Privacy Policy

1. Information We Collect

We collect the following categories of personal data when you use RentAKite:

• --Account information: Name, email address, and hashed password when you register an account.
• --Profile information: Rider level, body weight, height, years of experience, bio text, home kite spot, and profile photo (all optional except name and email).
• --Verification data: Licence type, licence level, and uploaded licence photos where you choose to provide them for trust-building purposes.
• --Listing information: Gear details, photos, pricing, availability, and geographic location you provide when creating listings.
• --Transaction and rental data: Rental request details including proposed dates, renter notes, and request status.
• --Communication data: Messages exchanged through the platform's built-in messaging system.
• --Payment-related data: RentAKite does not process or store payment card data. Payments are arranged directly between users outside the platform.
• --Usage and technical data: Pages visited, search queries, browser type, device type, IP address, and approximate geographic region derived from IP.
• --Cookies and similar technologies: Session cookies and local storage tokens used solely for authentication and session management.

2. How We Use Your Information

• --To create and manage your account and authenticate your sessions.
• --To display your profile and listings to other users of the platform.
• --To facilitate communication between renters and gear owners.
• --To process rental requests and update request statuses.
• --To send email notifications about new messages, rental requests, and reviews (where you have enabled these preferences).
• --To improve the platform, debug issues, and develop new features.
• --To enforce our Terms of Service, prevent fraud, and ensure platform safety.
• --To comply with legal obligations to which we are subject.
• --To generate aggregated, anonymised analytics about platform usage.

3. Legal Basis for Processing (GDPR / UK GDPR)

For users in the European Economic Area, the United Kingdom, and other jurisdictions that require a legal basis for processing personal data, we rely on the following: (a) Performance of a contract — processing necessary to provide the platform services you have signed up for; (b) Legitimate interests — improving the platform, preventing fraud, and ensuring security, where these interests are not overridden by your rights; (c) Legal obligation — where we are required to retain or disclose data by applicable law; (d) Consent — for any processing activities where we have obtained your explicit consent, such as optional marketing communications. You have the right to withdraw consent at any time.

4. Information Sharing and Disclosure

Your public profile and listings are visible to all visitors of the platform. Your exact pickup location and phone number are only made visible to users whose rental request you have accepted. We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share data with: (a) Infrastructure and hosting providers (including Supabase and Resend) acting as data processors under appropriate data processing agreements; (b) Authorities or courts when required by applicable law, regulation, or valid legal process; (c) A successor entity in the event of a merger, acquisition, or sale of assets, subject to continued protection of your data under equivalent terms.

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data. To exercise any of these rights, contact us via the Contact page.

6. Data Retention

We retain your account data for as long as your account is active or as necessary to provide services. Rental request records and message threads are retained for a minimum of two years for fraud prevention and dispute resolution purposes. Technical logs are retained for up to 90 days. Upon account deletion, personal data is erased or anonymised within 30 days, unless a longer retention period is required by law.

7. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

• --Strictly necessary cookies: Session authentication tokens and CSRF protection cookies. These are essential for the platform to function and cannot be disabled.
• --Functional cookies: Language preference and UI state stored in browser local storage.
• --Analytics: We do not currently use any third-party analytics cookies or tracking pixels.
• --No advertising cookies: We do not place or permit any advertising or cross-site tracking cookies.

8. International Data Transfers

RentAKite operates globally. Your data may be processed and stored on servers located in the European Union or the United States, depending on the infrastructure provider. Where data is transferred outside the EEA or UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms recognised under applicable law.

9. Children's Privacy

RentAKite is not directed to children under the age of 16 (or 13 in jurisdictions where that threshold applies). We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete such data promptly.

10. Data Security

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include encrypted connections (TLS), hashed password storage, row-level security on all database tables, and access controls limiting who can view or modify data. No transmission over the internet is 100% secure; you are responsible for keeping your account credentials confidential.

11. Third-Party Links and Services

The platform may contain links to third-party websites, kite spot directories, or external resources. We are not responsible for the privacy practices or content of those third parties. Rental agreements and payments are conducted directly between users outside our platform; those interactions are governed solely by the parties involved and are not subject to this policy.

12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on users. User ratings and trust badges are calculated algorithmically but are displayed as information only; no automated decisions are made that deny you access to services.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify registered users by email or via a prominent notice on the platform at least 14 days before the changes take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy. We encourage you to review this page periodically.

14. Contact and Data Protection Inquiries

For any questions about this Privacy Policy, to exercise your data rights, or to report a privacy concern, please contact us through the Contact page. We will respond to all verifiable requests within 30 days (or such shorter period as required by applicable law). Where required by law, we will designate a Data Protection Officer or local representative; contact details will be provided upon request.