Privacy Policy

1. Introduction

Ultimate RMS ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our rental management software service.

2. Information We Collect

Information You Provide

• Account information (name, email, password)
• Business information (company name, address, phone)
• Payment information (processed securely by Stripe)
• Customer data you enter into the system
• Inventory and booking information

Information Collected Automatically

• Device and browser information
• IP address and location data
• Usage data and analytics
• Cookies and similar technologies

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the Service
• Process transactions and send related information
• Send administrative notifications
• Respond to your comments and questions
• Improve and optimize the Service
• Monitor and analyze usage patterns
• Detect and prevent fraud or abuse

4. Data Sharing

We may share your information with:

• Service Providers: Third parties that help us operate the Service (e.g., hosting, payment processing, email)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

5. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Secure data centers

6. Data Retention

We retain your data based on the following schedule:

• Active accounts: Retained for the duration of your subscription
• Deleted accounts: Permanently removed within 30 days of deletion request
• Transactional email logs: Retained for 90 days
• Audit and activity logs: Retained for 7 years (tax and legal compliance)
• Analytics data: Retained for 26 months (Google Analytics default)
• Security logs: Retained for 30 days
• Backups: Retained for 30 days, then purged

You can request deletion of your data at any time through your account settings (Security → Delete Account) or by contacting us at privacy@ultimaterms.com. You can also export all your data in JSON format from Security settings.

7. Your Rights (Including GDPR)

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the following rights:

• Right of access (Art. 15 GDPR) — Access the personal data we hold about you
• Right to rectification (Art. 16 GDPR) — Request correction of inaccurate data
• Right to erasure (Art. 17 GDPR) — Request deletion of your data
• Right to restrict processing (Art. 18 GDPR) — Request that we limit how we use your data
• Right to data portability (Art. 20 GDPR) — Export your data in a portable, machine-readable format
• Right to object (Art. 21 GDPR) — Opt out of marketing communications and certain processing activities
• Right to lodge a complaint — You may file a complaint with your local data protection supervisory authority

To exercise any of these rights, please contact us at privacy@ultimaterms.com. We will respond within 30 days.

7a. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

• Contract performance — Processing necessary to provide the Service you have subscribed to
• Legitimate interests — Improving and securing the Service, fraud prevention, and analytics
• Consent — For optional processing such as marketing communications and analytics cookies
• Legal obligation — Processing required to comply with applicable laws

7b. Data Processing Agreement

For business customers who need a Data Processing Agreement (DPA) for GDPR compliance, please contact us at privacy@ultimaterms.com and we will provide a signed DPA.

8. Cookies

We use cookies and similar technologies to enhance your experience. You can manage your cookie preferences at any time using the cookie banner that appears when you first visit our site.

Essential Cookies (Always Active)

• urms_cookie_consent — Stores your cookie preferences (1 year)
• sb-*-auth-token — Authentication session (Supabase, session duration)

Analytics Cookies (Require Consent)

• _ga — Google Analytics user identifier (2 years)
• _ga_* — Google Analytics session data (2 years)
• _gid — Google Analytics session identifier (24 hours)

Analytics cookies are only loaded after you consent via the cookie banner. We use Google Analytics with IP anonymization enabled. No marketing or advertising cookies are used.

9. Third-Party Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. For transfers from the European Economic Area (EEA) or UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other appropriate safeguards under GDPR Article 46, to ensure your data receives adequate protection.

12. Your Privacy Choices (US State Laws)

If you are a resident of California, Virginia, Colorado, Connecticut, or another US state with consumer privacy laws (including the CCPA/CPRA), you have additional rights:

• Right to know — Request details about the personal information we collect and how it is used
• Right to delete — Request deletion of your personal information
• Right to opt out of sale — We do not sell your personal information to third parties
• Right to non-discrimination — We will not treat you differently for exercising your privacy rights

To exercise these rights, contact us at privacy@ultimaterms.com or use the data export and account deletion features in your account settings. We will verify your identity before processing any request and respond within 45 days.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

• Email: privacy@ultimaterms.com
• Or visit our Contact Page

15. Subprocessors

For a list of third-party subprocessors we use to deliver the Service, please see our Subprocessors page.

16. Terms of Service

Please also review our Terms of Service which governs your use of the Service.