Privacy Policy

Last updated: April 5, 2026

1. What we collect

When you use TinyRent, we collect:

  • Account information — your email address and name when you sign up or sign in with Google.
  • Financial data — bank account names, transaction history, balances, and account masks imported through Plaid. We never see or store your bank login credentials.
  • Property and accounting data — property addresses, income entries, expense records, categories, and reports you create within TinyRent.
  • Usage data — pages visited, features used, and basic device/browser information to improve the product.

2. How we use your data

  • Import and categorize your rental income and expenses.
  • Generate tax-ready reports (Schedule E, profit & loss).
  • Automatically suggest expense categories using AI.
  • Send transactional emails (sign-in links, password resets).
  • Improve TinyRent's features and fix bugs.

We do not sell, rent, or share your personal or financial data with third parties for advertising or marketing purposes.

3. Plaid and bank connections

TinyRent uses Plaid to securely connect your bank accounts. When you connect a bank:

  • Your bank credentials are entered directly into Plaid's interface — TinyRent never sees them.
  • Plaid provides TinyRent with an access token to retrieve your transaction data.
  • Access tokens are encrypted with AES-256-GCM before being stored in our database.
  • You can disconnect a bank account at any time, which revokes the Plaid access token and deletes all associated transaction data from TinyRent.

For more details, see Plaid's privacy policy.

4. Data security

  • Encryption at rest — sensitive data (Plaid access tokens) is encrypted using AES-256-GCM.
  • Encryption in transit — all connections use HTTPS/TLS.
  • Authentication — sign-in via Google OAuth or magic email links. Optional two-factor authentication (TOTP) is available.
  • Session management — sessions expire after 30 minutes of inactivity.
  • Access control — your data is isolated to your account and inaccessible to other users.

5. Data retention and deletion

  • Your data is retained as long as you have an active TinyRent account.
  • Disconnecting a bank account immediately deletes all imported transactions for that account and revokes the Plaid access token.
  • To delete your entire account and all associated data, contact us at the email below.

6. Third-party services

TinyRent uses the following third-party services:

  • Plaid — bank account connections and transaction imports.
  • Google — OAuth authentication.
  • Resend — transactional emails (sign-in links).
  • Vercel — hosting and infrastructure.
  • Neon — PostgreSQL database.

Each service has its own privacy policy and handles data according to its own terms.

7. Your rights

You can:

  • Access your data through the TinyRent dashboard at any time.
  • Export your income, expenses, and transaction data as CSV files.
  • Delete bank connections (and all associated transaction data) through the Accounts tab.
  • Request full account deletion by contacting us.

8. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you through the app or by email. The "last updated" date at the top of this page reflects the most recent revision.

9. Contact

Questions about this privacy policy or your data? Email us at privacy@tinyrent.xyz.