Privacy Policy

Rentouri is operated by Damian Gadomski, a sole trader (Jednoosobowa Działalność Gospodarcza) registered in Poland under NIP: PL5213819318, with a business address at ul. Zamiany 8/LU202, 02-786 Warszawa ("Rentouri", "we", "us", "our").

We operate the website rentouri.com and the ERP platform app.rentouri.com.

For any privacy questions, contact us at: [email protected]

When you register as a guest:

• Email address and password (stored as a one-way hash — we cannot read it)
• First and last name
• Physical measurements: height, weight, shoe size, skill level — used solely to assign correctly sized equipment to your booking

When you make a booking:

• Booking details: dates, equipment type, shop location
• Payment information — processed by Stripe; we never store card numbers or CVVs
• Identity verification status — processed by Stripe Identity; we receive only a pass/fail result

When you use the platform:

• IP address, browser type, device type
• Pages visited and actions taken (server logs)

When you register as a shop owner:

• Business name, VAT/NIP number, registered address
• Bank account details — provided directly to Stripe via their hosted onboarding; we do not store these
• Liability insurance documents — stored in encrypted object storage

• Process bookings and pre-assign equipment matched to your measurements
• Process payments and manage refunds and damage deposit releases
• Send transactional emails: booking confirmation, pickup reminder, return reminder
• Verify your identity before your first booking (Stripe Identity)
• Operate, secure, and improve the platform
• Respond to support requests
• Comply with our legal obligations (tax, consumer law, GDPR)

With rental shops: When you make a booking, we share the minimum necessary information with the relevant shop — your name, phone number, booking dates, and equipment assignment — so they can fulfil the rental. Shops receive this data as independent data controllers and are contractually prohibited from using it for marketing, contacting you outside the Rentouri platform, or sharing it with third parties.

With our service providers (data processors):

• Stripe, Inc. (USA) — payment processing and identity verification. Data is transferred to the US under Standard Contractual Clauses (SCCs). Stripe Privacy Policy: stripe.com/privacy
• Hetzner Online GmbH (Germany) — server hosting and object storage. Data remains within the EU/EEA.
• MapTiler AG (Switzerland) — map tile rendering. Switzerland benefits from an EU adequacy decision. Map tile requests do not include your personal booking data.

We do not sell your data. We do not share your data with advertisers.

When you request account deletion, we anonymise all personal data we are not legally required to retain. Anonymised booking records may be kept for aggregate analytics.

You have the right to:

• Access — request a copy of personal data we hold about you
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion of your data (subject to legal retention requirements)
• Restriction — restrict processing in certain circumstances
• Portability — receive your data in a machine-readable format (JSON or CSV)
• Object — object to processing based on legitimate interest
• Withdraw consent — for any processing based on consent (e.g. marketing emails), at any time without affecting the lawfulness of prior processing

To exercise any right, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Polish supervisory authority: Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw — uodo.gov.pl.

• Strictly necessary cookies: session management and authentication. No consent required — without these the platform cannot function.
• Stripe cookies: set when you interact with the payment form. Required for fraud detection and 3D Secure authentication.
• Analytics cookies: we currently do not use third-party analytics. If we introduce analytics in future, we will update this policy and request your consent first.

We apply industry-standard security measures: TLS 1.3 encryption in transit, encrypted storage at rest, least-privilege access controls, and regular security reviews. No system is 100% secure. If you discover a security vulnerability, please report it responsibly to [email protected].

We may update this policy. For material changes, we will notify registered users by email and update the "Last updated" date above. Continued use of the platform after the notification period constitutes acceptance of the revised policy.

• Data controller: Damian Gadomski
• Email: [email protected]
• Address: ul. Zamiany 8/LU202, 02-786 Warszawa
• Supervisory authority: UODO, ul. Stawki 2, 00-193 Warsaw, Poland