Privacy Policy

Slumlords LLC operates the Slumlords tenant review platform at slumlords.app. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your personal information.

By using the platform, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the platform.

We encourage you to read this Privacy Policy alongside our Terms of Service and Community Guidelines.

Information You Provide Directly

• Account information: Full name, email address, and password. Passwords are cryptographically hashed using the scrypt algorithm and are never stored in plaintext.
• Profile information: Display name and optional profile avatar image.
• Content: Property ratings (overall and category scores), comments, review text, and images you upload.
• Preferences: Your anonymization default (whether new content is posted anonymously or with your identity visible), theme preference, and notification settings.
• Reports: If you report content, we collect the reason for the report and any additional detail you provide.
• Communications: If you contact us directly, we collect the content of your communications.

Information from Third-Party Services

• Google OAuth: If you sign in with Google or link your Google account, we receive your Google account ID, name, email address, and profile picture URL from Google. We use this to authenticate your identity and, if you choose, to display your Google profile picture as your avatar.
• Google Maps: When you search for properties or addresses, your search queries are sent to Google’s Geocoding and Places APIs through our servers (not directly from your browser). We cache Google Maps responses for up to 30 days to improve performance and reduce API usage, in compliance with Google’s Terms of Service.

Information Collected Automatically

• Cookies: We use cookies strictly for authentication and core functionality. See Section 7 for a complete list of cookies we use.
• HTTP headers: Standard information transmitted by your browser, including your IP address, User-Agent string, and referring URL. This information is recorded in server logs.

We use the information we collect for the following purposes:

• Platform operation: To provide, maintain, and operate the Slumlords platform, including displaying property reviews, facilitating discussions, and rendering maps.
• Identity verification: To confirm email ownership through a verification link before allowing you to post reviews or comments, and to manage verification tiers based on linked authentication providers (currently Google). Sign-up is gated by Cloudflare Turnstile, an invisible bot-detection challenge that does not require personal information.
• Content moderation: To enforce our Community Guidelines using a combination of automated text and image classification systems, AI-powered content review, and manual human review by platform administrators.
• Notifications: To send you notifications about activity relevant to your account, such as replies to your comments. Notifications may be delivered via email (through Resend) and/or through the platform’s in-app notification system.
• Terms enforcement: To detect and prevent fraud, abuse, and violations of our Terms of Service, including detecting multiple accounts and coordinated inauthentic behavior.
• Improvement: To understand usage patterns in aggregate and de-identified form to improve the platform. We do not use individual personal data for this purpose.
• Aggregate data products: To create, compile, and distribute aggregate, de-identified statistical data products derived from User Content. These products contain statistical analyses of rental housing conditions and trends — such as regional housing quality indices, maintenance responsiveness metrics, and comparative area analyses — and do not contain personal information or individually identifiable data. See our Terms of Service, Section 04 for details on our de-identification standards and practices.

Service Providers

We share personal information with the following categories of service providers, solely to the extent necessary to operate the platform:

Public Display

Slumlords is a public review platform. The following information is visible to all users and visitors:

• Non-anonymous posts: Your name (or display name) and avatar are displayed alongside your ratings, comments, and reactions.
• Anonymous posts: A deterministic pseudonym (e.g., “Crimson Falcon”) is displayed instead of your identity. Your real name, email, and other identifying information are never exposed to other users for anonymous content.
• All content: Ratings, review scores, comments, and approved images are publicly accessible regardless of anonymization setting.

Aggregate & De-Identified Data Products

Slumlords creates and sells aggregate, de-identified statistical data products derived from user-generated content on the platform. These products contain statistical analyses, indices, trends, and metrics about rental housing conditions. They do not contain personal information as defined by the CCPA.

All data products meet the CCPA/CPRA definition of “de-identified information” under Cal. Civ. Code Section 1798.140(m):

• Individual users cannot reasonably be identified from the data products
• Slumlords implements and maintains technical safeguards to prevent re-identification, including minimum aggregation thresholds ensuring that no data point is derived from fewer than a defined minimum number of unique reviewers
• All data product recipients are contractually bound not to attempt to re-identify any individual from the data products

Because these products are de-identified and do not constitute “personal information” under the CCPA, their creation and sale does not trigger the right to opt out of sale under Cal. Civ. Code Section 1798.120.

California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request that we delete the personal information we have collected about you, subject to certain exceptions (such as information necessary to complete a transaction or comply with legal obligations).
• Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale/Sharing: Slumlords does not sell personal information. We do sell aggregate, de-identified statistical data products derived from user-generated content, but because these products constitute “de-identified information” — not “personal information” — under the CCPA (Cal. Civ. Code Section 1798.140(m)), the right to opt out of sale does not apply to them. We do not share personal information for cross-context behavioral advertising. If you have questions or concerns about this distinction, contact us at [email protected].
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your CCPA rights, contact us at [email protected]. We will verify your identity before processing your request. We will respond to verified requests within 45 days, as required by law.

All Users

Regardless of your location, you may:

• Access your data: View your account information, ratings, and comments on your profile page.
• Correct your data: Update your name, display name, avatar, and preferences on your profile page.
• Delete your account: Request account deletion by contacting us at [email protected]. We will delete your account data within 30 days. Content you posted will be anonymized (your identity will be permanently severed from the content) to maintain platform integrity.
• Unsubscribe from emails: Click the unsubscribe link in any notification email, or toggle email notifications off in your profile’s notification preferences.
• Delete your content: Delete individual ratings and comments through the platform interface.

We retain different types of data for different periods based on their purpose:

We use cookies exclusively for authentication and core platform functionality. We do not use advertising, analytics, or tracking cookies. The following table lists every cookie used by the platform:

Because all cookies used by Slumlords are strictly necessary for platform functionality or serve basic user preferences, no cookie consent mechanism is required under applicable U.S. law. We provide this disclosure for transparency.

Local Storage. We may use your browser’s local storage to persist non-sensitive preferences, such as cookie notice dismissal state. Local storage data is not transmitted to our servers.

We implement multiple layers of security to protect your personal information:

• Password hashing: Passwords are hashed using the scrypt key derivation function with strong parameters (N=16384, r=8, p=1, 64-byte derived key). We never store or log plaintext passwords.
• Transport encryption: All data is transmitted over HTTPS/TLS encryption. Unencrypted HTTP connections are not accepted.
• Cookie security: Authentication cookies are set with the HttpOnly, Secure, and SameSite=Lax flags to prevent cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.
• Image upload security: Image uploads use presigned URLs with a 5-minute expiration window. Uploaded images undergo automated scanning before being made publicly accessible.
• Multi-factor authentication: We support TOTP (authenticator app) and passkey (WebAuthn) multi-factor authentication for additional account security.
• Rate limiting + bot detection: We implement per-IP rate limiting on authentication endpoints to prevent brute-force attacks, and Cloudflare Turnstile gates sign-up and login against automated abuse. Email verification links expire after 24 hours and resends are capped at 3 per hour per account.

While we take reasonable measures to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your data.

Slumlords is not intended for use by anyone under the age of 18. The platform relates to rental housing, which involves legal agreements that require adult capacity.

We do not knowingly collect personal information from children under the age of 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe that a child under 13 has provided personal information to us, please contact us at [email protected].

Slumlords is operated from the United States. If you access the platform from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

By using the platform, you consent to the transfer of your information to the United States and its processing in accordance with this Privacy Policy.

We do not currently specifically target users in the European Economic Area (EEA) or the United Kingdom. If we expand our services to these regions in the future, we will update this Privacy Policy to comply with the General Data Protection Regulation (GDPR) and applicable local laws.

In the event of a data breach that compromises your unencrypted personal information, we will notify affected users in accordance with applicable law, including California Civil Code Section 1798.82.

Notification will be provided via email to the address associated with your account and/or through a conspicuous posting on the platform, as required by applicable law. Notification will include a description of the breach, the types of information involved, and steps you can take to protect yourself.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

• Sending an email to the address associated with your account
• Posting a notice on the platform
• Updating the “Last updated” date at the top of this page

We encourage you to review this Privacy Policy periodically. Your continued use of the platform after the effective date of any changes constitutes your acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

California residents may also designate an authorized agent to make requests on their behalf. Authorized agents must provide proof of authorization and identity verification.