Privacy Policy

Effective Date: November 5, 2025
Last Updated: November 5, 2025

Summary of Key Information (Quick Read).

  • What we collect: contact and account details, application and tenancy data, payment information(via our processors), device and usage data, and limited sensitive identifiers(e.g., SSN) for identity verification and application processing.
  • Why: to provide, secure, and improve our Services; process applications and payments; communicate with you; comply with law; and personalize or market where permitted.
  • How we share: with service providers, vendors, affiliates, or as legally required. We do not sell your data for money. We may “share” limited identifiers and online activity data for cross-context behavioral advertising (opt-out available).
  • Your rights: access, delete, correct, portability, opt out of sale/share/targeted ads and limit certain uses of sensitive data. Contact privacy@stonehengenyc.com.

1. Who We Are; Scope; Local Supplements. Stonehenge Management LLC (“Stonehenge,” “we,” “us,” or “our”) is responsible for processing “Personal Information” collected through our websites, mobile apps, resident portals, and any online services that link to this Privacy Policy. This Privacy Policy (this “Policy”) is part of, and incorporated into, the Terms of Use located at https://www.stonehengenyc.com/terms-of-use (the “Terms of Use”). Capitalized terms not defined in this Policy have the meanings given in the Terms of Use. Our Services are intended for use in the United States. Where required by law, we may publish state-specific privacy supplements that modify or supplement this Policy for residents of those states. If a supplement conflicts with this Policy for covered residents, the supplement controls. By accessing and using the Services, you consent to our collection, storage, use and disclosure of your Personal Information and other information as described in this Policy.

2. Categories of Information We Collect. We collect Personal Information (information that identifies or can reasonably be linked to you) and Anonymous/De-Identified Information (data that cannot identify you). The categories may include:

  • Identifiers and Contact Details: Name, address, phone, email, IP address, account credentials, and device identifiers.
  • Applicant and Tenancy Information: employment/income data, rental history, guarantor details, screening results, package notifications, and visitor access logs.
  • Financial Information: Bank and payment details, rent and fee history, billing records.
  • Internet/Network Activity: Browser and device data, Internet Protocol (IP) address, pages visited, clickstream, session duration, error logs.
  • Geolocation Data: Approximate location from IP address or precise location if you enable it on a mobile device.
  • Inferences and Preferences: Property or amenity interests, marketing segments, communication preferences.
  • Sensitive Personal Information (“SPI”): SSN, date of birth, account numbers or credit/debit card numbers, even without a security code, access code, or password if the account could be accessed without such information, or account log-in with password. We collect SPI only as needed for application screening, payments, fraud prevention, or identity verification.

3. Sources of Information.

  • Directly from you (e.g., forms, applications, communications).
  • Automatically through Cookies, Pixels, or similar technologies.
  • From service providers, vendors, and affiliates (e.g., screening, payment, analytics).
  • Public sources and marketing partners.

4. How We Use Information.

  • To provide and operate the Services, including processing applications, payments, and maintenance requests.
  • To communicate with you about your account, property, or inquiries.
  • To comply with law, detect fraud, and protect our residents and property.
  • To analyze, audit, and improve our Services.
  • To send marketing or promotional materials (where permitted).
  • To personalize content or advertising based on your preferences.
  • To perform internal research and benchmarking.
  • To schedule an apartment tour for you.
  • To email brokers with current apartment listings.
  • To send administrative emails.
  • To process and evaluate information provided by you through the application process and contact you regarding the same.
  • To process information uploaded by you to our Services.
  • To process application, rent and other payments.
  • To process maintenance requests and provide you with updates on the progress and/or completion of any maintenance request.
  • To send you information you request about the building, amenities and services.
  • To inform you that packages are waiting for you.
  • To process your requests to create visitor access for your guests and/or service workers.
  • To provide you with building notifications and updates.
  • To personalize and tailor the features, performance and support of the Services.
  • For the purpose of receiving, processing and responding to your Stonehenge NYC Skills requests.
  • To provide to third-party licensed property and casualty insurance agents, brokers, and licensed excess lines brokers who provide insurance and surety products and other services for the benefit of landlords and tenants, including lease guarantee products and residential security deposit replacement tools, so they may offer you relevant products and services.
  • To send you promotional/marketing information, newsletters, offers or other information from us or on behalf of our sponsors or partners.
  • To perform internal operations, including fraud detection.
  • To analyze, benchmark and conduct research on user data and interactions with the Services.
  • To perform internal operations on the Services.
  • To improve the Services and customize the user experience.
  • To aggregate the information collected via Cookies and Pixels to use in statistical analysis to help us track trends and analyze patterns.

We rely on consent where required and otherwise process Personal Information for our legitimate business purposes, contractual performance, or legal obligations. For SPI, we limit use to necessary purposes (e.g., screening, payments, fraud prevention).

5. Cookie Policy – Automatic Data Collection. We and our partners use Cookies, Pixels, web beacons, SDKs, and similar tools (“Tracking Technologies”) to operate our Services, remember preferences, measure performance, and deliver or measure advertising.

5.1. Categories of Cookies:

  • Strictly Necessary: Essential for site functionality and security.
  • Performance/Analytics: Help us understand usage and improve Services.
  • Functional: Remember your preferences and settings.
  • Advertising/Targeting: Enable cross-context behavioral advertising.

5.2. Your Choices: Manage cookies via your browser settings, use Google’s opt-out tool (https://tools.google.com/dlpage/gaoptout), and visit Network Advertising Initiative (https://www.networkadvertising.org/choices/) or About Ads (https://optout.aboutads.info). If your browser supports Global Privacy Control (“GPC”), we treat it as an opt-out of sale/share where required by law.

6. How We Share Information. We may share Personal Information as follows:

6.1. Service Providers/Processors: Vendors providing hosting, payments, analytics, communications, or support. They may use information only to perform services for us and must protect it. Although Stonehenge selects vendors that maintain reasonable data-security standards, Stonehenge cannot guarantee or be responsible for the acts or omissions of third-party processors, platforms, or networks.

6.2. Affiliates: Entities under common ownership for internal operations.

6.3. Legal and Safety: When required by law, subpoena, or to protect rights and property.

6.4. Business Transactions: We may share all or some of your Personal Information with any of our subsidiaries, joint venturers, or other companies under common control, in which case we will require them to honor this Privacy Policy. Additionally, in the event we undergo a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred. You acknowledge that such transfers may occur and are permitted by this Privacy Policy, and that any entity that acquires us, is merged with us or that acquires our assets may continue to process your Personal Information as set forth in this Privacy Policy.

6.5. Aggregated or De-Identified Data: Shared for analytics that cannot identify individuals.

We do not sell Personal Information for monetary value. We may “share” data for advertising as defined under California law, and you may opt out.

7. Data Retention. We retain Personal Information only as long as necessary to fulfill the purposes described in this Policy and comply with legal requirements. We delete, de-identify, or aggregate data when it is no longer needed.

8. Security. We employ administrative, technical, and physical safeguards to protect your data, including encryption in transit, access controls, and vendor due diligence. No system is perfectly secure. If required by law, we will notify you of any data breach in accordance with applicable timelines.

9. International Data Transfers. We operate in the United States. If you access the Services from outside the U.S., your information will be transferred to and processed in the U.S., which may have different privacy laws. When cross-border transfers are required, we implement appropriate safeguards and technical measures.

10. Your Choices.

10.1. Marketing: Unsubscribe using the link in any marketing email.

10.2. Cookies: See Section 5.2 for Cookie management.

10.3. Do Not Track: Our Services do not respond to DNT signals but honor GPC where applicable.

11. Text Message Communications. We may offer you the option to receive text (SMS or MMS) messages from Stonehenge, including messages relating to your residency, account, maintenance updates, package notifications, appointment reminders, or promotional offers (collectively, “Text Communications”). By enrolling in Text Communications, you represent that you are the current subscriber or customary user of the mobile number provided and that you have authority to consent to receive messages at that number. You agree to indemnify Stonehenge for any claims resulting from your provision of a number not owned by you. Stonehenge is not responsible for messages delayed or undelivered due to network or carrier issues. Automated dialing systems are used only to facilitate operational and informational messaging.

11.1. Consent. By providing your mobile phone number, you consent to receive Text Communications from Stonehenge and its affiliates at that number, including through automated means. Consent is not a condition of any lease. Message frequency may vary.

11.2. Opt-Out. You may opt out of Text Communications at any time by replying STOP to any message you receive from us. After you opt out, you may receive a one-time confirmation message acknowledging your request. You may also email privacy@stonehengenyc.com to withdraw consent.

11.3. Costs. Message and data rates may apply depending on your mobile plan and carrier.

11.4. Information Collected Through Text Communications. We may collect and retain information you provide via text (such as maintenance details or appointment confirmations) in accordance with this Policy. We use this information to process your requests, provide Services, and maintain records of your communications.

11.5. Security and Retention. We take reasonable steps to secure information transmitted via text message, but please avoid sending SPI or financial information by SMS. We retain such communications only as long as needed for our business or legal purposes.

12. Your Privacy Rights(U.S. State Laws). Residents of California, Colorado, Connecticut, Utah, and Virginia have some or all of these rights, subject to verification and exceptions: Access/Know; Delete; Correct; Data Portability; Opt Out of sale, sharing, or targeted advertising; Limit use of SPI; and Appeal a denial (CO/CT/VA).

13. Submit a Request: Email privacy@stonehengenyc.com; Mail: Attn: Legal Department, 1675 Broadway, 21st Floor, New York, NY 10019. Include your name, contact info, request type, and verification details. Authorized agents must present proof of authorization. We will not discriminate against you for exercising your rights.

14. California Privacy Supplement. For California residents, the following disclosures apply under the California Consumer Privacy Act (as amended): we collect the categories in Section 2; use them for the purposes in Section 4; and disclose them as in Section 6. We do not sell data for money. We may share certain identifiers and usage data for cross-context behavioral advertising. You may opt out by emailing privacy@stonehengenyc.com. We do not offer financial incentive programs based on your data. Shine the Light: California residents may request a list of third parties to whom we disclosed personal information for direct marketing in the preceding year by emailingprivacy@stonehengenyc.com with “Shine the Light” in the subject line.

15. Children’s Privacy. Our Services are not directed to children under 13, and we do not knowingly collect their data. If you believe a child has provided Personal Information to us, contact privacy@stonehengenyc.com and we will delete it promptly.

16. Third-Party Websites and No Liability. Our Services may link to or integrate with third-party sites and services. We are not responsible for their privacy practices or content. Once you leave our Services, their policies govern. We are not liable for unauthorized acts of third parties or for Internet transmission errors.

17. Changes to This Policy. We may update this Policy at any time without prior notice, and any changes will become effective immediately upon being posted unless we advise you otherwise. If changes are material, we will post an updated version with a new “Last Updated” date. Your continued use of the Services constitutes acceptance of the updated Policy.

18. Contact Us. For questions or privacy requests:

Email: privacy@stonehengenyc.com

Mail: Attn: Legal Department, Stonehenge Management LLC, 1675 Broadway, 21st Floor, New York, NY 10019

For your protection, we may need to verify your identity before responding to any request or inquiry. Do not include sensitive information such as Social Security numbers or payment details in unencrypted email. If you have a disability and need this Policy in another format, please contact us via the above methods.

19. Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY LAW, STONEHENGE AND ITS AFFILIATES, OFFICERS, MEMBERS, DIRECTORS, EMPLOYEES, PARENTS, AFFILIATES, SUCCESSORS AND ASSIGNS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR IN CONNECTION WITH THIS POLICY OR THE SERVICES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

20. State-Specific Supplements. Where required, Stonehenge will publish state-specific supplements (e.g., California, Colorado, Connecticut, Utah, Virginia). If a supplement conflicts with this Policy for residents of that state, the supplement controls.