Summary: LeasePilot AI collects account and usage data to deliver our property management platform. We do not sell your personal information. California residents and EU/UK residents have specific rights described below. For questions, email privacy@leasepilotai.com.
1. Who we are
LeasePilot AI, Inc. ("LeasePilot," "Company," "we," "us," or "our") is a Delaware corporation that operates an AI-powered property management platform (the "Service") accessible at leasepilotai.com and related subdomains.
For purposes of applicable privacy law, LeasePilot is the data controller of personal information it collects directly from users of its website and platform. Where LeasePilot processes personal information about tenants on behalf of landlords and property managers, LeasePilot acts as a data processor and the landlord or property manager is the data controller. This distinction is important and is described further in Section 16.
You can reach our privacy team at any time:
- Email: privacy@leasepilotai.com
- Mail: LeasePilot AI, Inc., Attn: Privacy, 8 The Green, Suite A, Dover, DE 19901
2. Scope of this policy
This Privacy Policy applies to:
- Visitors to our website at leasepilotai.com and any related marketing pages
- Registered users of the LeasePilot platform (landlords, property managers, and their team members)
- Tenants and prospective tenants whose data is submitted to or processed through the platform by a registered user
- Any person who contacts us for support, sales, or other purposes
This policy does not apply to third-party websites, applications, or services that may be linked from our Service. We encourage you to review the privacy policies of any third parties you interact with.
3. Information we collect
3.1 Account and profile information
When you register for an account, we collect:
- Full name and email address
- Password (stored as a salted, one-way hash โ we cannot read your password)
- Business or company name, and property portfolio details you provide
- Phone number (optional, used for two-factor authentication and SMS alerts)
- Profile photo or logo (optional)
3.2 Tenant and property data
In the course of using the platform, you (the landlord or property manager) may upload or input:
- Tenant names, email addresses, phone numbers, and mailing addresses
- Lease terms, rent amounts, security deposits, and move-in/move-out dates
- Tenant payment history and outstanding balance information
- Maintenance requests and property notes
- Documents such as signed leases (which may contain personal information about tenants)
- Identity verification information if you use our tenant screening integrations
LeasePilot processes this data as a service provider (processor) on your behalf. You, as the landlord or property manager, are responsible for having the appropriate legal basis to collect and share this information with us. See Section 16 for more detail.
3.3 Payment and billing information
When you subscribe to a paid plan, billing details are collected by our payment processor, Stripe, Inc., and are subject to Stripe's Privacy Policy. We receive from Stripe only:
- A tokenized payment method identifier
- The last four digits of your card and card brand
- Billing name and address
- Subscription status and billing history
Full card numbers, CVV codes, and bank account numbers are never transmitted to or stored on LeasePilot servers. When LeasePilot collects rent payments on behalf of landlords, those payments are processed through Stripe and subject to the same limitations above.
3.4 Communications
If you contact us by email, chat, or phone, we retain a record of that communication, including your name, contact information, and the content of the message, to respond to you and improve our support.
3.5 Automatically collected data
When you visit our website or use the platform, we automatically collect:
- Log data: IP address, browser type and version, operating system, referring URL, pages visited, timestamps, and error logs
- Device identifiers: Device type, screen resolution, and unique device identifiers
- Usage data: Features accessed, button clicks, session duration, and workflow patterns within the platform
- Location data: Approximate geographic location inferred from IP address (country/region level only โ we do not collect precise GPS coordinates)
- Cookies and similar technologies: See Section 12 for full details
3.6 AI model inputs
Certain features of the platform use artificial intelligence to generate rent predictions, tenant risk assessments, and market analyses. The inputs to these models may include anonymized or aggregated property, payment history, and market data as described further in Section 6.
4. Legal basis for processing (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, LeasePilot must have a lawful basis to process your personal data. We rely on the following bases:
| Processing activity | Legal basis |
|---|---|
| Creating and managing your account; delivering the Service | Performance of a contract (Art. 6(1)(b) GDPR) |
| Processing payments and issuing invoices | Performance of a contract; legal obligation |
| Sending transactional emails (receipts, alerts, notifications) | Performance of a contract; legitimate interests |
| Product update emails and announcements | Legitimate interests (with easy unsubscribe) |
| Improving the platform through usage analytics | Legitimate interests (with consent for analytics cookies) |
| Security monitoring and fraud prevention | Legitimate interests; legal obligation |
| Retaining financial records for tax/accounting compliance | Legal obligation |
| AI model training using anonymized/aggregated data | Legitimate interests |
Where we rely on legitimate interests, you have the right to object to processing. See Section 13 for how to exercise your rights.
5. How we use your information
We use the information we collect to:
- Create and manage your account and deliver the features you have purchased
- Process rent payments, issue invoices, and maintain billing records
- Send automated payment reminders, lease renewal notices, and maintenance alerts on your behalf to your tenants
- Provide customer support and respond to your inquiries
- Send product updates, new feature announcements, and service-related notices (you may unsubscribe from marketing emails at any time)
- Generate AI-powered analytics including rent market analysis, payment predictions, and tenant risk assessments as described in Section 6
- Detect, investigate, and prevent fraud, security incidents, and violations of our Terms of Service
- Comply with applicable laws, regulations, and legal processes
- Enforce our Terms of Service and other agreements
- Improve and develop the Service, including by analyzing usage patterns in aggregated or anonymized form
We do not use your personal information or your tenants' personal information to sell advertising, build advertising profiles, or share data with advertising networks.
6. AI and automated processing
LeasePilot uses machine learning models to provide several platform features. We are committed to transparency about how these systems work and what role they play in decisions.
6.1 Features that use AI
- Payment risk scoring: We analyze historical payment patterns associated with a rental unit or portfolio to generate a likelihood estimate of on-time payment. This is a statistical model, not a determination of any individual's creditworthiness.
- Market rent analysis: We aggregate publicly available rental listing data and comparable unit data to estimate market-rate rents for a given area.
- Predictive alerts: The platform may send you automated alerts (e.g., "payment likely to be late") based on pattern detection.
- Smart drafting: If you use AI-assisted document drafting features, your inputs (such as property details and desired terms) are processed to generate suggested text.
6.2 Human oversight requirement
AI-generated scores, predictions, and recommendations produced by LeasePilot are informational tools only. They are intended to assist your decision-making โ not to replace it. LeasePilot does not make, and is not responsible for, any rental decision, denial of tenancy, or lease action taken by a landlord or property manager. All such decisions must be made by a human being and must comply with applicable fair housing and anti-discrimination laws.
6.3 Fair housing and anti-discrimination
LeasePilot's AI systems are designed and tested to avoid using protected class characteristics โ including race, color, religion, national origin, sex, familial status, or disability โ as inputs to any risk score or prediction. We periodically audit our models for discriminatory impact. Notwithstanding these measures, you as the landlord or property manager remain solely responsible for ensuring your rental practices comply with the Fair Housing Act, the Equal Credit Opportunity Act, and all applicable state and local fair housing laws.
6.4 Automated decision-making (GDPR Article 22)
LeasePilot does not make legally significant decisions about individuals solely by automated means. No AI output produced by LeasePilot constitutes an automated decision that produces a legal effect concerning any natural person. If you are an EEA or UK resident and believe otherwise, please contact us at privacy@leasepilotai.com.
6.5 AI model training
We may use anonymized and aggregated data derived from platform usage to train and improve our AI models. Before using any data for model training, we strip or pseudonymize all direct identifiers (names, emails, addresses) so the data cannot reasonably be re-linked to a specific individual or property. We do not use identifiable tenant personal data for AI training without explicit consent.
7. Sharing and disclosure
We do not sell your personal information. We share data only in the limited circumstances described below.
7.1 Service providers and sub-processors
We share data with third-party vendors who process it on our behalf under written data processing agreements that restrict their use of the data to providing services to us. See Section 8 for our full list of sub-processors.
7.2 Legal requirements
We may disclose personal information if we believe in good faith that disclosure is necessary or appropriate to:
- Comply with applicable law, regulation, court order, subpoena, or legal process
- Respond to lawful requests from government or law enforcement authorities
- Protect the rights, property, or safety of LeasePilot, our users, or the public
- Detect, prevent, or address fraud, security, or technical issues
Where legally permitted, we will notify you before disclosing your personal information in response to a legal demand.
7.3 Business transfers
If LeasePilot undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of its assets, personal information we hold may be transferred to the acquiring entity. We will notify you via email and a prominent notice on our website at least 30 days before your personal information becomes subject to a materially different privacy policy, and will give you the option to delete your account and data before the transfer takes effect.
7.4 Aggregated or de-identified data
We may share aggregated, anonymized, or de-identified information โ such as industry benchmarks or market statistics โ that cannot reasonably be used to identify any individual or property, without restriction.
7.5 With your consent
We may share your information with third parties when you have given us explicit consent to do so, such as when you authorize an integration with a third-party property management tool.
8. Sub-processors
The following categories of third-party service providers may process personal information on our behalf. We maintain a more detailed list available upon request at privacy@leasepilotai.com.
| Provider | Purpose | Data processed |
|---|---|---|
| Stripe, Inc. | Payment processing and billing | Payment method details, billing address, transaction records |
| Amazon Web Services (AWS) | Cloud infrastructure and data storage | All platform data at rest and in transit |
| Google LLC | Analytics (Google Analytics 4), with consent | Anonymized usage data, page views, events |
| SendGrid / Twilio | Transactional email delivery | Email addresses, message content |
| Intercom or similar | Customer support chat | Name, email, support conversation content |
| OpenAI / Anthropic | AI language model inference for drafting features | User-provided text inputs (not linked to persistent user identity) |
| Sentry | Error monitoring and performance tracking | Anonymized error logs, device/browser metadata |
| Plaid Inc. (if applicable) | Bank account verification for ACH payments | Bank account credentials (not stored by LeasePilot) |
Each sub-processor is contractually required to implement appropriate technical and organizational measures to protect personal data and to process data only as instructed by LeasePilot.
9. International data transfers
LeasePilot is based in the United States. If you access the Service from outside the United States, your personal information will be transferred to and processed in the United States, which may not provide the same level of data protection as your country of residence.
For transfers of personal data from the EEA, the United Kingdom, or Switzerland to the United States, we rely on one or more of the following transfer mechanisms:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- UK International Data Transfer Agreement (IDTA) for UK transfers
- EU-U.S. Data Privacy Framework (DPF) where applicable
To request a copy of the applicable transfer mechanism, contact us at privacy@leasepilotai.com.
10. Data retention
We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.
- Active account data: Retained for the life of your account
- Closed account data: Deleted within 90 days of account closure, except as noted below
- Financial and transaction records: Retained for 7 years to comply with tax, accounting, and legal obligations
- Support communications: Retained for 2 years from the date of last interaction
- Analytics and log data: Aggregated or anonymized within 26 months; raw logs deleted after 12 months
- Backup copies: Removed from backups within 90 days of deletion from live systems
You may request early deletion of your account data at any time from your account settings or by contacting privacy@leasepilotai.com. We will honor deletion requests within 30 days, subject to legal retention requirements.
11. Security measures
We implement industry-standard technical and organizational measures to protect personal information from unauthorized access, disclosure, alteration, or destruction. These include:
- Encryption of all data in transit using TLS 1.2 or higher
- Encryption of all data at rest using AES-256
- Role-based access controls with the principle of least privilege โ employees access only the data necessary for their job function
- Multi-factor authentication (MFA) enforced for all internal systems and available to all platform users
- Regular automated vulnerability scanning and periodic third-party penetration testing
- Secure software development lifecycle (SSDLC) practices, including code review and dependency auditing
- Formal incident response procedures including breach notification protocols
No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and applicable regulatory authorities as required by law โ without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
12. Cookies and analytics
We use cookies and similar tracking technologies on our website and platform. By "cookies" we mean small text files stored on your device; by "similar technologies" we mean pixels, local storage, and session storage that serve similar functions.
12.1 Types of cookies we use
- Strictly necessary: Required for the platform to function โ authentication sessions, CSRF tokens, and security cookies. These cannot be disabled without breaking the Service.
- Analytics (with consent): We use Google Analytics 4 to collect anonymized usage statistics such as page views, session duration, and feature usage. These cookies are only set after you grant consent via our privacy preference banner. You can withdraw consent at any time.
- Preference: We store your privacy consent choice and optional UI preferences (e.g., dark mode) in localStorage. These are functional and do not track you across sites.
12.2 Your cookie choices
You may accept or decline analytics cookies when you first visit our website using the consent banner. You can change your choice at any time by clearing your browser's local storage (the key is lp_consent) or by contacting us. You may also configure your browser to block or delete cookies; however, blocking strictly necessary cookies may prevent the platform from functioning correctly.
12.3 Do Not Track
Our website responds to browser-level Do Not Track (DNT) signals by declining to load third-party analytics when DNT is enabled, in addition to the consent banner.
13. Your privacy rights
Depending on your location, you may have the following rights with respect to your personal information. We honor these rights regardless of your jurisdiction to the maximum extent practicable.
Request a copy of the personal information we hold about you.
Ask us to correct inaccurate or incomplete personal information.
Request deletion of your personal information, subject to legal retention requirements.
Receive your data in a structured, machine-readable format (JSON or CSV).
Object to processing based on legitimate interests, including direct marketing.
Ask us to restrict processing in certain circumstances, such as while a dispute is resolved.
Where processing is based on consent, withdraw it at any time without affecting prior processing.
Exercise any privacy right without receiving degraded service or pricing.
To exercise any of these rights, submit a request to privacy@leasepilotai.com or write to our mailing address in Section 20. We will verify your identity before processing the request and respond within 30 days (or 45 days where an extension is permitted by law, with notice). We do not charge a fee for one request per 12-month period; we may charge a reasonable fee for manifestly unfounded or excessive requests.
If you are in the EEA, UK, or Switzerland and believe we have not addressed your concerns, you have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or the supervisory authority in your EU member state).
14. California residents โ CCPA/CPRA
This section supplements the rest of this policy and applies specifically to California residents under the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 (together, "CCPA/CPRA").
14.1 Categories of personal information collected
In the preceding 12 months, we have collected the following categories of personal information as defined by CCPA:
| Category | Examples | Collected? |
|---|---|---|
| Identifiers | Name, email, IP address, account ID | Yes |
| Customer records | Name, address, phone, billing info | Yes |
| Commercial information | Subscription plan, transaction history | Yes |
| Internet or network activity | Browsing history on our site, feature usage logs | Yes |
| Geolocation data | Approximate location from IP (country/region) | Yes (approximate) |
| Inferences drawn | Risk scores generated from payment patterns | Yes (platform users only) |
| Sensitive personal information | Account login credentials (password hash) | Yes (see ยง14.3) |
| Financial information | Bank account or card details | No (handled by Stripe) |
| Biometric data | Fingerprints, facial recognition | No |
| Health / medical data | Any health information | No |
| Characteristics of protected classes | Race, religion, sex, national origin | No |
14.2 Sources and business purposes
We collect personal information from: (a) directly from you when you register and use the Service; (b) automatically through cookies and log files; and (c) from our sub-processors. We use it for the business and commercial purposes described in Section 5. We do not collect personal information for purposes other than those disclosed at the time of collection.
14.3 Sensitive personal information
Under CCPA/CPRA, account login credentials (username and password) qualify as sensitive personal information. We collect this solely to authenticate you and operate the Service. We do not use or disclose sensitive personal information for any purpose that would require us to offer you the right to limit its use under CCPA/CPRA beyond what is required to provide the Service you have requested.
14.4 Disclosure and sharing
In the preceding 12 months, we have disclosed personal information to our sub-processors (Section 8) for operational business purposes. We have not sold or shared (for cross-context behavioral advertising) personal information. See Section 15 for our Do Not Sell commitment.
14.5 California-specific rights
California residents have the right to:
- Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes, and the categories of third parties with whom we have shared it
- Delete: Request deletion of your personal information, subject to exceptions
- Correct: Request correction of inaccurate personal information
- Opt out of sale/sharing: Opt out of the sale or sharing of your personal information for cross-context behavioral advertising (see Section 15)
- Limit sensitive personal information: Limit our use of sensitive personal information to purposes necessary to provide the Service
- Non-discrimination: Not be discriminated against for exercising any CCPA rights
To submit a California rights request, email privacy@leasepilotai.com with the subject line "California Privacy Request." We will verify your identity and respond within 45 days, with one 45-day extension available if necessary. You may submit requests on behalf of a California resident if you are an authorized agent registered with the California Secretary of State, accompanied by a signed permission from the resident.
15. Do Not Sell or Share my personal information
LeasePilot does not sell your personal information and does not share it for cross-context behavioral advertising. This applies to all users, not just California residents. We have not engaged in such activities at any point and have no intention of doing so.
If you have concerns or wish to confirm this, contact us at privacy@leasepilotai.com. California residents may also submit an opt-out request at any time and we will confirm our non-sale status in writing.
Third-party analytics tools (such as Google Analytics 4) that we use with your consent may independently collect certain identifiers. We have contractually configured these tools to operate in restricted data processing mode. Declining analytics cookies via our consent banner prevents these tools from collecting any data on our site.
16. Tenant data โ special notice
If you are a tenant whose information appears in LeasePilot because your landlord or property manager uses our platform, this section is important for you.
Your landlord or property manager ("the Controller") is responsible for deciding why and how your personal information is used within LeasePilot. LeasePilot processes your data on the Controller's behalf as a service provider (data processor) under a Data Processing Agreement with the Controller. We use your information only to provide the Service to your landlord โ we do not use tenant data for our own marketing, advertising, or analytics.
To exercise rights over your personal information โ including access, correction, or deletion โ you should contact your landlord or property manager directly, as they are the controller of your data. If you cannot reach the Controller, or if you have concerns about how the platform is being used, you may also contact us at privacy@leasepilotai.com and we will direct your request appropriately.
LeasePilot does not share tenant personal information with any third party except as necessary to operate the platform (e.g., sending a payment confirmation email through our email provider), as required by law, or as directed by the Controller.
17. Children's privacy
LeasePilot is a business-to-business platform intended exclusively for adults 18 years of age or older. We do not knowingly collect, solicit, or process personal information from children under the age of 13 (or 16 in certain jurisdictions). The Service is not directed at children and contains no features designed for minors.
If we learn that we have inadvertently collected personal information from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, please notify us at privacy@leasepilotai.com.
18. Third-party links and integrations
The Service may contain links to third-party websites, and we may offer integrations with third-party tools (such as QuickBooks, Zillow, or property listing platforms). This Privacy Policy applies only to LeasePilot's collection and use of your information. When you navigate to a third-party website or enable a third-party integration, you are subject to that party's privacy policy, which may differ materially from ours. We encourage you to review the privacy practices of any third party before sharing information with them.
LeasePilot is not responsible for the privacy practices, content, or security of third-party sites or services, even if accessed through links on our platform.
19. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
- Post the updated policy on this page with a new "Last updated" date
- Send a notice to the email address associated with your account at least 30 days before material changes take effect
- Where required by law, seek your renewed consent
Your continued use of the Service after changes take effect constitutes your acceptance of the revised policy. If you do not agree to the updated policy, you must stop using the Service and request deletion of your account.
Prior versions of this Privacy Policy are archived and available upon request.
20. Contact us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team:
- Email: privacy@leasepilotai.com
- Mail: LeasePilot AI, Inc., Attn: Privacy Team, 8 The Green, Suite A, Dover, DE 19901, USA
We will acknowledge your request within 5 business days and respond substantively within 30 days (or as otherwise required by applicable law).
EEA and UK residents may also contact their local data protection supervisory authority if they are not satisfied with our response. A list of EEA supervisory authorities is available at edpb.europa.eu. The UK supervisory authority is the Information Commissioner's Office at ico.org.uk.