Built to be trusted
Data security and compliance aren't features—they're foundations. Here's how we protect your business and your tenants.
Data Encryption
All data transmitted between your browser, our servers, and Twilio's SMS infrastructure is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256. This includes conversation records, tenant contact information, and payment-related data.
Authentication & Access Control
RentalRelay uses organization-scoped access control. Each account owner has full access to their organization's data. Team roles and permissions are coming soon.
All authentication routes are rate-limited. Password reset and signup flows include abuse prevention controls.
SMS Compliance (TCPA / CTIA)
RentalRelay is designed for opt-in-only messaging. We implement the following compliance safeguards:
- Tenants must provide explicit consent before receiving automated messages
- Every tenant conversation thread tracks opt-in status
- STOP/HELP/UNSUBSCRIBE keyword handling is automatic
- Message logs retain sender, recipient, timestamp, direction, and consent status
- You remain responsible for obtaining consent in your lease agreements—we provide the infrastructure to honor it
RentalRelay is not a law firm and this does not constitute legal advice. We recommend consulting a housing attorney for jurisdiction-specific compliance guidance.
Audit Trails & Documentation
Every message, approval decision, and system action is logged with a timestamp and actor identity. These records are immutable and available to you for export at any time. This makes RentalRelay audit-ready for:
- Security deposit disputes
- Maintenance response timelines
- Vendor approval chains
- Habitability documentation
Infrastructure & Availability
RentalRelay runs on cloud infrastructure with automated backups, redundancy, and uptime monitoring. We target 99.9% availability for the web portal and SMS webhook processing. Escalation alerts and status updates are communicated to account administrators via SMS.
Vendor & Third-Party Risk
We use a small, audited set of third-party services: Twilio for SMS, Stripe for billing, and a major cloud provider for compute and storage. We do not sell or share your data with advertisers. Third-party access is governed by data processing agreements.
Responsible Disclosure
If you discover a security vulnerability in RentalRelay, please report it to [email protected]. We will acknowledge reports within 48 hours and work to resolve confirmed issues promptly.