Account Security Notices

1Account Requirement by Tier

RentalMath has three subscription tiers with different account requirements:

• Free Tier: No account is required. Deal data is stored only in your browser's localStorage. No authentication is involved.
• Paid Tier: An account is required. Authentication is managed by Firebase Authentication. An account enables Firestore cloud sync and multi-device access.
• Premium Tier: An account is required. Authentication is managed by Firebase Authentication. An account enables all Paid features plus AI-powered features and premium analytics.

Creating an account constitutes acceptance of the Terms of Use and Privacy Policy.

2Authentication Methods

RentalMath supports the following authentication methods for account holders:

• Email and password: Credentials are managed by Firebase Authentication. We do not store your password in plain text.
• Google Sign-In: OAuth 2.0 authentication via Google. Your Google account credentials are never transmitted to or stored by us.
• Apple Sign-In: OAuth 2.0 authentication via Apple. Your Apple account credentials are never transmitted to or stored by us. Apple may provide a relay email address at your option.

The authentication method you use at account creation determines how you sign in going forward. You cannot switch authentication methods without creating a new account.

3Password and Credential Responsibilities

Your responsibilities include:

• Choosing a strong, unique password if using email/password authentication.
• Keeping your password confidential and not sharing it.
• Notifying us immediately at admin@housatonicholdings.com if you suspect unauthorized access to your account.
• Ensuring your registered email address remains current and accessible, as it is used for authentication recovery and important account notices.

We are not liable for loss or damage arising from your failure to maintain the security of your credentials.

4Password Reset and Recovery Emails

If you use email/password authentication and lose access to your password, you may request a password reset email through the App's sign-in screen. Password reset emails are sent by Firebase Authentication to your registered email address.

If you cannot access your registered email address, account recovery may not be possible. We strongly recommend keeping your registered email address current. To update your email address, sign in and use the account settings, or contact admin@housatonicholdings.com.

If you use Google or Apple Sign-In, password recovery is handled by those providers and is outside our control.

5Social Sign-In (Google and Apple)

When you sign in using Google or Apple, the following applies:

• Your sign-in is authenticated directly with Google or Apple. We receive only a confirmation token and your name and email address from the provider.
• We do not receive your Google or Apple password.
• Revoking RentalMath's access through your Google or Apple account settings will prevent future sign-ins but will not delete your RentalMath account or data. Contact us to delete your account after revoking access.
• The security of your social sign-in account (including two-factor authentication settings) is your responsibility and is governed by Google's or Apple's terms and policies.

See the Third-Party Services Disclosure and Privacy Policy for more on what data we receive from social sign-in providers.

6Session Security

Authentication sessions are managed by Firebase Authentication using secure tokens. The following applies to your session:

• Session tokens are stored in your browser's localStorage and are used to authenticate requests to Firestore.
• Sessions may persist across browser restarts based on your browser's localStorage retention settings.
• Clearing your browser's localStorage or site data will sign you out of the App.
• You should sign out of your account when using shared or public devices. Use your browser's private/incognito mode on shared devices.
• We do not currently support forced remote session invalidation across all devices simultaneously. If you suspect account compromise, change your password (or revoke social sign-in access) and contact us.

All data transmitted between the App and Firebase/Firestore is encrypted using HTTPS/TLS.

7Subscription and Account Relationship

Your subscription is tied to your account (email address). The following applies:

• Subscriptions are non-transferable. You cannot transfer your subscription to another account or person.
• If you create multiple accounts, each account is billed separately. Subscriptions do not apply across accounts.
• Cancelling your subscription does not delete your account. Your account remains active on the free tier.
• Deleting your account cancels any active subscription and triggers the data deletion process described in the Data Retention & Deletion Disclosure.

8Account Compromise

In the event of suspected account compromise:

• Change your password immediately (if using email/password authentication) or revoke RentalMath's access through your Google or Apple account.
• Contact us at admin@housatonicholdings.com with subject "Account Compromise."
• We will investigate and may temporarily suspend the account pending verification.
• We are not liable for any loss resulting from unauthorized account access where you failed to maintain the security of your credentials.

9Account Deletion

To delete your account and all associated data:

• Email admin@housatonicholdings.com with subject "Account Deletion Request" from your registered email address.
• We will verify your identity and process the deletion within a reasonable timeframe.
• Account deletion permanently deletes all Firestore cloud data, your authentication record, and billing metadata we hold. This process is irreversible.
• Stripe's records of your payment history are governed by Stripe's data retention policies and are outside our control.
• We may retain certain information as required by law (e.g., records of transactions for tax purposes).

See the Data Retention & Deletion Disclosure for full details on data deletion timelines.