Privacy Policy — QuipKey

1. Who we are

QuipKey (“we”, “us”, “our”) is a property management platform serving landlords, tenants, service professionals, property managers, and building staff in the United States and Canada. This policy explains how we handle personal information collected through our web application, mobile apps, and related services (collectively, the “Platform”).

2. Information we collect

We collect information you provide directly to us and information generated by your use of the Platform:

Account information — name, email address, phone number, and password.
Identity verification — for service professionals, government-issued ID via our KYC provider (Stripe Identity). We do not store raw ID images on our servers.
Property and lease data — addresses, lease terms, rent amounts, move-in/move-out inspection records, and e-signatures.
Payment data — we use Stripe and Rotessa to process payments. We never store raw card numbers or full bank account numbers. Only tokenized references are retained.
Maintenance records — photos, videos, work order details, and job completion evidence.
Device and usage data — IP address, browser type, pages visited, and timestamps for security and audit purposes.

3. How we use your information

To operate and provide the Platform, including lease management, rent collection, and maintenance coordination.
To verify identities and prevent fraud.
To process payments and transfer funds to the appropriate parties.
To maintain an immutable audit trail for compliance and dispute resolution.
To send transactional notifications (rent receipts, maintenance updates, lease signatures).
To improve the Platform through aggregated, anonymized analytics.

4. How we share your information

We do not sell your personal information. We share data only in these circumstances:

With other Platform users — landlords and tenants share lease-related data; service professionals receive job details from the landlord who hired them.
Payment processors — Stripe and Rotessa receive the data needed to process transactions.
Identity verification — Stripe Identity for service pro KYC.
Legal requirements — if required by law, court order, or to protect the safety of users or the public.

5. Data storage and security

QuipKey is designed as a self-hosted platform. Customer data is stored on PostgreSQL databases and MinIO object storage within the infrastructure you or we control. All data in transit is encrypted with TLS 1.3. Lease signatures are cryptographically hashed with SHA-256. We maintain immutable audit logs of all significant actions.

6. Data retention

We retain account data for as long as your account is active. Lease records and financial transaction records are retained for a minimum of seven years to satisfy legal and accounting obligations. You may request deletion of non-legally-required data by contacting us.

7. Your rights

Depending on your location, you may have the right to:

Access the personal information we hold about you.
Correct inaccurate information.
Request deletion of your data (subject to legal retention requirements).
Export your data in a machine-readable format.
Opt out of non-essential communications.

To exercise these rights, contact us at [email protected].

8. Cookies

We use session cookies necessary for authentication and security. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser, but some features of the Platform may not function correctly.

9. Children

The Platform is not intended for users under 18. We do not knowingly collect personal information from minors.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice at least 14 days before taking effect. Continued use of the Platform after that date constitutes acceptance of the updated policy.

11. Contact us

Questions about this policy? Reach us at [email protected].