Privacy Policy

Symple Leases ("we," "us," or "our") operates a multi-sided property management platform (the "Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website, mobile application, and related services. By using the Platform, you consent to the practices described in this policy.

2.1 Information You Provide

2.2 Information Collected Automatically

2.3 Information from Third Parties

We may receive information from third-party services, including:

• Payment and identity verification data from Stripe.
• Authentication data if you sign in using a third-party provider.

We use the information we collect to:

• Provide, operate, and maintain the Platform and its features.
• Process payments, including rent collection, service payments, and subscription billing through Stripe.
• Send transactional notifications via email (through Resend) and SMS (through Twilio, when you opt in).
• Facilitate communication between users, including hosts, owners, tenants, and service professionals.
• Improve the Platform through analytics, usage patterns, and user feedback.
• Enforce our Terms of Service and protect the security of the Platform and its users.
• Comply with legal obligations and respond to lawful requests from government authorities.

We share your information with the following categories of third-party service providers:

We require all service providers to use your information only as necessary to perform services on our behalf and to maintain appropriate security measures.

We do not sell your personal information to third parties. We may share your information in the following circumstances:

• Between Platform users: Certain information is shared as necessary for transactions. For example, a host’s name and property details are visible to prospective tenants; a service professional’s profile is visible to hosts seeking services.
• Service providers: As described in Section 4 above.
• Legal requirements: When required by law, subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity.
• With your consent: We may share your information for other purposes when you give us explicit consent.

You can manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect core Platform functionality. Where required by law (e.g., in the EU), we will obtain your consent before placing non-essential cookies.

We retain your personal information for as long as your account is active or as needed to provide you with the Platform. After account closure:

Regardless of your location, you have the right to:

• Accessthe personal information we hold about you.
• Correctinaccurate or incomplete information.
• Deleteyour personal data, subject to legal retention requirements.
• Exportyour data in a portable, machine-readable format (JSON or CSV).
• Objectto certain processing activities.

To exercise any of these rights, contact us at privacy@sympleleases.com. We will respond within 30 days. We will not charge a fee for making a request unless the request is manifestly unfounded or excessive.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know: You may request details about the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the third parties with whom we share it.
• Right to delete: You may request deletion of your personal information, subject to certain legal exceptions (e.g., completing a transaction, legal obligations, security).
• Right to correct: You may request correction of inaccurate personal information we hold about you.
• Right to opt out of sale/sharing: We do not sell or share your personal information for cross-context behavioral advertising. If this ever changes, we will provide a “Do Not Sell or Share My Personal Information” mechanism.
• Right to limit use of sensitive information: We only use sensitive personal information as necessary to provide the Platform and do not use it for profiling.
• Non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights. You will receive equal service and pricing.

To submit a verifiable consumer request, email privacy@sympleleases.com. We will verify your identity before processing and respond within 45 days.

If you are located in the European Economic Area or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

Your GDPR Rights

• Right of access, rectification, erasure, and data portability.
• Right to restrict or object to processing.
• Right to withdraw consent at any time where processing is based on consent.
• Right to lodge a complaint with your local supervisory authority.

Data Protection Contact

For GDPR-related inquiries, contact our data protection team at privacy@sympleleases.com. We will respond within 30 days.

The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@sympleleases.com.

Symple Leases is based in the United States. If you access the Platform from outside the United States, your information will be transferred to and processed in the United States. We take appropriate measures to ensure that your data is treated securely and in accordance with this Privacy Policy, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA.
• UK International Data Transfer Agreement or UK Addendum to the EU SCCs for transfers from the UK.
• Contractual data protection obligations with all sub-processors to ensure equivalent safeguards.

We implement industry-standard security measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest.
• Row-level security (RLS) policies on our database to ensure users can only access their own data.
• Role-based access controls (RBAC) to limit internal access to personal information.
• Regular security reviews and monitoring.
• Secure, hashed password storage with multi-factor authentication support.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and by posting a prominent notice on the Platform at least 30 days before the changes take effect. Your continued use of the Platform after the effective date constitutes your acceptance of the revised policy. If you do not agree with the changes, you may close your account before they take effect.