Privacy

The short version

We don't want your personal data beyond what's strictly necessary to run the service. We don't track you across the web. We don't sell anything to anyone. We don't see your credit card. The numbers you type stay between you and the simulator unless you choose to save them.

What we keep — free tier

• The simulation result — to make the page fast if you (or anyone else with the exact same inputs) runs the same scenario again. We label it with a scrambled fingerprint of the inputs, not the inputs themselves. Deleted after 90 days of no use.
• A random ID in your browser — so reloading the page doesn't wipe your last scenario. Lives only in your browser's localStorage, never goes to advertisers, and clearing site data erases it.
• Normal web server logs (your IP address, the time, which page) — kept up to 90 days so we can spot abuse and outages. AWS rotates them out after that.

What we keep — if you sign in

Signing in is optional. You only need to sign in if you want to save scenarios or subscribe to Pro. When you do:

• Your email address. Stored against your account so we can send you sign-in links and (if you have Pro) subscription- related messages. We never use it for marketing without your explicit opt-in.
• A short-lived sign-in token (15-minute TTL). After you use it, it's consumed and can't be replayed.
• A long-lived sign-in token (JWT, 30-day TTL) stored in your browser's localStorage after a successful sign-in. Lets you stay signed in across visits without typing your email each time. Signing out deletes it.
• Your saved scenarios (Pro feature) — the inputs and the simulation result snapshot at save-time. Stored against your account email. You can delete any of them at any time.

What we keep — if you subscribe to Pro

• Stripe references — your Stripe customer ID and subscription ID, plus the current subscription status (trial / active / past-due / canceled) and renewal date. We need these to show you the right state on your account page and to gate Pro features server-side.
• Webhook event log — a record of the Stripe events we've received for your subscription (e.g.checkout.session.completed,customer.subscription.updated) so we don't apply the same change twice. Stored indefinitely as an accounting record.
• We do NOT store your card number, CVV, expiry, or billing address. Stripe collects and stores these directly. They are subject to Stripe's privacy policy.

What we don't keep

• The numbers you typed in the free tier. Rent, income, savings, ZIP — none of it is stored against you after the simulation runs.
• Your password. There isn't one — we use one-time sign-in links and 6-digit codes.
• No Google Analytics, Meta Pixel, Hotjar, Mixpanel, or any other ad-tech tracker.
• No tracking cookies.
• We never sell, rent, share, or hand off your data.

Third parties we use

• Amazon Web Services (AWS) — hosting (EC2, S3, CloudFront, SES, RDS). All US regions.
• Stripe Inc. — payment processing and subscription management. They handle your card data; we don't.
• Anthropic Inc. (Claude API) — used only for the optional “Personalized Summary” narrative feature on Pro. When you ask for that summary, your scenario inputs (numbers only — no email, no IP) are sent to their API. Anthropic does not use API content to train their models.
• Zillow Research / FRED / US Census — public data sources used as inputs to the simulator. We download their datasets; they receive no information about you.

Where things live

Everything is hosted on Amazon Web Services in the United States. We don't use third-party vendors for analytics, marketing, or general-purpose data storage.

Your rights

If you have an account with us, you can:

• See what we have on you — email contact@rentbuysellapp.com from your account email and we'll send back everything stored against it.
• Delete your account — same email, ask us to delete. We'll remove your email, saved scenarios, and subscription references from our DB. Stripe's record of charges (if any) remains with Stripe per their retention policy.
• Cancel your subscription — from the Manage subscription button on your account page. No email or phone call required.
• Clear browser data — using your browser's “clear site data for rentbuysellapp.com” option erases the JWT and any localStorage we've set.

For California residents (CCPA)

In the last 12 months, we have collected the categories of personal information described above: an email address (if you signed in), internet/network activity (request logs), and commercial information (your Stripe subscription state, if you subscribed). We collect this information directly from you and from Stripe. We use it to provide the service and bill you. We do not sell personal information, and we have not done so in the past 12 months.

You have the right to know what we have on you, to delete it, and to not be discriminated against for exercising these rights. To exercise them, email contact@rentbuysellapp.com from the email address on your account.

Security

All traffic to the site is encrypted with HTTPS. Your sign-in JWT uses HMAC-SHA256. Webhook events from Stripe are cryptographically signed and verified before we accept them. We use Stripe's hosted Checkout and Customer Portal so we never handle card numbers ourselves. No system is perfectly secure, but we try to follow common-sense defaults and stay current on the libraries we depend on.

If this changes

If we ever collect something new, we'll update the date at the top of this page and flag the change on the homepage for at least 30 days. If you have an active subscription, we'll email you before any material change.

Children

The service is not intended for users under 18. We do not knowingly collect personal information from children. If you believe a child has signed in, contact us and we'll remove the account.