HouseKeepr

Privacy Policy

Effective Date: February 18, 2026

1. Who We Are

HouseKeepr (“we,” “us,” or “our”) operates the web application available at housekeepr.app (the “Service”). HouseKeepr is a flatmate and coliving management application that helps people living together manage shared expenses, tasks, shopping lists, and more.

For the purposes of the EU General Data Protection Regulation (GDPR), HouseKeepr is the data controller responsible for your personal data.

Contact: privacy@housekeepr.app

2. Personal Data We Collect

2.1 Data You Provide Directly

  • Account information: Name, email address, password (stored as a bcrypt hash)
  • Profile photo: Optional image file
  • Google OAuth data: Email, name, and profile photo (if you sign in with Google)
  • Flat management: Flat names, member lists, invite codes
  • Financial data: Expense amounts, descriptions, categories, splits, settlements, balances
  • Task data: Chore descriptions, assignments, due dates, completion status
  • Shopping lists: Item names, quantities, purchase status
  • Chat messages: Text messages sent between flatmates within a flat
  • Documents: Uploaded files such as receipts and house rules documents
  • Polls and house rules: Poll questions, votes, rule descriptions
  • Waitlist signup: Email address (collected via our landing page form)

2.2 Data We Collect Automatically

  • IP address: For rate limiting and abuse prevention
  • Device information: Browser type, OS (via standard HTTP headers)
  • Locale preference: Your selected language

2.3 Data We Do NOT Collect

  • We do not use marketing or advertising cookies
  • We do not use analytics or tracking scripts
  • We do not sell your personal data
  • We do not build advertising profiles about you

3. Legal Basis for Processing (GDPR Article 6)

  • Performance of a contract: Providing the Service (account, flat management, expenses, tasks, etc.)
  • Legal obligation: Retaining payment records for tax compliance
  • Legitimate interest: Rate limiting via IP address to protect the Service
  • Consent: Waitlist signup and Google OAuth sign-in

4. Who We Share Your Data With

4.1 Your Flatmates

Other members of your flat can see your name, profile photo, expenses, tasks, shopping lists, chat messages, polls, and balance information. This sharing is fundamental to how the Service works.

4.2 Third-Party Service Providers

  • Stripe — Payment processing (PCI-DSS certified)
  • Google — OAuth authentication (optional)
  • Cloudflare R2 — File storage (EU)
  • Resend — Transactional email delivery
  • Formspree — Waitlist form processing
  • Vercel — Landing page hosting
  • Railway — Application hosting (EU region)

4.3 International Data Transfers

Some providers are based in the US. We ensure appropriate safeguards via EU Standard Contractual Clauses (SCCs). Our primary infrastructure operates in the EU.

We will never sell, rent, or trade your personal data.

5. Cookies and Local Storage

HouseKeepr uses a minimal approach:

  • Essential: JWT access token (15 min) and refresh token (30 days) — strictly necessary for authentication
  • Functional: Locale preference, theme preference, auth state (localStorage)
  • No tracking cookies: We do not use any marketing, advertising, or analytics cookies

6. Data Retention

  • Account data: While your account is active
  • Deleted account data: Permanently removed within 30 days
  • Payment records: 7 years (required by Spanish tax law)
  • Server logs with IP: 90 days

7. Your Rights Under the GDPR

You have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data / “Right to be forgotten” (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability in JSON or CSV format (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7(3))

Contact privacy@housekeepr.app to exercise your rights. We will respond within 30 days.

You may also lodge a complaint with the Agencia Española de Protección de Datos (AEPD) at www.aepd.es.

8. Data Security

We implement appropriate technical measures including:

  • Encryption in transit (TLS/HTTPS)
  • Password hashing (bcrypt)
  • JWT-based authentication with httpOnly cookies
  • Rate limiting on API endpoints
  • EU-hosted infrastructure
  • PCI-DSS compliant payment processing via Stripe

9. Children's Privacy

HouseKeepr is not directed at children under 16. We do not knowingly collect personal data from children under 16.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For significant changes, we will notify you via email or a prominent notice in the Service. We will not reduce your rights without explicit consent.

11. Contact Us

For questions about this Privacy Policy: privacy@housekeepr.app

This Privacy Policy is effective as of February 18, 2026. Consult with a qualified attorney for legal advice specific to your situation.