Security & Privacy
How VaultRent handles your data: ownership, access, retention, and service providers.
What VaultRent Is (and Isn't)
VaultRent is a tool for recording rent payments, generating receipts, and managing lease records and documents. That's it.
We are not a data broker. We do not sell landlord or tenant information. We do not run an advertising business. Our business model is simple: you pay a subscription fee, and we provide software that works.
Who Owns the Data
You do. VaultRent stores and processes your data only to provide the service. We don't claim ownership of your lease records, payment history, or tenant information.
Who Can See What
- Landlords see their own properties, leases, tenants, and payment records — and nothing from other landlords.
- Tenants see only what they need for their active lease. When a lease ends, portal access ends — like closing a bank account.
- VaultRent staff do not browse customer data. Access to production data is limited to support and troubleshooting, and access is logged.
- A single login is either a landlord or a tenant. Never both at the same time.
What Happens When a Lease Ends
Tenant portal access ends immediately. VaultRent is an operational tool, not a lifetime archive. Tenants who want copies of their receipts should download them while the lease is active — or keep the email attachments we send with payments.
Landlords retain access to their own historical records.
What Happens When You Cancel
Your VaultRent login is disabled and access ends. We retain financial ledger records for legal and audit requirements. Large files (like PDFs) are retained for a limited time and then deleted.
If you want your data exported before cancellation, contact support.
How Long We Keep Data
Retention is layered. Different data types have different lifespans:
| Data Type | Retention | Why |
|---|---|---|
| Financial ledger records (payments, rent records, audit logs) | 7 years | Canadian tax/audit standard (CRA) |
| Access relationships (memberships) | 0–90 days after relationship ends | Recovery and operational safety window |
| Large files / artifacts (receipt PDFs, uploaded documents) | 12–24 months | Cost-controlled convenience (regenerable from ledger) |
| Auth / login identity | Disabled immediately; deleted 30–90 days later | Recovery/fraud window; not required for ledger retention |
After retention periods expire, data is permanently deleted or anonymized where appropriate.
Service Providers (Subprocessors)
We use a small number of carefully selected providers. This is the complete list.
As of: 2026-01-07
| Provider | Purpose | What They Touch | Primary Region |
|---|---|---|---|
| Supabase | Database & Authentication | All stored data required to provide the service | Canada (Montreal) |
| Stripe | Payment processing | Payment and billing metadata | Varies (Stripe network) |
| Resend | Email delivery | Recipient emails, receipt PDFs (attachments/links) | US (email transit) |
| Cloudflare | Hosting & CDN | Request routing and logs | Global (includes Canada) |
We do not use advertising networks, data brokers, or “sell your data” analytics platforms.
Canadian Privacy
VaultRent is built for Ontario landlords. Your primary application data resides in Canada (Montreal). We operate under Canada's privacy framework (including PIPEDA) and design privacy into the product by default.
We don't require tenants to provide more information than necessary. We don't sell or share data for marketing. We don't build profiles.
Security Design (Plain Language)
- Landlord isolation: One landlord cannot view another landlord’s records.
- Role separation: A login is either landlord or tenant — never both.
- Access ends immediately: When a lease ends, tenant access ends immediately.
- Ledger integrity: Once a payment is completed, the core financial fields are treated as immutable.
Questions
Email us at support@vaultrent.com.