This Data Processing Agreement ("DPA") forms part of the Terms of Service between you (the "Customer" or "Data Controller") and Soliroush LLC (the "Processor"), operating iRentfy (located at https://irentfy.com).
This DPA governs the processing of personal data by Soliroush LLC on your behalf. By using our services, you agree to the terms of this DPA. If you do not agree, you must cease using the services immediately.
1. Definitions
- "Data Controller" — you, the Customer, who determines the purposes and means of processing Personal Data
- "Data Processor" — Soliroush LLC, which processes Personal Data on behalf of the Controller solely for the purpose of providing the Services
- "Personal Data" — any information relating to an identified or identifiable natural person, processed by the Processor on behalf of the Controller
- "Processing" — any operation performed on Personal Data, including collection, recording, storage, retrieval, transmission, or deletion
- "Sub-processor" — any third party engaged by Soliroush LLC to assist in processing Personal Data in connection with delivering the Services
- "Data Subject" — the natural person to whom Personal Data relates (e.g., a tenant applicant, event guest, or end user)
2. Scope and Nature of Processing
Soliroush LLC provides software services including property management facilitation (iRentfy). Processing under this DPA is limited strictly to what is necessary to deliver these services.
- We will process Personal Data only as necessary to perform the Services and strictly in accordance with your documented instructions
- The categories and types of Personal Data processed are determined entirely by you as the Controller (e.g., tenant application details)
- The duration of processing corresponds to the term of your active subscription and applicable data retention obligations
3. Controller Obligations and Sole Liability
As the Data Controller, you are solely responsible and liable for the legality, accuracy, and quality of the Personal Data you submit to our systems.
- You warrant that you have obtained all necessary consents, legal bases, and authorizations required under applicable data protection laws (including GDPR and CCPA) to collect, transfer, and process the Personal Data through our platform
- You agree not to submit unlawfully obtained data, illegally intercepted communications, or specially regulated categories of data without executing appropriate additional legal agreements
- Soliroush LLC is indemnified against any fines, claims, or damages arising from your failure to secure the proper legal basis for the data you input into our systems
4. Processor Obligations
As the Data Processor, Soliroush LLC agrees to:
- Process Personal Data only on your documented instructions, and promptly inform you if an instruction would violate applicable law
- Ensure all authorized personnel who access Personal Data are bound by enforceable confidentiality obligations
- Not sell, retain, use, or disclose Personal Data for any purpose other than providing the Services you have contracted for
- Assist you, to the extent reasonably possible, in responding to Data Subject rights requests (access, erasure, portability, etc.)
- Notify you without undue delay (and no later than 72 hours) upon becoming aware of a Personal Data breach affecting your data
- Make available to you all information necessary to demonstrate compliance with this DPA
5. Security Measures
Soliroush LLC implements appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, but are not limited to:
- Encryption of data in transit (TLS 1.2+) and at rest
- Role-based access controls and least-privilege principles
- Firebase App Check enforcement to prevent unauthorized API access
- Regular security reviews, access audits, and vulnerability management
- Incident response and breach notification procedures
6. Sub-processing
You provide general authorization for Soliroush LLC to engage Sub-processors to assist in delivering the Services. Current sub-processors include cloud infrastructure providers (Google Cloud Platform, Firebase).
We will:
- Ensure all Sub-processors are bound by data protection obligations equivalent to those in this DPA
- Maintain an updated list of Sub-processors, available to you upon request
- Notify you of any intended addition or replacement of Sub-processors with reasonable advance notice, giving you the opportunity to object
7. Data Subject Rights
If a Data Subject contacts Soliroush LLC directly to exercise a privacy right, we will promptly notify you of the request and provide reasonable technical assistance to help you fulfill your legal obligations. You, as the Controller, are solely responsible for responding to Data Subject requests within the timeframes required by applicable law.
8. International Data Transfers
Where Personal Data is transferred outside the EEA or UK, Soliroush LLC will ensure such transfers are conducted under a valid legal mechanism (e.g., EU Standard Contractual Clauses, adequacy decisions, or equivalent frameworks), providing an equivalent level of protection.
9. Deletion or Return of Data
Upon termination or expiration of your subscription, Soliroush LLC will, at your written request, delete or return all Personal Data within 30 days. Residual copies will be deleted from backup systems within the applicable backup retention window.
10. Audit Rights
You may, upon reasonable written notice (at least 30 days), conduct or commission an audit of Soliroush LLC's data processing practices as they relate to your data, subject to reasonable confidentiality obligations.
11. Contact Us
For questions regarding this Data Processing Agreement or to exercise your rights under it:
Get in touch using our Contact Form