Your data, protected at every step: how Rentari keeps it secure.

Rentari handles rent, leases, screening, and identity for landlords and property managers, which means it holds some of the most sensitive information in your business. Protecting that data is not a feature we tacked on. Here is exactly how it stays safe at every step, in plain language, and an honest account of what we do not yet claim.

Security is the product, not a feature

Rentari runs the parts of your business that carry the most sensitive data: rent and bank details, signed leases, applicant Social Security numbers, screening reports, and identity verification. A property platform that touches all of that has to earn trust, so we treat protecting your data as core to the product rather than a box we tick. This is the plain-language version of how it works, written so you can check it against what you see, and honest about the parts that are still in progress.

Encrypted in transit, encrypted at rest

Two layers, not one. Every request to Rentari travels over HTTPS with a strict transport policy, so the connection between your browser and our servers is encrypted the whole way. Your data then sits encrypted at rest on Google Cloud. The fields that matter most go a step further: Social Security numbers, dates of birth, tax IDs, and full screening reports are encrypted again at the application layer with a separate key before they ever reach the database. So even inside our own systems, that information is not sitting in plain text.

Your card never touches our servers

When a tenant pays rent or you set up a payout, the card and bank details are tokenized in the browser by Stripe and routed straight to your own connected Stripe account. Rentari never sees, logs, or stores a full card number. Every payment also carries an idempotency key, which is a quiet but important detail: it means a retry or a double click can never charge someone twice. Card handling lives inside Stripe's certified environment, not ours, which is exactly where it should be.

Everyone sees only their own lane

Landlords, managers, tenants, and vendors each get a different view, and the boundary is enforced on every request, not just hidden in the interface. A manager or co-owner you invite is always scoped to your portfolio and can never see another landlord's data. Tenants and vendors are blocked from landlord finance and document endpoints outright. A session that logs out, or an account in its deletion grace window, loses access immediately, and a long-lived mobile refresh token can never stand in for a full login. Least privilege is the default, not an upgrade.

An AI that answers from your records, or not at all

Rentari's assistants, Luna for tenants and Mozart for landlords, are built to answer only from your own records, and to say so when a fact is not there. If a tenant asks Luna for a gate code that was never entered, it does not invent one. It says the code is not on file and routes the question to a human. The landlord assistant never reports a balance it cannot actually see, and neither assistant ever claims it sent a message or moved money on its own, because every action is proposed for your approval. The most sensitive identity details, like a Social Security number, are never sent to the AI at all, and your data is never used to train any model.

A listing has to earn its Verified badge

A property cannot publish to the public marketplace until two checks pass: the account owner clears a government-ID check through Stripe Identity, and the property's ownership is confirmed, either against public records or with documents our team reviews. Until both pass, publishing is blocked. That is what a Verified badge means on a Rentari listing: a real, authorized owner stands behind it.

If it happened, it is on the record

Sign-ins, payments, refunds, lease changes, screening, and consent are written to an append-only audit log that records who did what, when, and from where. The ability for an administrator to log in as another user has been removed entirely, so no single internal account can quietly assume yours. And the control runs both ways: you can export your account data or request deletion, with a recovery grace window, whenever you want.

When something looks wrong

If we ever confirm unauthorized access to your data, our commitment is to revoke and rotate the affected credentials, notify the accounts involved within 72 hours of confirmation, and publish a written summary of what happened and what we changed. We also keep an open door for security researchers: there is a vulnerability disclosure form on our Security page that gives you an instant AI-proposed severity before it routes to our team, or you can email [email protected] directly. We acknowledge new reports within two business days.

Built in, and all on one page

None of this is a premium add-on or a separate plan. Security is part of the whole Rentari platform, the same way screening, leases, rent, and accounting are. We also put the whole picture in one place, with a live status check and the same plain-language explanations, on our Security page. If you are evaluating Rentari for your portfolio, or you just want to know where your data lives, that is the page to read.

This article describes how Rentari protects data today and is for general information, not legal or security advice. Compliance certifications referenced for Google Cloud and Stripe belong to those providers; Rentari's own SOC 2 Type II is in progress. Details are current as of the date of publication.