Privacy Policy

1. Scope and Who This Policy Covers

This Privacy Policy applies to information collected by Verilyst LLC, a California limited liability company doing business as ResLife.app ("Company," "we," "us"), through the ResLife.app platform and website (collectively, the "Platform").

The Company's direct contractual relationship is with professional community management companies ("Subscribers"). Residents, board members, and other individuals whose information is processed through the Platform are End Users whose information is submitted by the Subscriber. The Subscriber is responsible for obtaining any necessary consents from End Users prior to submitting their personal information to the Platform.

This Policy does not apply to third-party services we link to (such as payment processors or communication services), which have their own privacy policies.

2. Information We Collect

We collect the following categories of information:

A. Account and Contact Information

When a Subscriber creates an account, we collect the account administrator's name, business email address, phone number, and mailing address. Subscribers may also add individual staff users, each of whom provides a name and email address.

B. End User Information (submitted by Subscribers)

Subscribers upload information about the individuals they manage — including property owners, tenants, and board members — such as name, email address, phone number, mailing address, unit number, and lease or ownership status. This information is processed on behalf of the Subscriber, who controls what is submitted.

C. Payment and Billing Information

Subscription billing is processed through Stripe, Inc. We collect the billing contact name and email. We do not store full credit card numbers or bank account numbers — those are tokenized and stored by Stripe in accordance with PCI-DSS standards. ACH payment information is similarly handled by Stripe. To review Stripe's privacy practices, visit stripe.com/privacy.

D. Uploaded Documents and Content

Subscribers may upload documents including governing documents (CC&Rs, bylaws, rules), vendor contracts, correspondence, photos, and other operational files. These documents may contain personal information about individuals.

E. Usage and Technical Information

When you access the Platform or the ResLife.app marketing website, we automatically collect technical information including: IP address, browser type and version, operating system, device type, referring URLs, pages viewed, time and duration of visits, and other interaction data. On the marketing website, this information is collected through Google Analytics, deployed via Google Tag Manager. This data is used to operate, maintain, and improve the Platform. See our Cookie Policy for details on specific cookies set.

F. Communications

If you contact us by email or through the Platform's support channels, we retain records of those communications including any personal information you provide.

3. How We Use Information

We use collected information for the following purposes:

• Platform operation: providing, maintaining, securing, and improving the Platform;
• Account management: creating and managing Subscriber accounts, authenticating users, and delivering support;
• Billing: processing subscription payments, invoicing, and managing collections;
• Communications: sending service notices, product updates, security alerts, and responding to inquiries;
• AI features: processing uploaded documents and records through AI models to generate drafts, extract key terms, and surface insights — all within the context of the Subscriber's data, not pooled across Subscribers;
• Analytics and improvement: using aggregated, anonymized usage data to understand how the Platform is used and improve its features;
• Legal compliance: complying with applicable law, regulation, legal process, and government requests.

We do not use Subscriber Data or End User personal information for cross-Subscriber advertising, behavioral targeting, or sale to third-party data brokers.

4. How We Share Information

We do not sell personal information. We share information only in the following limited circumstances:

• Service Providers: We engage third-party vendors to help operate the Platform and our marketing website, including: cloud infrastructure (Google Cloud Platform), payment processing (Stripe), email delivery services, website analytics (Google Analytics), and tag management (Google Tag Manager). These vendors process information only as directed by us and are contractually prohibited from using it for other purposes. Google Analytics data is processed under a data processing agreement; IP anonymization is enabled and data sharing with Google advertising products is disabled.
• Within the Subscriber's organization: End User information is accessible to other authorized End Users of the same Subscriber account, as determined by the Subscriber's configured access controls.
• Legal requirements: We may disclose information when required by law, subpoena, court order, or other valid legal process, or when we reasonably believe disclosure is necessary to protect rights, property, or safety.
• Business transfers: If the Company is involved in a merger, acquisition, or sale of assets, Subscriber information may be transferred as part of that transaction. We will notify affected Subscribers prior to any such transfer that would result in a material change to this Privacy Policy.
• With your consent: We may share information for other purposes with the Subscriber's explicit consent.

5. AI Features and Data Processing

The Platform includes AI-powered features that process Subscriber Data — including uploaded documents and operational records — to generate drafts, extract key information, and produce summaries. These features are powered by third-party large language model (LLM) services.

When Subscriber Data is sent to an AI model provider, it is transmitted under a data processing agreement that prohibits the provider from using Subscriber Data to train its general models or for any purpose other than returning a response to the Company. We select AI providers that offer enterprise data protection terms consistent with this policy.

AI-generated output is returned to the authorized user within the Subscriber's account and is not accessible to other Subscribers. No Subscriber's data is used to improve the AI features for another Subscriber.

6. Data Retention

We retain Subscriber Data for the duration of the active subscription and for up to ninety (90) days after termination to allow for data export. After that period, Subscriber Data is deleted from production systems within a commercially reasonable time, unless a longer retention period is required by law.

Anonymized and aggregated usage data that does not identify individuals may be retained indefinitely for analytics and product improvement purposes.

Account and billing records are retained for seven (7) years after the subscription ends to satisfy tax and financial recordkeeping requirements.

7. Security

We implement commercially reasonable technical and organizational measures to protect personal information, including TLS encryption for data in transit, encryption of sensitive data at rest, role-based access controls, and deployment on Google Cloud Platform infrastructure. However, no internet transmission or electronic storage is completely secure, and we cannot guarantee absolute security.

8. California Privacy Rights (CCPA)

California residents whose personal information is processed by the Company have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, our purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions (e.g., information needed to complete a transaction, detect security incidents, comply with a legal obligation, or fulfill a contract).
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell personal information or share it for cross-context behavioral advertising. You do not need to opt out.
• Right to Limit Use of Sensitive Personal Information: We collect payment and financial information only as necessary to provide the Platform. We do not use it for purposes beyond those described in this Policy.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To submit a CCPA request, email legal@reslife.app with the subject line "California Privacy Request." We will respond within 45 days, with one permitted extension of an additional 45 days when reasonably necessary.

Note for End Users: If your personal information was submitted to the Platform by a Subscriber (your management company), please direct your privacy request to that Subscriber in the first instance. We will assist Subscribers in responding to valid End User requests as required by law.

9. Children's Privacy

The Platform is intended for use by business professionals and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify Subscribers by email and update the "Last updated" date at the top of this page. We encourage you to review this Policy periodically.

11. Contact Us