Legal
Privacy Policy
Effective date: June 26, 2026 · Applies to: habitekgroup.com and kiraye.habitekgroup.com
This policy covers both property owners who use the Kiraye portal and tenants who access the tenant portal. Where your rights or our practices differ by role, we call that out explicitly.
1. Who We Are
Habitek Management Group ("Habitek," "we," "us," or "our") is a DBA of Pothrini Inc., a US-based property management group. We operate the Kiraye owner portal at kiraye.habitekgroup.com and the marketing website at habitekgroup.com.
Questions about this policy: pothrini01@gmail.com
2. What Data We Collect
Property Owners
- Account data: name, email address, password (hashed — never stored in plain text)
- Property data: addresses, purchase prices, valuations, parcel numbers, mortgage details, HOA amounts, insurance premiums, property tax records
- Financial records: transactions, income and expense logs, CPA-ready reports
- Documents you upload: leases, mortgage statements, tax documents, insurance policies, grant deeds, inspection reports, and any other files you store in the Document Vault
- Payment data: Stripe Connect account details for collecting rent (we never store raw card or bank account numbers — Stripe handles this directly)
- Usage data: pages visited, features used, timestamps
Tenants
- Account data: name, email address, password (hashed)
- Lease data: rent amount, lease start/end dates, deposit — entered by your landlord or extracted from your lease document
- Payment history: rent payments processed through Stripe
- Maintenance requests: descriptions, photos, and status updates you submit
- Documents shared with you: files your landlord has explicitly shared through the platform
Data We Do Not Collect
We do not collect Social Security Numbers, government ID numbers, or full credit card numbers at any point. If a document you upload (such as a lease or bank statement) contains this information, it is stored as an opaque file — we do not parse or index that content beyond what you explicitly ask our AI tools to extract.
3. How We Use Your Data
We use your data only to provide and improve the Kiraye platform:
- Authenticate you and keep your account secure
- Display your properties, tenants, transactions, and documents
- Process rent payments between owners and tenants via Stripe
- Run AI document analysis when you explicitly trigger a scan
- Fetch property valuation data from Rentcast when you request a refresh
- Send you deadline reminders (rent due, tax installments, insurance renewals)
- Generate financial reports and tax-ready summaries
We do not sell your data, share it with advertisers, or use it to train AI models.
4. How We Store and Protect Your Data
Your data is stored on Supabase, a SOC 2 Type II compliant infrastructure provider. Key protections include:
- Encryption at rest: AES-256 encryption for all stored data and files
- Encryption in transit: TLS 1.2+ for all data moving between your browser and our servers
- Row-level security (RLS): Database policies enforce that each user can only read and write their own records — no user can access another user's data
- File storage isolation: Documents are stored in a private Supabase storage bucket accessible only to the authenticated owner of each property
- Authentication: Passwords are hashed using bcrypt. Multi-factor authentication (TOTP) is available and strongly recommended
5. Third-Party Services
We share data with the following third parties only to the extent required to operate the platform:
- Supabase (supabase.com) — database, authentication, and file storage. Privacy policy →
- Stripe (stripe.com) — payment processing and Connect accounts. Privacy policy →
- Rentcast (rentcast.io) — property valuation and rent estimate data. Queries contain only property addresses. Privacy policy →
- Google — Street View images for property display (address only, no personal data sent). Privacy policy →
- Anthropic (anthropic.com) — AI document analysis when you use the Scan Bill or Lease Scanner features. Only the content of the document you explicitly submit is sent. Privacy policy →
- Cloudflare — hosting and CDN. Processes request metadata (IP address, user agent) in accordance with their privacy policy.
6. Owner Responsibility for Uploaded Documents
When you upload documents that contain third-party personal information — such as a lease containing a tenant's personal details, or a bank statement containing account numbers — you are responsible for having the legal right to store and process that information. Habitek acts as a data processor on your behalf for those files, not as an independent data controller.
We encourage owners to avoid uploading documents containing unredacted Social Security Numbers, government IDs, or full financial account numbers unless strictly necessary.
7. Your Rights
Regardless of your role, you have the following rights:
- Access: Request a copy of all personal data we hold about you
- Correction: Update inaccurate data at any time through your account settings
- Deletion (right to erasure): Request deletion of your account and all associated data, including uploaded documents. We will fulfill this within 30 days.
- Portability: Request an export of your data in a machine-readable format
- Objection: Object to any processing we carry out beyond strict service delivery
To exercise any of these rights, email pothrini01@gmail.com with the subject line "Data Request."
8. Data Retention
We retain your data for as long as your account is active. If you delete your account:
- Personal account data is deleted immediately
- Uploaded documents are deleted from storage within 30 days
- Anonymized, aggregated usage data (no personal identifiers) may be retained for analytics
- Payment records may be retained for up to 7 years to comply with financial regulations
9. Cookies and Tracking
The Kiraye portal uses only functional cookies required for authentication (session tokens). We do not use advertising cookies or third-party tracking pixels. The marketing website (habitekgroup.com) does not use analytics tracking.
10. Children's Privacy
Our platform is intended for adults managing real property. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us immediately.
11. Changes to This Policy
We will notify registered users by email at least 14 days before any material changes to this policy take effect. Continued use of the platform after that date constitutes acceptance of the updated policy.
12. Contact
Habitek Management Group · A DBA of Pothrini Inc.
Email: pothrini01@gmail.com
Website: habitekgroup.com