Privacy

Privacy Policy

Last updated May 15, 2026

This policy explains what data LeaseFix collects when property managers run a maintenance desk on our platform — including data about their organizations, properties, tenants, vendors, owners, and the requests that flow between them — and how we use, retain, share, and protect that data.
On this page (21)

Who we are

LeaseFix is operated by LeaseFix Technologies LLC. References to "we", "us", and "our" mean LeaseFix Technologies LLC. References to "you" mean the people and organizations using LeaseFix.

For privacy questions, contact privacy@leasefix.co.

Account data

When you create an account we collect:

  • Your name, work email, and (optionally) job title and phone number.
  • Authentication credentials (hashed passwords) and session metadata.
  • Profile preferences such as notification settings and timezone.

Organization and workspace data

Each customer operates inside a workspace tied to their property management company. We collect:

  • Company name, billing entity, and the team members invited into the workspace.
  • Roles and permissions assigned to each member (admin, dispatcher, vendor, owner, viewer).
  • Workspace settings such as triage rules, escalation thresholds, and SLA targets.

Property, unit, tenant, vendor, and owner data

To run a maintenance desk we process data about the people and assets in your portfolio:

  • Properties and units (address, unit number, building details, access notes).
  • Tenants (name, contact details, unit assignment, lease term where supplied).
  • Vendors (company name, contact details, trades, coverage areas, certificates supplied to you).
  • Owners and property owners' representatives (name, contact details, statement preferences).

You are the controller of this data. We process it on your behalf to operate LeaseFix and to provide tenant, vendor, and owner-facing portals you direct us to provide.

Maintenance request data

Maintenance requests are the operational core of LeaseFix. We process:

  • Tenant-submitted descriptions, categories, urgency, and consent for entry.
  • Triage notes, priority changes, status transitions, and time stamps.
  • Vendor dispatch records, scheduled visits, ETAs, scopes of work, and quotes.
  • Owner approval requests, decisions, spend caps, and notes attached to a request.
  • Internal comments and tagged team conversations on a ticket.

Uploaded photos, videos, and documents

Photos, videos, invoices, quotes, inspection reports, and other documents attached to a request are stored in your workspace's object storage and are accessible only to people you authorize.

We do not use these uploads to train any third-party AI model. We may use them to render previews and to power features inside your own workspace (for example, AI-assisted captioning of a photo, scoped to that ticket).

Product usage data

We collect how the product is used so we can keep it reliable: page views, feature events, error reports, performance traces, and approximate device/browser information. Where we use third-party analytics, the data is aggregated and used only to operate and improve LeaseFix.

Billing and payment data

When you subscribe to a paid plan, our payment processor collects payment method details directly. We receive only the billing contact, plan, status, invoices, and the last four digits of the card or equivalent identifier. We do not store full card numbers.

Cookies and analytics

We use a small set of cookies to keep you signed in, remember preferences, and understand product usage. See the Cookie Policy for the full list and how to control them.

AI feature usage and model policy

LeaseFix uses AI to draft summaries, classify urgency, suggest replies, and propose vendor matches. To do this, we send the relevant ticket text (and where relevant, captions of attached photos) to AI inference providers acting as our subprocessors under contract.

  • Customer data is not used to train foundation models without explicit opt-in.
  • Fine-tuning, where enabled, occurs on siloed, tenant-anonymized data sets per organization.
  • AI processing for a ticket is scoped to that ticket. We do not pool customer data across workspaces for AI features.

AI-generated outputs and human authority

LeaseFix drafts, flags, and structures. A human manager or coordinator reviews before dispatching, sending, or changing priority. AI suggestions never close work orders, dispatch vendors, or send tenant notifications on their own. We log the AI suggestion alongside the human decision so the audit trail is preserved.

Communication data

When tenants, vendors, owners, or staff communicate through LeaseFix (in-app messages, email replies routed via our intake addresses, or status updates), we store those messages so they are visible to authorized members of your workspace and to the recipient.

AppFolio and Buildium data flows

LeaseFix supports live bi-directional API integrations with AppFolio and Buildium. When your workspace admin connects a PMS, data moves as follows:

  • Inbound to LeaseFix: tenant metadata, unit details, payment status, and lease duration.
  • Outbound to your PMS: draft work order objects, status update notes, and scheduled timeframes.
  • Permission scopes requested: workorders.write, tenant.read, unit.read.
  • Setup: an API key generated by your PMS admin and LeaseFix app authorization via OAuth 2.0.
  • Fallback: if the API handshake fails, LeaseFix reverts to hourly CSV export/import and sends a System Health Alert to the portfolio manager.

We do not maintain live direct integrations with other PMS vendors at this time; other systems are supported via CSV import/export.

Third-party services we rely on

We use vetted subprocessors to run the service. Categories include: cloud hosting and database, authentication, transactional email delivery, error monitoring and logging, AI inference, payment processing, and customer support tooling. PMS integrations (AppFolio, Buildium) act as data sources and destinations under your direction. We require each subprocessor to provide appropriate technical and organizational safeguards.

A current list of subprocessors is available on request from privacy@leasefix.co.

Data retention

Maintenance records are retained for 7 years. Audit logs are retained for 3 years. Other operational data is retained for the life of your account.

When you delete data inside LeaseFix or close your workspace, we remove it from active systems within 30 days and from backups within 90 days, except where we are required to retain limited records (for example, tax records related to billing, or maintenance records under the 7-year retention above).

Security practices

We protect your data with controls that include:

  • SOC 2 Type II attestation report dated October 2025. Scope: LeaseFix Cloud Production Environment.
  • TLS 1.3 in transit and AES-256 at rest.
  • PII is encrypted at rest and tokenized during HTTPS/TLS 1.3 transit.
  • Role-based access control: Global Admin, Portfolio Manager, Coordinator, and Vendor (secure-link view-only access).
  • Per-workspace isolation of property, request, and uploaded content, with row-level security in our database.
  • Audit logging of administrative and security-relevant actions, retained for 3 years.
  • 99.9% availability SLA with 24/7 automated monitoring and a 1-hour critical response window.
  • Vulnerability reporting at security@leasefix.co.

For a copy of the SOC 2 report under NDA or to complete a security questionnaire, contact security@leasefix.co.

Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate personal data.
  • Request deletion of personal data.
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent for marketing communications at any time via /unsubscribe or /email-preferences.

For account-holders, most of these are self-service inside your workspace settings. For tenants, vendors, or owners whose data is stored in a customer's workspace, please contact that property management company first; we will support them in fulfilling your request. You may also contact us at privacy@leasefix.co.

Children

LeaseFix is not directed to children under 16 and we do not knowingly collect personal data from them.

International transfers

Our infrastructure may process data in regions outside your home country. Where required, we use standard contractual safeguards with our subprocessors to govern those transfers.

Changes to this policy

When we make a material change, we will update the date above and notify workspace admins by email or in-app notice at least 14 days before the change takes effect.

Contact us

Privacy: privacy@leasefix.co
Legal: legal@leasefix.co
Security: security@leasefix.co

10127 Morocco St #195, San Antonio, TX 78216, United States