Data Policy

1. SCOPE AND APPLICATION

1.1 Document Relationship

This Data Policy works in conjunction with:

• Privacy Policy: Governs what data we collect and how we use it
• Terms and Conditions: Governs platform use and user obligations
• Data Policy (this document): Governs data handling, storage, security, and technical implementation

In case of conflict between documents, the order of precedence is: Terms and Conditions → Privacy Policy → Data Policy.

1.2 Platform Context

RentFusion operates in the rental property marketplace, which involves:

• High-value transactions (monthly rent commitments ranging from hundreds to thousands of dollars)
• Sensitive personal information (financial data, identity documents, location data)
• Long-term relationships (lease terms typically 6-12+ months)
• Trust-critical interactions (strangers entering financial agreements and physical spaces)

Given these factors, we implement rigorous data protection standards befitting the real estate industry.

2. DATA CATEGORIES AND CLASSIFICATION

2.1 Data Classification System

We classify data into four security tiers:

Classification	Examples	Security Level
Public	Property exterior photos, rental price ranges, neighborhood names	Standard encryption
Internal	User preferences, search history, platform usage analytics	Encrypted storage, access-controlled
Confidential	Full names, phone numbers, email addresses, property addresses	Encrypted at rest and in transit, strict access controls
Restricted	National ID numbers, financial data, verification documents, passwords	Maximum encryption, multi-factor authentication required, audit logging

2.2 Real Estate Specific Data

Property Owner Data

• Ownership Verification: Title deeds, lease agreements, HOA approvals (Restricted)
• Property Details: Full address, GPS coordinates, unit numbers (Confidential)
• Property Media: Interior photos, video walkthroughs, floor plans (Internal/Public based on visibility settings)
• Financial Terms: Rental price, deposit amounts, utility costs, lease duration (Public in listings)
• Property Condition: Age, renovations, defects, maintenance records (Internal/Confidential)

Tenant Data

• Identity Verification: National ID, passport, driver's license (Restricted)
• Financial Qualification: Employment verification, income proof, bank statements (Restricted)
• Rental History: Previous landlord references, eviction records, rent payment history (Confidential)
• Household Composition: Number of occupants, ages, pet ownership (Internal/Confidential)
• Search Criteria: Budget range, location preferences, move-in dates (Internal)

3. DATA LIFECYCLE MANAGEMENT

3.1 Data Collection

3.1.1 Collection Methods

• Direct Input: User registration forms, property listing uploads, profile updates
• WhatsApp Integration: Chatbot conversations, message metadata, user queries
• Automated Collection: Cookies, device fingerprints, IP addresses, usage analytics
• Third-Party Sources: Social media profiles (with consent), credit bureaus (with authorization), public property records

3.1.2 Collection Principles

• Lawfulness: Data collected only with legal basis (consent, contract, legitimate interest, legal obligation)
• Purpose Limitation: Data collected only for specified, legitimate purposes related to rental matching
• Data Minimization: We collect only data necessary for platform functionality
• Transparency: Users informed of data collection at the point of collection

3.2 Data Storage

3.2.1 Storage Infrastructure

• Primary Database: Encrypted MySQL/PostgreSQL databases with replication and backup
• File Storage: AWS S3 / Google Cloud Storage for images and videos with server-side encryption
• Cache Layers: Redis/Memcached for session data and temporary storage (encrypted)
• Backup Systems: Daily encrypted backups stored in geographically distributed locations
• Disaster Recovery: Multi-region redundancy with 99.9% uptime SLA

3.2.2 Data Residency

Data is stored in:

• Primary Region: Cloud infrastructure (AWS/Google Cloud) with Zimbabwe-proximate data centers
• Backup Regions: Multi-region redundancy across Africa and Europe
• Cross-Border Transfers: Conducted under Standard Contractual Clauses (SCCs) and adequate safeguards

3.3 Data Retention

Data Type	Retention Period	Justification
Active User Accounts	Duration of account activity	Service provision
Inactive Accounts	24 months post-inactivity	Re-engagement opportunity
Active Property Listings	Until rented or withdrawn	Marketplace functionality
Closed Listings	12 months post-closure	Analytics and trend analysis
Transaction Records	7 years	Tax and accounting compliance
Communication Logs	90 days (metadata only)	Dispute resolution and fraud prevention
Security Logs	1 year	Incident investigation
Legal Hold Data	Until litigation resolution	Legal compliance

3.4 Data Deletion

3.4.1 Deletion Methods

• Soft Deletion: Records marked as deleted but physically retained (30-day recovery window)
• Hard Deletion: Complete removal from production databases (irreversible)
• Cryptographic Erasure: Deletion of encryption keys rendering data unreadable
• Physical Destruction: Secure wiping of decommissioned hardware per DOD 5220.22-M standards

3.4.2 Automatic Deletion Triggers

• User-initiated account deletion requests
• Expiration of retention periods
• Court orders or regulatory mandates
• Detection of fraudulent or illegal activity

4. DATA SECURITY MEASURES

4.1 Encryption Standards

4.1.1 Data in Transit

• TLS 1.3: All client-server communications encrypted with modern cipher suites
• Certificate Pinning: Mobile apps use certificate pinning to prevent man-in-the-middle attacks
• HTTPS Everywhere: No unencrypted HTTP endpoints exposed
• VPN Requirements: Internal staff access requires VPN with AES-256 encryption

4.1.2 Data at Rest

• AES-256 Encryption: All databases and file storage encrypted with military-grade encryption
• Key Management: Encryption keys stored in Hardware Security Modules (HSMs) or cloud KMS services
• Key Rotation: Encryption keys rotated every 90 days with zero-downtime migration
• Password Hashing: User passwords hashed with bcrypt (cost factor 12) and salted

4.2 Access Controls

4.2.1 Principle of Least Privilege

• Employees granted minimum access required for job functions
• Role-based access control (RBAC) with granular permissions
• Time-limited access grants with automatic expiration
• Just-in-time (JIT) privileged access for emergency operations

4.2.2 Multi-Factor Authentication (MFA)

• Mandatory for: All administrative accounts, privileged operations, sensitive data access
• Supported Methods: TOTP (Google Authenticator), SMS codes, biometric authentication
• Backup Codes: Secure recovery codes provided and encrypted

4.2.3 Access Logging and Monitoring

• All data access logged with timestamp, user ID, action type, and IP address
• Real-time anomaly detection for unusual access patterns
• Quarterly access reviews and permission audits
• Automated alerts for suspicious activity

4.3 Network Security

• Firewalls: Next-generation firewalls with deep packet inspection
• Intrusion Detection: IDS/IPS systems monitoring for malicious traffic
• DDoS Protection: Cloudflare/AWS Shield protecting against volumetric attacks
• Network Segmentation: Production, staging, and development environments isolated
• Zero Trust Architecture: "Never trust, always verify" security model

4.4 Application Security

4.4.1 Secure Development Lifecycle

• Code Reviews: Mandatory peer reviews for all code changes
• Static Analysis: Automated scanning for vulnerabilities (SAST tools)
• Dynamic Testing: Runtime security testing (DAST tools)
• Dependency Scanning: Third-party library vulnerability monitoring
• Penetration Testing: Annual third-party security audits

4.4.2 OWASP Top 10 Protection

We actively mitigate:

• ✓ SQL Injection (parameterized queries, ORM frameworks)
• ✓ Cross-Site Scripting (XSS) (input sanitization, Content Security Policy)
• ✓ Cross-Site Request Forgery (CSRF) (CSRF tokens on all forms)
• ✓ Insecure Deserialization (whitelist-based deserialization)
• ✓ XML External Entities (XXE) (XML parsers configured securely)
• ✓ Broken Authentication (secure session management, password policies)

5. DATA SHARING AND THIRD PARTIES

5.1 Controlled Data Sharing

5.1.1 Property Owner ↔ Tenant Matching

When a Tenant expresses interest in a property:

• Shared with Property Owner: Tenant name, phone number, move-in date preference, household size
• Shared with Tenant: Property Owner name, phone number, full property address
• NOT Shared: Financial details, identity documents, full search history
• User Consent: Explicit consent obtained before first data exchange

5.2 Third-Party Service Providers

5.2.1 Data Processing Agreements (DPAs)

All service providers sign contracts ensuring:

• Data processed only for specified purposes
• Equivalent security standards maintained
• Subprocessors disclosed and approved
• Data breach notification within 24 hours
• Data deletion upon contract termination

5.2.2 Subprocessor List

Service Provider	Purpose	Data Shared
AWS / Google Cloud	Infrastructure hosting	All platform data (encrypted)
WhatsApp Business API	Messaging services	Phone numbers, message metadata
Google Analytics	Usage analytics	Anonymized usage data, device info
Sendgrid / Twilio	Email/SMS delivery	Email addresses, phone numbers, message content
Cloudflare	CDN and DDoS protection	IP addresses, traffic patterns

6. USER DATA RIGHTS AND CONTROLS

6.1 Data Access Rights

Users may request:

• Data Export: Complete copy of personal data in machine-readable format (JSON/CSV)
• Access Report: Summary of what data we hold, how it's used, and who has accessed it
• Processing Activities: List of all processing operations involving user data

Response Time: Verified requests fulfilled within 30 days (may extend to 60 days for complex requests).

6.2 Data Correction and Updating

• Self-Service: Users can update most profile information through account settings
• Listing Updates: Property Owners can edit listings in real-time
• Support Requests: For historical data corrections, contact support with evidence

6.3 Data Deletion Rights (Right to Erasure)

6.3.1 Full Account Deletion

Users may delete their account, which triggers:

• Immediate deactivation of account access
• Removal of personal data within 30 days
• Anonymization of historical listings (property address retained for analytics)
• Deletion of photos, videos, and user-generated content

6.3.2 Exceptions to Deletion

We may retain data despite deletion requests when:

• Legal Obligation: Tax records, financial transactions (7-year retention)
• Ongoing Dispute: Data relevant to active litigation or investigations
• Fraud Prevention: Minimal data (hashed email/phone) to prevent re-registration by banned users
• Backup Systems: Data in backups deleted within 90-day backup retention cycle

6.4 Data Portability

Users can export:

• Profile information and account settings
• Property listings (owners only)
• Search history and saved properties (tenants only)
• Communication metadata (not full message content)

Format Options: JSON, CSV, PDF

7. SPECIAL REAL ESTATE DATA CONSIDERATIONS

7.1 Property Address Sensitivity

Full property addresses are treated as Confidential data:

• Public Listings: Display neighborhood/area only (e.g., "Near Central Park, Harare")
• Approximate Location: Map pins show general vicinity, not exact coordinates
• Full Address Disclosure: Only after Tenant expresses genuine interest and Property Owner approves
• Vacant Property Protection: Additional privacy measures for unoccupied properties

7.2 Financial Data Handling

Rental pricing and financial information:

• Listing Prices: Public information (similar to traditional real estate)
• Tenant Financial Qualification: Encrypted and access-restricted (never shared with Property Owners without explicit tenant consent)
• Payment Processing: We do NOT handle rent payments or store payment card data (PCI-DSS compliant if implemented)

7.3 Verification Documents

Identity documents and ownership proofs:

• Verification Purpose Only: Documents reviewed for authenticity, then securely deleted within 30 days
• No Permanent Storage: We retain only verification status (verified/not verified), not document images
• Exception: If required by law enforcement or legal process, documents retained until case closure

8. DATA BREACH RESPONSE PROTOCOL

8.1 Incident Detection

• 24/7 security monitoring and automated alerting
• Intrusion detection systems (IDS) and security information and event management (SIEM)
• Regular vulnerability scanning and penetration testing
• User-reported security issues via dedicated security@rentfusion.com email

8.2 Incident Response Plan

Phase 1: Containment (0-4 hours)

• Isolate affected systems to prevent further data exposure
• Preserve forensic evidence for investigation
• Activate incident response team

Phase 2: Assessment (4-24 hours)

• Determine scope of breach (what data, how many users, attack vector)
• Assess severity and legal notification obligations
• Engage external cybersecurity forensics experts if necessary

Phase 3: Notification (24-72 hours)

• Regulatory Notification: Report to data protection authorities within 72 hours (GDPR requirement)
• User Notification: Email and WhatsApp alerts to affected users
• Public Disclosure: If breach affects >500 users or involves high-risk data

Phase 4: Remediation (Ongoing)

• Patch vulnerabilities and strengthen security controls
• Offer affected users identity theft protection services (if financial data compromised)
• Conduct post-incident review and update security policies

8.3 User Support After Breach

If your data is compromised, we will:

• Provide clear information about what data was exposed
• Offer guidance on protective measures (password reset, fraud monitoring)
• Establish dedicated support channels for breach-related inquiries
• Consider offering credit monitoring or identity theft insurance (for severe breaches)

9. INTERNATIONAL DATA TRANSFERS

9.1 Transfer Mechanisms

When transferring data internationally, we rely on:

• Standard Contractual Clauses (SCCs): EU-approved data transfer agreements
• Adequacy Decisions: Transfers to countries recognized as providing adequate protection
• Binding Corporate Rules (BCRs): Internal policies for intra-company transfers
• User Consent: Explicit consent for transfers when required

9.2 Cross-Border Data Flows

Your data may be processed in:

• Primary Processing: Zimbabwe and regional cloud infrastructure
• Backup Storage: Multi-region cloud storage (Africa, Europe, US)
• Service Providers: US (AWS, Google), Ireland (WhatsApp), etc.

All cross-border transfers comply with applicable data protection laws (GDPR, CCPA, local regulations).

10. COMPLIANCE AND CERTIFICATIONS

10.1 Regulatory Compliance

RentFusion complies with:

• GDPR: General Data Protection Regulation (EU/EEA)
• CCPA: California Consumer Privacy Act
• POPIA: Protection of Personal Information Act (South Africa, if applicable)
• Local Data Protection Laws: Zimbabwe Data Protection Act and applicable regulations
• Industry Standards: ISO 27001 (Information Security Management), SOC 2 Type II (if certified)

10.2 Audit and Accountability

• Internal Audits: Quarterly data protection compliance reviews
• External Audits: Annual third-party security and privacy audits
• Regulatory Inspections: Full cooperation with data protection authorities
• Transparency Reports: Annual publication of data requests, breaches, and compliance metrics

11. USER RESPONSIBILITIES

11.1 Property Owner Responsibilities

Property Owners must:

• Obtain consent from co-owners before listing properties
• Blur or remove sensitive information from property photos (personal items, documents)
• Comply with fair housing laws when screening tenants
• Not request excessive personal information from prospective tenants
• Securely handle tenant application materials

11.2 Tenant Responsibilities

Tenants must:

• Verify Property Owner identity before sharing financial information
• Not share others' listings without permission
• Report fake listings or suspicious property owners
• Understand that RentFusion cannot verify all Property Owner claims

12. CHILDREN'S DATA

RentFusion is NOT intended for use by individuals under 18 years of age. We do not knowingly collect data from minors. If we become aware of unauthorized collection of child data, we will:

• Delete the data immediately
• Terminate the associated account
• Notify parents/guardians if contact information is available
• Report to authorities if required by law

13. UPDATES TO THIS DATA POLICY

We may update this Data Policy to reflect:

• Changes in data processing practices
• New security technologies or threats
• Regulatory requirement changes
• User feedback and best practices

Material changes will be communicated via email and WhatsApp at least 30 days before taking effect. Continued use of the Platform after changes constitutes acceptance.

14. CONTACT AND DATA REQUESTS

14.1 How to Exercise Your Rights

To exercise data rights (access, correction, deletion, portability), submit a request via:

• Email: admin@therentfusion.com
• WhatsApp: +263 71 428 2938 (message "Data Request")
• Website: therentfusion.com

14.2 Identity Verification

For security, we verify your identity before processing requests:

• Confirmation via registered email or phone number
• Answer security questions or provide account details
• Government-issued ID for sensitive requests