Privacy Policy

Schedularly, LLC (“Schedularly,” “we,” “our,” or “us”), headquartered in Alpharetta, Georgia, operates a proprietary Software-as-a-Service (SaaS) platform enabling residential Tenants to compile, maintain, and selectively disclose a portable Rental Record documenting their rental history. Landlords and property managers (“Landlords”) may access Tenant-provided data only when a Tenant explicitly initiates an Authorized Disclosure within the platform.

This Privacy Policy explains:

• What personal data we collect, and why;
• How we store, secure, and retain that data;
• The conditions under which data is disclosed to Landlords;
• Your rights as a data subject under applicable federal and state law; and
• How to contact us to exercise those rights.

By creating an account or using the Schedularly platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any provision herein, you must cease use of the platform and contact us to request deletion of your data.

2.1 What We Are

Schedularly functions as a neutral Information Processor. We provide the technical infrastructure and platform for Tenants to self-report, organize, and — upon their sole election — share their rental history data. We do not independently investigate, score, rate, or adjudicate any Tenant. We do not originate reports about Tenants; we only transmit data that Tenants themselves have entered and chosen to share.

2.2 What We Are Not

Schedularly is expressly NOT a Consumer Reporting Agency (CRA) as defined under 15 U.S.C. § 1681a(f) of the FCRA. Specifically:

• Schedularly does not assemble or evaluate information for the purpose of furnishing "consumer reports" to third parties;
• Schedularly does not prepare, compile, or generate reports used to determine a consumer's eligibility for credit, insurance, employment, or housing independently of the Tenant's own action;
• No Landlord may use the Schedularly platform to initiate a background or credit investigation of a Tenant without that Tenant's prior Authorized Disclosure;
• Schedularly data is not sold, licensed, or provided to tenant screening companies, background check aggregators, or consumer reporting networks.

Tenants and Landlords acknowledge that Schedularly's platform does not replace and is not a substitute for legally compliant tenant screening conducted by a licensed CRA. Landlords who require FCRA-compliant credit or criminal background checks must obtain those separately from an authorized CRA.

We adhere strictly to the principle of data minimization: we collect only the personal data that is adequate, relevant, and limited to what is necessary for the purposes described in this Policy.

3.1 Data Collection Summary

3.2 Data We Do NOT Collect

• Social Security Numbers (SSN) or Individual Taxpayer Identification Numbers (ITIN) — unless voluntarily provided and consented to for identity verification, and then processed under enhanced security controls;
• Bank account numbers, routing numbers, or credit/debit card numbers for any purpose other than payment processing (handled exclusively by our PCI-DSS compliant payment processor);
• Biometric data of any kind;
• Medical or health information;
• Immigration status;
• Information about criminal history (Schedularly is not a background check service);
• Data from social media platforms without explicit consent;
• Location data beyond the property addresses Tenants self-report in their Rental Record.

3.3 How Data Is Collected

• Direct Input by Tenant: All Rental Record data is self-reported by Tenants through the platform interface. Schedularly does not independently source, supplement, or verify Tenant-reported data from third-party databases.
• Landlord Verification: When a Tenant initiates an Authorized Disclosure, the receiving Landlord may submit a verification response (confirming, disputing, or noting data). This Landlord-submitted verification data is stored as part of the Verification Record (see Section 6 for retention rules).
• Automated Technical Collection: Technical Data (IP addresses, device/browser information) is collected automatically through cookies, server logs, and standard web technologies when you access the platform. See our Cookie Policy for details.
• Communications: Data submitted through support tickets, emails to privacy@schedularly.com, or in-platform messaging.

4.1 How Authorized Disclosure Works

1. 1

   Tenant Initiation

   The Tenant must actively navigate to the "Share Record" feature within their account dashboard and select a specific Landlord recipient (by email address or Landlord platform ID).

2. 2

   Scope Selection

   The Tenant chooses which components of their Rental Record to share (e.g., full record, specific address history only, payment history only). Partial disclosure is supported.

3. 3

   Consent Confirmation

   The Tenant must affirmatively confirm the disclosure via a two-step confirmation interface (selection + explicit "Confirm & Share" action). No sharing occurs through inferred consent, pre-ticked boxes, or default settings.

4. 4

   Disclosure Log

   An immutable, timestamped disclosure log entry is created in the Tenant's account, recording: (i) the data shared; (ii) the Landlord recipient; (iii) the date and time; and (iv) the Tenant's IP address and device fingerprint at time of disclosure.

5. 5

   Landlord Receipt

   The Landlord receives a read-only export of the disclosed data elements. The Landlord does not receive access to the Tenant's live account or any undisclosed data.

4.2 Landlord as Independent Data Controller

Upon receipt of an Authorized Disclosure export, the Landlord becomes an independent, autonomous data controller of that specific exported dataset. This means:

• The Landlord — not Schedularly — is solely responsible for its processing, storage, use, security, and deletion of the exported data;
• The Landlord must comply with all applicable privacy laws (including FCRA, CCPA, VCDPA, and state landlord-tenant laws) in its use of the disclosed data;
• Schedularly has no control over, and bears no liability for, a Landlord's handling of data after a completed Authorized Disclosure;
• Tenants are encouraged to review a Landlord's privacy practices before initiating an Authorized Disclosure.

Schedularly contractually requires Landlords who maintain platform accounts to acknowledge their independent controller status and to agree to use disclosed data only for legitimate rental evaluation purposes. However, Schedularly cannot guarantee Landlord compliance after data export.

4.3 Revocation of Access

A Tenant may revoke a Landlord's platform access to a previously shared Rental Record at any time through the account dashboard. Revocation removes the Landlord's ability to view the record within the Schedularly platform. However, revocation does not and cannot delete any copy of the data the Landlord may have retained independently following the initial export.

5.1 No Sale, Rental, or Trade of Personal Data

Schedularly does not, and will not:

• Sell personal data to any third party for monetary or non-monetary consideration;
• Rent, license, or trade personal data to third-party marketers, advertisers, data brokers, or data aggregators;
• Provide Tenant data to "people search" websites, public record aggregators, or tenant screening companies for independent product development;
• Share personal data with advertising networks for behavioral targeting or cross-context advertising purposes;
• Allow third parties to collect personal data through the Schedularly platform for their own independent commercial purposes.

This prohibition applies regardless of whether such transfer would be characterized as a “sale” under California law (CCPA/CPRA), Virginia law (VCDPA), or any other applicable statute.

5.2 No Automated Decision-Making or Profiling

Schedularly does not use personal data for:

• Automated Decision-Making, as defined under Article 22 of the GDPR (decisions based solely on automated processing that produce legal or similarly significant effects on individuals);
• Profiling, as defined under GDPR Article 4(4) or equivalent state law definitions (automated processing to evaluate personal aspects such as economic situation, reliability, behavior, or interests);
• Generating a "rental score," "tenant rating," "reliability index," or any algorithmic assessment of a Tenant's suitability, creditworthiness, or risk level;
• Any machine learning or AI model training that would produce individualized inferences about Tenants beyond the data they have explicitly provided.

5.3 No Unauthorized Third-Party Sharing

Personal data is not shared with third parties except in the following strictly limited circumstances:

• Service Providers (Processors): Third-party vendors engaged to provide infrastructure services (e.g., cloud hosting, payment processing, email delivery) under binding data processing agreements that prohibit any independent use of Tenant data;
• Authorized Disclosures: As described in Section 4, solely upon Tenant initiation;
• Legal Requirements: When required by valid legal process (court order, subpoena, regulatory demand) — see Section 9;
• Protection of Rights: Where necessary to investigate fraud, prevent illegal activity, or protect the safety of users or the public, limited to the minimum data necessary.

Schedularly retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law.

6.1 Retention Schedule

6.2 The Seven-Year Retention Rule for Verification & Dispute Records

The seven-year retention period for Verification and Dispute Records is grounded in the following specific legal bases:

Schedularly implements administrative, physical, and technical safeguards proportionate to the sensitivity of the personal data we process. Given that Rental Records may contain detailed financial and residential history, we treat this data with heightened protection.

7.1 Technical Security Measures

7.2 Organizational Security Measures

• Privacy by Design: New features and data processing activities undergo a Privacy Impact Assessment (PIA) before deployment;
• Employee Training: All Schedularly employees with access to personal data complete mandatory data privacy and security training annually;
• Vendor Due Diligence: Third-party service providers are vetted for security standards before engagement and subject to contractual data processing obligations;
• Incident Response Plan: Schedularly maintains a documented data breach response plan, including notification procedures consistent with state breach notification laws.

7.3 Breach Notification

• Georgia's Personal Identity Protection Act (O.C.G.A. § 10-1-912): Notice to affected Georgia residents within a reasonable time, not to exceed 30 days after discovery where technically feasible;
• California Civil Code § 1798.82 (CCPA/CPRA): Notice to affected California residents in the most expedient time possible and without unreasonable delay;
• Virginia Code § 18.2-186.6: Notice to affected Virginia residents in the most expedient time possible.

Notification will be provided via the email address associated with your account. You are responsible for maintaining a current email address.

8.1 Rights Available to All Users

• Right of Access: Request a copy of the personal data Schedularly holds about you;
• Right to Rectification: Request correction of inaccurate personal data. Note: Schedularly will note a Tenant-requested correction; however, pre-existing Landlord Verification Records reflecting prior data cannot be retroactively altered — see Section 6.2;
• Right to Erasure (Account Closure): Request deletion of your account and Tenant-reported data. Deletion occurs within 30 days of a verified request, subject to the 7-year retention obligations for Verification and Dispute Records;
• Right to Data Portability: Request your Rental Record in a structured, machine-readable format (JSON or PDF);
• Right to Restrict Processing: Request that we limit our use of your data in certain circumstances;
• Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time (withdrawal does not affect prior lawful processing).

Schedularly may be required by valid legal process to disclose personal data to law enforcement agencies, courts, or regulatory bodies. When faced with such demands:

• We will review all requests for legal validity and scope before complying;
• We will disclose only the minimum personal data required to satisfy the legal obligation;
• Where legally permitted, we will notify affected users prior to disclosure so they may seek a protective order or other legal remedy;
• We will maintain a record of all compelled disclosures.

Schedularly will not voluntarily provide personal data to law enforcement absent a legally valid and binding demand. We do not participate in voluntary surveillance programs or provide “back door” access to any government entity.

Schedularly uses cookies and similar tracking technologies (web beacons, pixels, session tokens) to operate the platform and improve user experience. We use:

You may manage cookie preferences through your browser settings. Disabling strictly necessary cookies will impair platform functionality. Our full Cookie Policy is available at schedularly.com/cookies.

To exercise any privacy right described in this Policy, or to submit questions, concerns, or complaints regarding our data practices, please contact us through any of the following methods:

We will acknowledge receipt of your request within 5 business days and respond substantively within the timeframe required by applicable law (generally 30–45 days). We may require verification of your identity before processing requests to protect against fraudulent claims.

If you are not satisfied with our response, you have the right to lodge a complaint with your applicable state Attorney General. California residents may contact the California Privacy Protection Agency (CPPA) at www.cppa.ca.gov. Virginia residents may contact the Virginia Attorney General's Office.

Schedularly reserves the right to update this Privacy Policy to reflect changes in our practices, legal obligations, or platform features. When we make material changes:

• We will update the "Last Updated" date at the top of this document;
• We will notify registered users via email to their account email address at least 14 days before the changes take effect;
• For material changes affecting data sharing practices, we will request re-confirmation of consent where required by law.

Continued use of the Schedularly platform after the effective date of any revised Privacy Policy constitutes acceptance of the revised terms. If you do not accept the revised terms, you must cease use of the platform and request account closure.

13.1 Children's Privacy

Schedularly is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has created an account, we will promptly delete that account and associated data. Parents or guardians who believe a minor has provided data to Schedularly should contact us immediately at privacy@schedularly.com.

13.2 International Users

Schedularly is designed for use within the United States. If you access the platform from outside the United States, you do so voluntarily and are responsible for compliance with local laws. Data processed through the platform is stored on servers located within the United States. By using the platform from outside the US, you consent to the transfer and processing of your data in the United States.

13.3 Links to Third-Party Sites

The Schedularly platform may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites. Schedularly has no control over and assumes no responsibility for the privacy practices of any third-party site. We encourage you to review the privacy policy of every site you visit.

13.4 Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Georgia, without regard to its conflict of law provisions, and applicable federal law, including but not limited to the FCRA and the Electronic Communications Privacy Act.