1. Overview
SmallDoor (“we”, “us”, “our”) operates smalldoor.app, a property management platform for independent landlords. This policy explains what data we collect, how we use it, and your rights regarding that data.
2. Who this policy covers
This policy applies to two types of users: landlords who create SmallDoor accounts, and tenants who complete an income verification request initiated by their landlord.
3. Data we collect
Landlords:
- Name and email address at account creation
- Property, unit, tenant, and lease information entered into the platform
- Billing information processed by Stripe (we do not store card numbers)
Tenants:
- Name and email address
- Bank-verified monthly income amount and employer name, retrieved via Plaid
- No raw transaction data, account balances, or bank credentials are collected or stored
4. How we collect data
- Directly from landlords when they create an account and enter information
- From tenants via Plaid Link, a secure bank connection service operated by Plaid Financial Ltd. Tenants initiate this connection voluntarily after receiving a verification request and providing explicit consent
- From Stripe for payment processing
5. How we use data
- To provide the SmallDoor service to landlords
- To display verified income summaries to the landlord who initiated the verification request
- To send transactional emails (rent reminders, verification requests) via Resend
- To process subscription payments via Stripe
- We do not sell, rent, or share personal data with third parties for marketing purposes
6. Legal basis for processing
We process data on the basis of:
- Contractual necessity (to deliver the service you signed up for)
- Legitimate interest (to operate and improve the platform)
- Consent (tenants explicitly consent before connecting their bank via Plaid)
7. Data retention
- Landlord account data is retained for the duration of the account and deleted within 30 days of account cancellation
- Tenant income verification data (monthly income amount, employer name) is retained for the duration of the landlord-tenant relationship and deleted within 30 days of the tenant record being removed
- Raw bank data is never stored — only the summarized income output from Plaid
8. Data security
All data is stored in Supabase, which encrypts data at rest using AES-256. All data in transit is encrypted via TLS 1.2 or higher. Row Level Security is enforced at the database level — landlords can only access their own data. Access to production systems is protected by multi-factor authentication.
9. Third-party services
SmallDoor uses the following third-party processors:
- Plaid (plaid.com) — bank income verification
- Stripe (stripe.com) — payment processing
- Supabase (supabase.com) — database and authentication
- Vercel (vercel.com) — application hosting
- Resend (resend.com) — transactional email
10. Your rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Withdraw consent at any time (for tenants, this means requesting that your income data be deleted)
To exercise any of these rights, contact us at privacy@smalldoor.app
11. Cookies
SmallDoor uses only essential session cookies required for authentication. We do not use tracking or advertising cookies.
12. Children
SmallDoor is not directed at children under 13 and we do not knowingly collect data from minors.
13. Changes to this policy
We will notify users of material changes to this policy via email. The date at the top of this page reflects when it was last updated.