Privacy Policy

Last Updated: May 24, 2026 | Version 1.0 | PDPL-Compliant

1. Data We Collect

RentalFormz collects personal data necessary to provide rental setup services:

  • Account Information: Name, email, phone, password (hashed)
  • Identity Documents: Passport, Emirates ID, visa (AES-256 encrypted)
  • Tenancy Documents: Lease agreements, contracts (encrypted)
  • Location Data: Property address (for Ejari/DEWA processing)
  • Usage Data: Login timestamps, IP addresses (audit logging)

2. Your Rights Under PDPL

  • Right of Access: Request a copy of your personal data
  • Right of Correction: Request correction of inaccurate data
  • Right of Deletion: Request permanent deletion of your account
  • Right of Objection: Opt-out of marketing, analytics, or AI processing
  • Right of Data Portability: Request export of your data

Response SLA: 30 days per PDPL Article 10

→ Request your data rights here

3. Data Security

  • Encryption at Rest: AES-256-GCM for all documents
  • Encryption in Transit: TLS 1.3 HTTPS
  • Access Control: Role-based access control (RBAC)
  • Audit Logging: Immutable audit trail of all access
  • Multi-Tenant Isolation: Complete data isolation between organizations

4. Data Residency

All sensitive data stored in GCC-compliant cloud (UAE/Bahrain region)

No cross-border transfers outside GCC without explicit consent

5. Data Retention

  • User Profile: Until deletion requested
  • Contracts: 7 years from expiry (legal requirement)
  • Payment Records: 7 years (tax)
  • Audit Logs: 7 years minimum
  • Deleted Accounts: 30 days grace period, then secure deletion

6. Contract Data Retention

Signed Rental Contracts

  • Duration: 7 years from contract end (legal requirement under UAE Rental Law)
  • Reason: Proof, disputes resolution, and tax compliance
  • Encryption: AES-256-GCM (military-grade)

Temporary Extractions

  • Duration: 30 days only (then secure deletion)
  • What are they: Extracted data from documents for immediate processing
  • Example: Landlord names, dates, addresses (before storing in contract)

Passport & ID Data

  • Duration: Secured while account is active
  • Usage: Identity verification via UAE PASS only
  • Policy: Never shared without your explicit consent

7. User Right to Delete

You can request deletion of your data anytime. Here's what happens:

1

Request Deletion

Go to Account Settings and request account deletion

2

30-Day Grace Period

You have 30 days to change your mind (restore account)

3

Secure Deletion

After 30 days, all personal data deleted (we retain legal contracts for 7 years)

4

Confirmation

You'll receive email confirming full deletion

Exception: Legal contracts retained 7 years (legal requirement)

📋 Your Data Rights

Request data export

Request account deletion

View audit trail

8. Automated Processing & AI

We use AI (Claude API) to process your rental documents:

  • Extract contracts and data from uploaded files
  • Generate personalized checklists and reports
  • Analyze compliance requirements (Ejari, DEWA, etc.)
  • Answer your rental law questions via ChatWidget

Important Privacy Note: We do NOT use your data for AI model training. Customer data is encrypted and processed only to deliver the service.

9. Cookies & Tracking

We use only essential cookies:

  • Session cookies (for authentication and security)
  • User preferences (language and theme)
  • You can disable cookies in your browser settings

10. Third-Party Integrations

We use the following third-party services:

  • Stripe - Payment processing and subscriptions
  • SendGrid - Email delivery
  • Propera.ae - Property and market data
  • DocuSign - E-signature services
  • Claude API - AI document processing

These services have their own privacy policies. We don't transfer sensitive data without consent.

11. PDPL Compliance

We fully comply with UAE Personal Data Protection Law (PDPL):

  • Article 24: Immutable audit logs for 7 years
  • Article 10: Right of access within 30 days
  • Article 18: Right to deletion and correction
  • Article 34: Breach notification within 72 hours

12. Breach & Incident Reporting

If your data is breached:

  • You will be notified within 72 hours
  • You will receive details of affected data
  • We will provide recommended protection steps
  • UAE regulators will be notified

13. Contact Our DPO

You have rights under data protection law. Contact us:

Data Protection Officer:

Email: privacy@rentalformz.com

Email (DPO): dpo@rentalformz.com