Notice of Client Data Processing
Last updated: January 12, 2021
Tenant, Inc. provides technology solutions to self storage companies in the United States. In order to provide these services, Tenant collects and processes online and offline information and data. Some of this information is collected directly from our clients or their suppliers, while some may be collected from other third party sources and public records. Some of this information may constitute Personal Information, information that relates to a reasonably identifiable individual or household (“Client Personal Information”).
We collect and process Client Personal Information strictly on behalf of our client to fulfill the purpose of our agreement with the client. Tenant is committed to complying with applicable privacy laws in its role as a service provider as well as assisting clients’ compliance with such laws.
Some of our clients may be “businesses” as defined in the California Consumer Privacy Act of 2018, as amended (the “CCPA”). To the extent our services to those clients require us to collect, use, retain, disclose or otherwise process Client Personal Information that is subject to the CCPA, we do so strictly as our client’s “service provider” as defined in the CCPA.
We do not sell Client Personal Information. We do not collect, retain, use, disclose or otherwise process Client Personal Information for any purpose other than for the purpose of performing the services specified in our agreement with the client. We do not collect, retain, use, disclose or otherwise process Client Personal Information outside of our direct business relationship with the client. We work with clients and our own sub-contractors to ensure that our agreements with them incorporate those and other restrictions as necessary, and to support responses to consumer requests under the CCPA or applicable federal law.
We maintain reasonable security measures to ensure that access to any Client Personal Information is restricted only to authorized individuals who need access for a legitimate business purpose, and to protect Client Personal Information against unauthorized access, theft, or loss. Our products are hosted on the Amazon Web Services cloud and is built according to AWS best practices for high availability, disaster recovery, security, and scalability. There is no single point of failure in network or infrastructure and both utilize regularly-rotated 256-bit encryption. Data is backed up in multiple locations and AWS services are leveraged to recover from hardware or system errors to prevent data loss. Several technologies are utilized to store data, including Amazon S3, MySQL, Postgres, DynamoDB, Redshift, and Reddis.