1. Purpose and Scope
This policy explains how Tentunit collects, retains, and deletes user data. It covers all personal data processed by Tentunit, including account details, transaction records, communications and verification documents. It applies to all user roles (tenants, sublessors, landlords) and to all Tentunit employees and contractors.
2. Principles
- Data minimization: Tentunit collects only the data necessary to operate our services.
- Storage limitation: Personal data will not be kept longer than necessary for the purposes for which it was collected.
- Transparency: Users are informed about retention periods and deletion procedures.
- Security: Tentunit protects stored data using appropriate administrative, technical and physical safeguards.
3. Data Categories and Retention Periods
| Data Category | Purpose | Typical Retention Period* |
|---|---|---|
| Account Information (name, contact details, passwords) | Required to create and maintain user accounts | Retained while the account is active and up to 30 days after deletion, unless a longer period is needed for legal or fraud-prevention purposes |
| Identity Verification (government ID, student enrollment letters) | Confirms eligibility and prevents fraud | Retained for up to 180 days after verification; stored securely and then deleted |
| Transaction and Payment Records (rent payments, invoices, payout data) | Required for accounting, tax and legal compliance | Retained for 5–7 years to satisfy financial and audit requirements |
| Communications (messages between users, support tickets, emails) | Necessary for dispute resolution, customer support, and platform integrity | Retained for 2 years after the communication or for as long as required to resolve open issues |
| Usage Logs and Analytics Data (IP addresses, device information, cookies) | Used for security monitoring and improving services | Retained for 1 year unless aggregated/anonymized sooner |
| Marketing Preferences (opt-in/out records) | Documents consent history for marketing activities | Retained as long as consent is valid and for 5 years after withdrawal to demonstrate compliance |
*Tentunit may adjust these periods based on evolving legal obligations or business needs. Where we cannot specify an exact duration (e.g., because obligations differ by country), we define clear criteria to determine how long data is needed (e.g., until all contractual obligations and statutory limitation periods have expired).
4. Deletion and Anonymization Procedures
- Regular Review: Tentunit reviews stored data periodically. Data that has reached its retention period is queued for deletion.
- Deletion Requests: Users can request account deletion via account settings or by contacting support. Once verified, Tentunit will:
- Disable the account and begin a 30‑day waiting period to address outstanding obligations (e.g., unpaid balances, ongoing disputes).
- Delete or anonymize personal data after the waiting period, except where we must retain it for tax, accounting, regulatory or fraud-prevention purposes.
- Backups: Data in backups is deleted or overwritten on a rolling cycle, typically within 90 days. Backups are retained only for disaster-recovery purposes and are not used for active processing.
- Anonymization: In some cases Tentunit will de-identify data (e.g., for aggregate analytics) by removing personal identifiers. Once anonymized, data is no longer considered personal data.
5. Exceptions
Tentunit may keep data beyond the listed periods when required to:
- Comply with legal obligations (e.g., tax, audit, or regulatory requests).
- Protect legitimate business interests (e.g., fraud-prevention, dispute resolution).
- Honor user consent when an individual has agreed to longer retention (e.g., for marketing preferences).
6. User Rights
Users have the right to:
- Access their personal data and request a copy.
- Rectify incorrect or incomplete data.
- Delete data (“right to be forgotten”), subject to the limitations in section 5.
- Withdraw consent to marketing communications at any time.
Requests can be submitted through [email protected]. Tentunit will respond within the time frame required by law (typically 30 days).
7. Updates and Contact
Tentunit may update this policy to reflect changes in legal requirements or our practices. Updated versions will be posted in our Help Center with a new effective date. Questions can be sent to [email protected].