stored with the hosting provider OVH (2 rue Kellermann, 59100 Roubaix, France), and we perform daily backups on a separate server also hosted by OVH. Where third-party services (e.g. Crisp, Google, Amazon SES, Sparkpost/MessageBird, Stripe, PayPal, GoCardless, OpenAI, Google Gemini) are used, Rentila ensures that appropriate safeguards (standard contractual clauses, etc.) are in place for any transfers outside the EU.

8.2. Notification in the event of a data breach

In the event of a personal data breach (unauthorised access, loss, destruction, or accidental disclosure of Data), Rentila undertakes to:

Notify the competent supervisory authority (the Commission for Personal Data Protection in Bulgaria, or any other competent authority depending on the country of residence of the data subjects) within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR, unless the breach is unlikely to result in a risk to the rights and freedoms of the data subjects.
Inform the affected Users without undue delay where the breach is likely to result in a high risk to their rights and freedoms, in accordance with Article 34 of the GDPR. This notification will be made by email and/or by a notification within the Software.
Inform the relevant Landlords without undue delay, to enable them to fulfil their own notification obligations as Data Controllers with respect to their Tenants.
Document any data breach in an internal register, including the nature of the breach, the categories of data and data subjects affected, the likely consequences, and the measures taken to address it.

9. Partner sites

You may access, through hyperlinks on the Software, the websites and services of Partners that are not governed by this Data protection Policy. You are therefore advised to review the rules applicable to the use and disclosure of information you may have shared on those sites.

10. Disclosure of the use of third-party API services (Google, Powens, Sparkpost/MessageBird, Amazon SES)

Rentila uses Google's Application Programming Interface (API) Services to enable the user authorisation feature for accessing Rentila.

Rentila's use and transfer of information received from Google APIs to any other application will comply with the Google API Services User Data Policy, including the Limited Use requirements.

Rentila uses Powens' Application Programming Interface (API) Services to enable the bank account synchronisation feature allowing users to import banking transactions into Rentila.

Rentila uses the services of Stripe, PayPal, and GoCardless to process subscription payments and transactions made on the Platform. These secure payment service providers enable Landlords and Users to make payments with confidence, ensuring the protection of financial data through encryption and the strictest security standards (PCI-DSS). Each transaction is managed directly by these platforms, and Rentila does not store any sensitive information relating to Users' bank cards or bank accounts at any time. By choosing one of these payment processors, the User also accepts their respective privacy policies and terms of use.

Rentila uses the Application Programming Interface (API) Services of Amazon Simple Email Service (SES) and Sparkpost/MessageBird to ensure the secure delivery of transactional emails, notifications, and communications to Users. These solutions help guarantee optimal deliverability while minimising the risk of spam and delivery errors. Through these services, Rentila can send registration confirmations, payment reminders, update notifications, and any other communication essential to the proper functioning of the Platform. These providers act solely as technical intermediaries for message delivery.

11. Use of artificial intelligence services (OpenAI and Google Gemini)

Rentila integrates artificial intelligence services provided by OpenAI (OpenAI, L.L.C., a company incorporated under US law) and Google Gemini (Google LLC, a company incorporated under US law), accessible via their application programming interfaces (APIs), in order to offer Users AI-assisted features.

11.1. Features concerned

Artificial intelligence services may be used in the context of the following features (non-exhaustive list):

Generation of and assistance with drafting rental documents (leases, correspondence, rent receipts, etc.).
Summarisation and analysis of information relating to rental management.
Assistance with communication between Landlords and Tenants.
Any other feature of the Software incorporating artificial intelligence processing, clearly identified as such in the interface.

11.2. Data transmitted to AI providers

When using these features, certain Data may be transmitted to AI providers for processing. This data may include:

The content of text fields entered by the User as part of an AI feature (for example, an instruction or context provided by the Landlord to generate a document).
Information relating to properties, leases, or tenants, to the extent necessary for the performance of the requested feature.

Rentila takes care to minimise the data transmitted to AI providers and to send only the information strictly necessary for the requested feature (principle of data minimisation within the meaning of Article 5(1)(c) of the GDPR).

11.3. Data protection safeguards

Rentila ensures that data transmitted to OpenAI and Google Gemini benefits from the following safeguards:

No model training: data transmitted via the OpenAI and Google Gemini APIs is not used by these providers to train, improve, or fine-tune their artificial intelligence models. This guarantee is provided for under the contractual terms applicable to API access with these providers.
No retention by the providers: transmitted data is processed in real time and is not retained by OpenAI or Google beyond the period strictly necessary for the technical processing of the request, subject to any legal obligations specific to these providers (for example, temporary retention for abuse detection purposes, generally limited to 30 days).
Encryption of communications: all communications between Rentila and the AI providers are carried out via encrypted connections (TLS).
Contractual framework: data transfers are governed by Data Processing Addendums compliant with Article 28 of the GDPR, as well as standard contractual clauses (SCCs) compliant with Chapter V of the GDPR for transfers outside the EEA.

11.4. Legal basis and consent

The processing of data by artificial intelligence services is based on the following legal grounds:

Performance of a contract (Article 6(1)(b) of the GDPR): where the processing is necessary for the provision of a feature that the User has expressly requested.
Consent (Article 6(1)(a) of the GDPR): where the AI feature is optional, the User is informed before any data is transmitted and may choose not to use the feature in question.

Features using artificial intelligence are clearly identified in the Software's interface. The User retains the option of not using these features, without this affecting access to the other services of the Software.

11.5. Liability and human oversight

Results generated by artificial intelligence services are provided as assistance and suggestions only. They do not constitute automated decision-making within the meaning of Article 22 of the GDPR. Landlords remain solely responsible for verifying, validating, and using AI-generated content, particularly with respect to their Tenants.

Rentila shall not be held liable for any inaccuracies, errors, or omissions in content produced by artificial intelligence services.

12. Rights of access, rectification, and erasure of your data

Rentila complies with the provisions of Regulation (EU) 2016/679 (GDPR), as well as applicable national legislation (e.g. the Bulgarian Personal Data Protection Act).

You have the following rights:

A right of access (the ability to view and verify your information).
A right to rectification (in the event of inaccuracy, you may update your profile or contact us).
A right to data portability (export of your data from your Account).
A right to erasure (you may delete your data from your Account or contact us to do so).
A right to object (refusal to appear in a file or to have your information transmitted to third parties where the law permits).
A right to restriction of processing.
A right to refuse the processing of your data by third-party artificial intelligence services, without this affecting your access to the other features of the Software.

In accordance with Article 12(3) of the GDPR, Rentila undertakes to respond to any request to exercise your rights within a maximum of one month from receipt of the request. This period may be extended by a further two months if the complexity or number of requests warrants it; in such cases, Rentila will inform you of the extension and its reasons within the initial one-month period.

Tenants wishing to exercise their rights over data managed by a Landlord must contact that Landlord directly. Where Rentila is the data controller, you may address your requests to our DPO (contact details in Article 15).

You also have the right to lodge a complaint with the competent data protection authority in your country of residence if you believe your rights are not being respected.

Furthermore, we inform you that:

You may always decline to provide your Data on the Software, which will not prevent you from using and exploring the Software. However, in such cases, we may be unable to provide you with certain services.
At any time, you may update or correct your profile and email address in the profile page of your Account.

13. Account inactivity

After six months of inactivity, the Account is automatically deactivated. Rentila will then send an email informing you of this deactivation.

After one year of inactivity, the Account will be deleted. Rentila will send a reminder email at least 30 days before the permanent deletion, informing you of the scheduled deletion date and inviting you to log in again if you wish to keep your Account. Once your Account is deleted, you will no longer be able to access services that require an Account, nor any content you may have stored or published therein.

14. Updates to the Privacy Policy

Rentila may amend, supplement, or update this Privacy Policy to reflect any legal, regulatory, or technical developments.

In the event of a significant change (concerning, for example, legal bases, processing purposes, the addition of new sub-processors handling sensitive data, or the exercise of Users' rights), Rentila will inform its Users by any written means (email notification, information banner, etc.) at least 30 days before such changes take effect. For changes substantially affecting the legal bases of processing or the categories of data processed, Rentila will seek the explicit consent of Users before implementing such changes.

For minor changes (typographical corrections, contact information updates, wording adjustments that do not affect Users' rights), access to and use of the Platform after notification will constitute acceptance of the new version of the Policy.

By using the Platform, creating an account, or accessing Rentila's services, you accept the terms of this Privacy Policy. The online version shall prevail over any other version.

15. Questions, complaints, or suggestions

We aim to be transparent about the confidentiality of your Data. For any questions, suggestions, or concerns regarding the processing of your Data, please do not hesitate to contact us:

Email: contact@rentila.com
Rentila ltd
119 Oboriste, Sofia, 1505
Bulgaria

‍