Verified controls
Last reviewed: Apr 2026Encryption at rest and in transit
ActiveAES-256 at rest via Google Cloud KMS, TLS 1.3 in transit. Database, object storage, and backups are all encrypted with isolated keys.
Google Cloud compliance reportsPCI-DSS Level 1 via Stripe
ActiveWe never see or store card or bank numbers. Stripe Elements tokenizes payment data in the browser. Your tenants pay directly into your Stripe Connect account.
Stripe security overviewFCRA-compliant tenant screening
ActiveBackground and credit reports are run by an FCRA-accredited consumer reporting agency. We auto-generate FHA-compliant adverse action notices and keep a 7-year audit log.
SOC 2 Type II
In progressObservation window opened Q1 2026 with Vanta. Report expected Q4 2026. We will share the executive summary on request under NDA.
Request status updateGDPR and CCPA
ActiveData export and deletion requests honored within 30 days. CCPA "Do Not Sell" toggle is one click. We do not sell tenant or landlord data to anyone, ever.
Do Not Sell My InfoAnnual penetration test
ActiveThird-party black-box and authenticated pen test runs every 12 months. Last test: Feb 2026. Zero criticals, two highs remediated within 14 days.
Request summary letterHow we run AI responsibly
The hard questions, answeredAI proposes. You decide.
Every AI output in Rentari.ai, listing copy, lease drafts, screening recommendations, late-fee notices, is a draft for your review. Nothing goes to a tenant, a payment processor, or a court without an explicit click from you. The model is a junior assistant, not a decision-maker.
Model and provider
DisclosedGoogle Gemini (Flash and Pro tiers) running on Google Vertex AI in US regions. No third-party AI providers. No data leaves Google Cloud.
Vertex AI data governanceYour data is not training data
ContractualVertex AI's enterprise terms forbid Google from using your prompts, leases, tenant info, or financials to train foundation models. Inputs and outputs are not retained beyond the request.
Read the policyFair Housing guardrails
ActiveAI-drafted listing copy and tenant communications are scanned for protected-class language (race, religion, familial status, disability, national origin) before display. Flagged terms are blocked, not silently rewritten.
Equal housing commitmentFCRA adverse-action audit log
7-year retentionEvery screening decision logs the inputs the AI saw, the score it returned, the threshold you set, and your final approve/deny. Pull a per-applicant report any time, including the auto-generated adverse-action notice that went to the applicant.
Open screening dashboardPII redaction before prompting
ActiveSSNs, full bank numbers, and government IDs are stripped from prompts before they reach the model. The AI sees "tenant earns 3.1x rent," not the underlying pay stub.
Off switch, per workspace
AvailableIf you do not want AI touching your portfolio, disable it from Settings. Listing drafts, screening summaries, and copilot chat all stop calling the model. The rest of Rentari.ai keeps working.
AI settingsSub-processors
Updated when we add or remove a vendor · Last reviewedThe services we trust with your data. Each row links to the vendor's own privacy or compliance page.
| Vendor | Purpose | Data | Region |
|---|---|---|---|
| Google Cloud Platform | Hosting, database, storage, KMS | All | US |
| Stripe | Payments, payouts, Connect | Payment instruments, payout details | US |
| Checkr | Background and credit checks | Applicant SSN, DOB, address | US |
| Google Vertex AI (Gemini) | AI drafts, document extraction | Listing copy, lease text. Not used for training. | US |
| Twilio | SMS notifications, 2FA codes | Phone numbers | US |
| SendGrid | Transactional email | Email addresses, message bodies | US |
Your data, encrypted and on the record.
Bank-grade encryption, a complete audit trail, and one promise that does not change: you own your data.
