Adaptive
Rate Management
Legal13 sectionsLast updated March 6, 2026

Privacy Policy

This policy describes how Adaptive Rate Management handles account, workspace, operational, and public-profile data in the product as it exists today. It is written for a business software context and should be read together with any signed order form or other commercial agreement that governs a customer relationship.

Product scope
Authenticated workspaces, public facility profiles, comp intelligence, approvals, audit history, and exports.
Default data posture
PMS-origin data is only processed when a customer intentionally connects an integration.
Contact
Privacy and data-handling questions should be sent to legal@adaptiveratemanagement.com.
This Privacy Policy describes current service data practices. If a signed customer agreement imposes more specific privacy or data-processing terms, that agreement controls for the covered customer relationship.
On this page
Use the section index to jump directly to the part you need.

1. Scope and service context

This Privacy Policy explains how Adaptive Rate Management LLC and its affiliates operating the Adaptive Rate Management service ("ARM", "we", "our", or "us") collect, use, disclose, store, and protect personal information and related business data.

ARM is business software for self-storage operators. The current product supports organization accounts, facility and portfolio workspaces, comp intelligence, pricing recommendations, approvals, audit records, exports, and public facility profile pages. This policy applies to those product surfaces and to the public marketing site.

2. Privacy roles: customer and ARM

  • For workspace content, pricing workflows, exports, and other data a customer places into the service, the customer generally acts as the controller or business and ARM generally acts as a processor or service provider operating under customer instructions.
  • For account security, product administration, billing, abuse prevention, service reliability, and legal compliance, ARM may act as an independent controller.
  • If you use ARM through an employer or organization, that organization controls most workspace-level decisions, including user access, role assignment, and retention instructions for its own workspace data.

3. Information we collect

Depending on how the service is configured and used, ARM may collect the following categories of information:

  • Account and identity data: name, email address, user ID, organization membership, role, authentication state, invitation status, and sign-in metadata.
  • Workspace and operational data: organization settings, portfolios, facilities, comp sets, recommendation outputs, proposal records, approvals, change history, exports, and notes entered into the workspace.
  • Audit and system records: timestamps, actor IDs, workflow events, status changes, and similar records used to support traceability and explainability.
  • Technical telemetry: request metadata, browser and device signals, crash and error data, and performance information used to operate and secure the service.
  • Support and communication data: support emails, tickets, attachments, and other communications you send to ARM.
  • Connected-system data: if a customer enables a supported integration, ARM may receive the mapped facility, pricing, inventory, or other operational data made available through that connection. ARM does not treat PMS-origin data as connected unless the integration is actually enabled.

4. Sources of information

  • Directly from users during onboarding, login, workspace use, demo requests, and support interactions.
  • From customer administrators who create organizations, manage users, and assign roles.
  • From public and commercial data providers used for facility profiles, comp intelligence, and market context.
  • From connected systems and integrations that a customer authorizes.
  • From infrastructure, monitoring, and security providers that support operation of the service.

5. How we use information

  • Authenticate users, maintain secure sessions, and enforce role-based access controls.
  • Operate facility profiles, comp workflows, pricing recommendations, approval flows, exports, and reporting.
  • Maintain audit history, explainability records, and workflow traceability.
  • Monitor reliability, detect abuse, investigate incidents, and protect the service from misuse.
  • Provide support, respond to inquiries, and send service-related notices.
  • Improve product quality using usage, reliability, and de-identified analytical signals where reasonable.
  • Comply with legal obligations, enforce contractual rights, and resolve disputes.

6. Public facility profiles and shared baseline data

ARM maintains public or shared baseline facility-profile data used for comp intelligence, benchmarking, and public property pages. That baseline information is distinct from customer-private workspace overlays, internal pricing decisions, proposal history, and customer-entered notes.

Information intentionally designated as public profile data may be displayed across customers or on public-facing pages. Customer-private workspace data is not treated as public baseline data unless ARM clearly identifies it as a public data field and the product workflow permits that use.

7. How we share information

  • Within your organization: information may be visible to authorized users according to configured roles and permissions.
  • Infrastructure and service providers: ARM uses vendors for hosting, authentication, storage, observability, transactional messaging, and similar operational functions under contractual confidentiality and security obligations.
  • Legal or protective disclosures: ARM may disclose information when required by law, court order, regulation, or lawful governmental request, or when reasonably necessary to protect the service, customers, or others.
  • Corporate transactions: information may be transferred in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality protections.

8. Subprocessors, analytics, and no-sale statement

ARM may engage subprocessors and service providers in categories such as cloud hosting, storage, identity, monitoring, customer communications, and limited model or enrichment providers where a product feature requires them. A current subprocessor list is available on request at legal@adaptiveratemanagement.com.

ARM may use aggregated or de-identified operational data to improve reliability, capacity planning, and product quality. ARM does not sell personal information and does not share personal information for cross-context behavioral advertising within the service.

9. Cookies, local storage, and similar technologies

ARM uses cookies, local storage, and similar technologies for the following purposes:

  • Strictly necessary service functions: authentication, session continuity, route access, and core security controls.
  • Preferences: theme selection, portfolio or workspace context, and similar user interface settings.
  • Operational analytics: limited reliability and usage telemetry used to understand service health and feature quality.

Disabling strictly necessary storage may prevent login or core service use. ARM does not currently operate an advertising-cookie program inside the authenticated product.

10. Data retention and deletion

ARM retains information for as long as necessary to provide the service, preserve auditability and security, support customer operations, comply with law, and enforce agreements. Retention varies by data category and may also depend on customer plan terms, active disputes, legal holds, and technical backup cycles.

Data categoryPrimary purposeRetention approach
Account and organization recordsAccess control, workspace administration, securityRetained for the active customer relationship and for a reasonable period afterward where needed for security, billing, or legal compliance.
Workspace records, proposals, approvals, and audit historyOperational continuity, traceability, explainability, exportsRetained according to customer subscription status, product configuration, contractual obligations, and legitimate operational or legal needs.
Support communicationsIssue resolution, follow-up, service improvementRetained as long as reasonably necessary to resolve the matter, maintain records, and address disputes or compliance obligations.
Security and technical logsThreat detection, abuse prevention, reliability reviewRetained under rolling operational retention schedules, with selected events kept longer when needed for investigations, incident response, or legal obligations.
Backups and disaster recovery copiesBusiness continuity and restorationRetained under rolling backup schedules. Deletion from backups is not immediate and backup media is generally restored only for recovery purposes.

11. Security safeguards and customer responsibilities

  • Role-based access controls and tenant-aware authorization checks.
  • Transport security and controlled administrative access paths.
  • Operational logging, alerting, and incident response procedures.
  • Least-privilege handling for sensitive administrative functions.

Customers remain responsible for user lifecycle management, endpoint security, credential hygiene, and lawful configuration of integrations and imported datasets.

12. Rights, requests, and international transfers

Depending on the laws that apply, individuals may have rights to request access, correction, deletion, portability, objection, or restriction with respect to certain personal information.

If the relevant data is controlled by your employer or organization, you should generally direct the request to your organization first. ARM will assist customers with valid requests where required.

Requests may be sent to legal@adaptiveratemanagement.com. ARM may request information reasonably necessary to verify identity and authority before acting on a request. ARM responds within the time required by applicable law or, if no statutory deadline applies, within a reasonable time.

Data may be processed in countries where ARM or its service providers operate. Where legally required, ARM uses appropriate contractual or operational safeguards for cross-border processing.

13. Policy changes, children, and contact

ARM may update this Privacy Policy to reflect changes in the product, law, or operations. Material updates will be posted in the service or on the website with an updated effective date.

The service is intended for business users and is not directed to children. ARM does not knowingly collect personal information from children through the service.

For privacy questions, data-handling inquiries, or rights requests, contact legal@adaptiveratemanagement.com.