Landlord Logo

Privacy Policy

How Landlord handles personal data for website visitors, Customers, and the End Users our AI Sales Employee contacts

Effective date:
29 May 2026
Version:
v2.0

Landlord is operated by DeepRent LLC, a Delaware company. This policy explains what we collect, why, who we share it with, and the choices you have. Customer-specific data processing is governed by our Data Processing Addendum and Terms of Service.

In plain language

  • When our AI Sales Employee handles a Customer’s tenants and leads, the storage operator (our Customer) is the Controller and Landlord is the Processor. For our own website, marketing, billing, fraud, and security, Landlord is the Controller.
  • Our AI identifies itself as AI upfront on every outbound call (US and EU) and on every EU inbound call. On US inbound calls it confirms it is AI whenever a caller asks.
  • We do not use Customer or End-User content to train any general-purpose AI model, and we never pool one Customer’s data with another’s.
  • Recordings, transcripts, and message content are held by the specialist providers that power voice, transcription, messaging, and model calls (e.g. Twilio, ElevenLabs, the LLM provider) under their own retention policies - see the sub-processor list.
  • All Landlord-controlled data is processed in the United States. Send any privacy request to support@uselandlord.com.

1. Who we are and what this policy covers

1.1 The entity behind Landlord

Landlord”, “we”, “us”, and “our” refer to DeepRent LLC, DBA Landlord, a Delaware limited liability company with its registered office at 1207 Delaware Ave #3446, Wilmington, DE 19806, United States. Landlord provides an AI Sales Employee that contacts, qualifies, books, and follows up with self-storage tenants and leads on behalf of storage facility operators across voice, WhatsApp, SMS, iMessage, and email. This policy applies to uselandlord.com and the Landlord service. We have not appointed an EU or UK representative.

1.2 When we are a Controller versus a Processor

The same dataset can put us in two different roles, so it matters which one applies:

  • Landlord as Processor. When we operate the AI Sales Employee for a storage operator, that operator (our “Customer”) decides why and how its tenants’ and leads’ data is used. The Customer is the Controller; we act on the Customer’s instructions under our DPA. If you are a tenant or lead and want to exercise rights over how your data is used for sales outreach, your first point of contact is the storage operator that contacted you.
  • Landlord as Controller. We are the Controller for our website and analytics, our own sales and marketing, account administration and billing, and fraud, safety, and security across the platform. For these activities, this policy governs and you can contact us directly.

2. Quick reference: data we collect by relationship

The detail is in Sections 3-5. This table is the fast way to find the part that applies to you.

You are a…Typical dataOur role
Website visitorDevice, IP, cookies, analytics, pages viewed, anything you submit in a form or demo requestController
Customer / Authorized UserAccount and contact details, login and audit logs, configuration, billing metadataController
End User (tenant / lead)Name, phone, email, inquiry details, call recordings, transcripts, message content and metadataProcessor (the operator is Controller)
Prospect in our pipelineBusiness contact details, enrichment data, interaction historyController

3. Information we collect

3.1 Information you give us

Account registration details, demo and contact-form submissions, support requests, survey responses, brand and voice configuration you upload, and any content you choose to send us. Customers also provide the contact lists and lawful-basis information for the tenants and leads they ask the AI to contact.

3.2 Information from Customer integrations

When a Customer connects an integration, we receive data from it to run the service: Gmail and Outlook (email threads and metadata needed to send and follow up), WhatsApp Business, and storage-management software such as SiteLink, Stora, Kinnovis, Storeganise, and Space Manager (unit availability, pricing, reservations, tenant records). We use Gmail data strictly as described in Section 8.

3.3 Voice calls

For voice interactions we and our voice and telephony providers process call audio, recordings, and transcripts, plus call metadata (numbers, time, duration, outcome). We do not create or store a biometric voiceprint of End Users, and we do not clone End-User voices (see Section 7.4).

3.4 Messaging

For WhatsApp, SMS, and iMessage we process message content and metadata (sender and recipient identifiers, timestamps, delivery status) to the extent needed to carry the conversation and follow up. WhatsApp-specific handling is described in Section 9.

3.5 Information collected automatically

On our website and app we collect device and browser data, IP address, identifiers, cookies and similar technologies, usage and analytics events, and, on some pages, session-replay diagnostics. See Section 15 for cookies and your choices.

3.6 Information from third parties

We may receive business-contact and firmographic enrichment data, data from public sources, and limited measurement data from advertising networks, primarily to support Landlord’s own sales and marketing.

4. How we use information

4.1 Providing the AI Sales Employee

To operate the service on a Customer’s instructions: answering and placing calls and messages, qualifying and booking leads, sending payment links, following up on stale leads, and writing results back to the Customer’s systems.

4.2 Improving the service - with a hard no-training commitment

We use operational and Performance Data to monitor quality, fix bugs, and improve the platform. Customer Data and End-User content may be used to tune that Customer’s own AI Sales Employee, inside that Customer’s environment only. We do not pool one Customer’s data with another, and we do not use Customer or End-User content to train any general-purpose AI model. Our LLM and voice providers are contractually prevented from training their general models on our prompts (see Section 10.2).

4.3 Safety, fraud, and abuse detection

To detect, investigate, and prevent fraud, abuse, security incidents, and prohibited uses, and to enforce our terms.

4.4 Billing and account management

To create and administer accounts, authenticate users, process payments and usage charges, provide support, and send service and transactional messages.

4.5 Marketing of Landlord’s own services

To market Landlord to businesses and prospects, measure campaigns, and tell Customers about features. You can opt out of marketing at any time without affecting service messages.

5. Legal bases (GDPR Article 6)

Where the GDPR or UK GDPR applies and Landlord acts as a Controller, we rely on the following legal bases:

  • Performance of a contract - creating and running accounts, billing, and providing the service to Customers and their Authorized Users.
  • Legitimate interests - securing the platform, preventing fraud and abuse, improving the service, and B2B marketing of Landlord, balanced against your rights.
  • Consent - certain cookies and analytics, and any direct marketing where consent is required. You can withdraw consent at any time.
  • Legal obligation - tax, accounting, and responding to lawful requests.
  • Vital interests - rare cases where processing is needed to protect someone’s life or safety.

For End-User outreach, the Customer (Controller) is responsible for establishing the lawful basis and consent - including TCPA prior express written consent in the US and a GDPR-compliant basis in the EU/UK - before adding any contact to AI calling, SMS, WhatsApp, or email campaigns. This obligation is set out in our Terms of Service.

6. AI and automated decision-making

6.1 What the AI does and does not decide on its own

The AI Sales Employee handles conversations, answers questions, qualifies leads, and prepares actions. It does not sign leases, take payment, or initiate evictions or other legally significant decisions without human approval, and it does not give legal or medical advice.

6.2 AI self-identification

The AI discloses that it is AI based on the direction and jurisdiction of the call:

  • All outbound calls (US and EU): upfront disclosure at the start of the call, as required by FCC TCPA AI-voice rules in the US and EU AI Act Article 50 in the EU (effective 2 August 2026).
  • EU inbound calls: upfront disclosure at the start of the call, as required by EU AI Act Article 50 for any direct AI-to-person interaction.
  • US inbound calls: disclosure on request - the AI truthfully identifies as AI whenever a caller asks. Upfront disclosure is not legally required because TCPA governs outbound calls.

A Customer can choose the wording of the disclosure but cannot disable this logic.

6.3 Human review, escalation, and your right to object

You can ask to speak to a human at any time, and conversations can be escalated to the Customer’s staff. Where the GDPR applies, you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects (Article 22); because significant actions require human approval, our use does not fall into that category, and you can still object and request human intervention.

6.4 How we test, monitor, and red-team the AI

We monitor the AI for accuracy and safety, test changes before release, and red-team against prohibited behaviour (such as misrepresenting its identity or making commitments it is not authorised to make).

7. Call recording and transcription

7.1 Two-party / all-party consent jurisdictions

Calls may be recorded and transcribed. Some US states and many countries require all parties to consent to recording. Customers are responsible for ensuring recording is lawful for the contacts they enrol; the AI provides the disclosure described below.

7.2 How consent is captured at the start of a call

Where required, the AI gives a recording and AI-identification notice at the start of the call, and the call proceeds on that basis. The exact phrasing can be configured by the Customer to match local requirements.

7.3 Retention of recordings and transcripts

Landlord does not set a fixed retention window for recordings and transcripts. Retention is governed by the third-party providers that handle the underlying voice, transcription, and model calls (for example Twilio, ElevenLabs, and the LLM provider), each under its own published policy. See the sub-processor list for links to those policies.

7.4 Voice cloning policy

We do not clone End-User voices. Any brand voice used by the AI is configured by the Customer and reviewed before use, as set out in our Terms.

8. Google API / Gmail Limited Use disclosure

Landlord’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically, when a Customer connects Gmail, we access Google user data only to provide and improve the email features of the service the Customer asked for. We do not use Google Workspace or Gmail data to train generalized AI or machine-learning models, do not transfer it except as necessary to provide the service or as required by law, do not sell it, and do not allow humans to read it unless we have the user’s consent, it is necessary for security or to comply with law, or the data is aggregated and de-identified.

9. WhatsApp Business / Meta data sharing disclosure

WhatsApp messaging is delivered through the WhatsApp Business Platform provided by Meta Platforms Ireland Ltd. Use of that channel is subject to the WhatsApp Business Solution Terms and Meta’s policies. Message content and metadata sent over WhatsApp are transmitted through Meta’s infrastructure to deliver the conversation; we use this data only to operate the messaging the Customer configured and do not use it to build advertising profiles. Meta’s processing is described in the Meta sub-processor entry on the sub-processor list.

10. How we share information

10.1 Sub-processors

We share data with vetted sub-processors that help us run the service - hosting, telephony, voice synthesis, transcription, LLM inference, messaging, and payments. The current list, with each provider’s location, service, and DPA link, is maintained at the sub-processor list. We notify Customers before adding or replacing a sub-processor.

10.2 LLM and voice providers - what they can and cannot do

Prompts and conversation content are sent to our LLM and voice providers (such as Anthropic, OpenAI, Google, and ElevenLabs) only to generate the response in real time. Under their data-processing terms, these providers do not train their general-purpose models on our API inputs by default, and zero- or short-retention configurations are used where supported.

10.3 Customers

When the AI works a Customer’s leads, the resulting End-User data - conversation outcomes, bookings, contact details, and transcripts - flows back to that Customer (the Controller) and into its connected systems.

10.4 Legal, safety, and corporate transactions

We may disclose data to comply with law or lawful requests, to protect the rights, safety, and security of users and the public, and in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality protections.

The current sub-processor set is summarised below; the canonical, dated list lives at the sub-processor list.

Sub-processorLocationService
Anthropic, PBCSan Francisco, USALLM inference (Claude API) - agent reasoning, email and chat generation
OpenAI, L.L.C.San Francisco, USALLM inference (OpenAI API) - agent reasoning, email and chat generation
Google LLCMountain View, USALLM inference (Gemini API) - agent reasoning, email and chat generation
ElevenLabs Inc.Delaware, USAVoice synthesis and telephony agent
Stripe Payments Europe Ltd.Dublin, IrelandPayment links
Twilio Ireland Ltd.Dublin, IrelandSMS routing
Meta Platforms Ireland Ltd.Dublin, IrelandWhatsApp Business API transport
Amazon Web Services EMEA SARL (eu-west-1)LuxembourgHosting of operational metadata

11. International data transfers

11.1 Where data is processed

All Landlord-controlled data is processed in the United States. We do not offer an EU-only data-residency option. Some sub-processors operate EU data centres; their locations are shown in the sub-processor list.

11.2 Transfer mechanisms for EU/UK to US transfers

For transfers of personal data from the EEA, UK, or Switzerland to the US, we rely on the European Commission’s 2021 Standard Contractual Clauses, the UK International Data Transfer Addendum, and, where applicable, the EU-US Data Privacy Framework. The full transfer analysis is in our DPA (including the Transfer Impact Assessment summary).

12. Retention

Landlord retains account, log, and billing data for as long as the account is active, plus the period needed for legal, tax, accounting, and dispute purposes.

Recordings, transcripts, and message content are retained according to the policies of the third-party processors that physically handle them (such as Twilio, ElevenLabs, the LLM provider, and WhatsApp/Meta). Landlord does not set a separate fixed window for this content - see the sub-processor list for links to each provider’s policy. Where Landlord acts as Processor, deletion on termination follows the process in our DPA.

13. Security

We protect personal data with technical and organisational measures appropriate to the risk, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access control, least privilege, and mandatory MFA on administrative and engineering accounts.
  • Key management and confidentiality obligations on all personnel.
  • A documented incident-response process. Where we act as Processor, we notify the Customer (Controller) of a confirmed personal-data breach without undue delay so they can meet their 72-hour notification duty under GDPR Article 33; where we are Controller, we notify supervisory authorities and affected individuals as required.
  • SOC 2 is on our roadmap. Our current security posture is described in our DPA’s technical and organisational measures.

14. Your rights

14.1 GDPR rights

If you are in the EEA, you have the right to access, rectification, erasure, restriction, data portability, and objection, the right to withdraw consent, and the right to lodge a complaint with a supervisory authority.

14.2 UK GDPR / Data Protection Act 2018

If you are in the UK, you have equivalent rights and may complain to the Information Commissioner’s Office.

14.3 CCPA / CPRA

If you are a California resident, you have the right to know, delete, and correct your personal information, to opt out of any “sale” or “sharing”, and to limit the use of sensitive personal information. We do not sell personal information for money. We will not discriminate against you for exercising these rights.

14.4 How to exercise your rights

Send your request to support@uselandlord.com. We will verify your identity before acting and will respond within the timeframe required by applicable law. You may use an authorised agent where the law allows.

14.5 End Users: against the Customer versus against Landlord

If a storage operator contacted you using the AI Sales Employee, that operator is the Controller of your data for that outreach, and you should direct most requests (such as deletion of your lead record) to them. Landlord acts as the operator’s Processor and will assist them in responding. You can still contact us at support@uselandlord.com and we will route your request appropriately.

15. Cookies and tracking

On our website we use cookies and similar technologies for essential functionality, analytics, and measuring our marketing. Strictly necessary cookies are always active; where required, we ask for consent before setting analytics or marketing cookies, and you can change your choices through your browser settings or any cookie controls we provide. If we later launch a dedicated cookie notice, it will be linked here.

16. Children

Landlord is a business service and is not directed to children. We do not knowingly collect personal data from children. If you believe a child’s data has reached us, contact support@uselandlord.com and we will delete it.

17. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the effective date above and, where appropriate, provide additional notice. The current version always lives at https://uselandlord.com/privacy.

18. Contact

Send all privacy requests, data-subject access requests (DSARs), breach notices, and complaints to support@uselandlord.com. EU and UK data subjects also have the right to lodge a complaint directly with their national supervisory authority.

DeepRent LLC
1207 Delaware Ave #3446
Wilmington, DE 19806, United States
support@uselandlord.com