Privacy Policy

Your privacy matters. Here's how we handle your data.

Last Updated: April 8, 2026

Summary: We collect only the data necessary to provide our rent management services. We do not sell your personal information. We use industry-standard encryption to protect your data. You can request deletion of your data at any time.

1. Introduction

GDI Digital Solutions ("we," "our," or "us") operates the GDI Rent Management platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Company name and company code
  • Username and display name
  • Password (stored as a one-way hash — we cannot see your password)
  • Security question and answer (hashed)

2.2 Tenant and Property Data

In the course of using the Service, you may enter:

  • Tenant names, phone numbers, email addresses
  • Co-leaseholder information
  • Unit/lot assignments and monthly rent amounts
  • Invoice and receipt records
  • Payment amounts and methods
  • Document uploads (leases, IDs, applications)
  • Financial records (credits, petty cash, deposits)

2.3 Tenant Screening Data (Enterprise Plan)

If you use our tenant screening feature, the following data is processed:

  • Applicant name and email address
  • Credit report results, criminal background results, eviction history
  • ResidentScore and income estimates

Important: Social Security Numbers and other sensitive applicant data are collected and processed directly by TransUnion SmartMove on their secure platform. We never collect, store, or have access to applicant SSNs.

Screening results stored in our system are encrypted at rest using AES-256 encryption (pgcrypto). Access to screening data is logged with timestamps, user identity, and IP addresses.

2.4 Payment and Billing Data

When you subscribe to a paid plan, payment processing is handled entirely by Stripe, Inc. We do not store credit card numbers, bank account details, or other payment credentials on our servers. We retain only:

  • Stripe customer ID and subscription ID
  • Subscription plan and status
  • Billing period dates

2.5 Automatically Collected Information

  • IP address (logged for security and screening audit trails)
  • Browser type and version
  • Pages visited and actions taken within the Service
  • Session data (for authentication and inactivity timeout)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate users and manage sessions
  • Generate invoices, receipts, and financial reports
  • Process tenant screening requests (Enterprise plan)
  • Process subscription payments via Stripe
  • Send service-related communications (e.g., password resets)
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information.

We may share data with:

  • Stripe, Inc. — for payment processing (governed by Stripe's Privacy Policy)
  • TransUnion SmartMove — for tenant screening requests (Enterprise plan only, governed by SmartMove's Privacy Policy)
  • Amazon Web Services (AWS) — our hosting and data storage provider (data encrypted in transit and at rest)
  • Law enforcement — if required by law, court order, or legal process

5. Data Security

We implement industry-standard security measures including:

  • HTTPS/TLS encryption for all data in transit
  • AES-256 encryption for sensitive screening data at rest
  • Bcrypt password hashing — passwords are never stored in plaintext
  • CSRF protection on all forms
  • Role-based access control (Admin, Manager, Viewer)
  • Company isolation — each company's data is logically separated
  • Session timeout — automatic logout after 10 minutes of inactivity
  • Audit logging — access to screening data is logged with user, timestamp, and IP

6. Data Retention

  • Account data: Retained for the duration of your subscription. Deleted upon account termination and request.
  • Tenant and financial data: Retained for the duration of your subscription plus any legally required retention period.
  • Screening reports: Retained for up to 5 years (configurable), then flagged for disposal per FCRA requirements.
  • Audit logs: Retained for a minimum of 3 years.
  • Payment records (Stripe): Governed by Stripe's data retention policies.

7. Your Rights

You have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion of your data (subject to legal retention requirements)
  • Data portability — Request your data in a machine-readable format
  • Opt-out — Opt out of marketing communications at any time

To exercise any of these rights, contact us at info@gdidigitalsolutions.com.

8. FCRA Compliance (Tenant Screening)

If you use our tenant screening feature (Enterprise plan), you acknowledge that:

  • You have a permissible purpose under the Fair Credit Reporting Act (FCRA) to obtain consumer reports
  • You will provide adverse action notices to applicants if you deny them based on screening results
  • You will not use screening information for any purpose other than evaluating rental applications
  • Screening data will be disposed of securely when it is no longer needed

9. Cookie Policy

Our Service uses cookies and similar technologies to function properly, maintain security, and improve your experience.

9.1 What Are Cookies?

Cookies are small text files stored on your device by your web browser. They help websites remember information about your visit.

9.2 Cookies We Use

Cookie Type Purpose Duration
session Strictly Necessary Maintains your login session, authentication state, and CSRF protection. The Service cannot function without this cookie. 10 minutes of inactivity
csrf_token Strictly Necessary Prevents cross-site request forgery attacks on form submissions. Session

9.3 What We Do NOT Use

  • We do not use advertising or tracking cookies
  • We do not use third-party analytics cookies (e.g., Google Analytics)
  • We do not use social media tracking pixels
  • We do not share cookie data with any third parties

9.4 Managing Cookies

Our cookies are strictly necessary for the Service to function. If you disable cookies in your browser settings, you will not be able to log in or use the Service. Since we only use essential cookies, no cookie consent banner is required under most privacy regulations, though we disclose their use here for transparency.

9.5 Third-Party Services

When you make a payment, you are redirected to Stripe's hosted checkout page. Stripe may use its own cookies on their domain, governed by Stripe's Cookie Policy. We have no control over Stripe's cookies.

10. Children's Privacy

Our Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting a notice in the Service or by email. The "Last Updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us:

GDI Digital Solutions
Email: info@gdidigitalsolutions.com
Website: gdidigitalsolutions.com