Privacy Policy

This Privacy Policy explains how HouseMate processes personal data of users of the HouseMate website and app. HouseMate is designed to help people find rooms, roommates and shared-living opportunities through profiles, matching, listings, chat and safety reporting features.

1. Controller and contact

The full controller identification details will be added before the service is opened to the public or before stable collection of personal data begins. For privacy requests, support, legal notices or safety reports, contact info@housemateapp.it.

No Data Protection Officer has been appointed at the date of this draft. If a DPO is appointed in the future, the relevant contact details will be published in this policy.

2. Data we process

Depending on the features you use, HouseMate may process:

• account and authentication data, such as email, user ID, login method, Supabase Auth technical data and essential data provided by Google or Apple if you use social login;
• legal consent data, such as accepted terms/privacy versions, acceptance timestamp and optional marketing or profiling consent where enabled;
• profile data, such as name, profile photo, gender, birth date, derived age, bio, profession, profession category, university if you are a student, spoken languages, budget, move-in date, stay duration and roommate preferences;
• lifestyle and compatibility data, such as daily rhythm, home presence, kitchen use, guests, social preferences, partners, substances, cleaning style, sharing style, noise level, pets, interests and affinity tags;
• user-selected location data, such as map point, search radius, area or city. HouseMate uses the point selected by the user and does not declare automatic GPS or IP geolocation;
• listing data, such as title, description, photos, property and room type, address or area, precise coordinates, price, deposit, bills, availability, room count, residents, square meters, bathrooms, amenities and lifestyle tags;
• discovery and matching data, such as skips, favourites, inquiries, matches, compatibility scores and ranking criteria;
• communication data, such as direct conversations, listing inquiries, group chats, messages, participants, read state, conversation preferences and group images;
• safety and moderation data, such as reports, reasons, details provided, reported conversation metadata and information needed to prevent abuse;
• technical data, such as app logs, session identifiers, device information, network metadata and data needed for security, diagnostics and service operation.

3. Special-category and sensitive information

HouseMate does not intentionally request special categories of personal data under the GDPR, such as health data, religious beliefs, political opinions or biometric data. However, free-text fields, chat, reports or some lifestyle answers may reveal personal aspects. Please do not share unnecessary sensitive data or third-party personal data without authorization.

4. Purposes and legal bases

• Account creation, login and security: contract performance and legitimate interest in protecting the service.
• Profile, onboarding, listings, matching, favourites, chat and inquiries: contract performance and requested pre-contractual steps.
• Matching and result ranking: service performance and legitimate interest in showing relevant results.
• Moderation, fraud prevention, report handling and enforcement: legitimate interest and, where applicable, legal obligations.
• Retention of consents, policy versions, essential logs and operational evidence: legal obligations and legitimate interest in legal protection.
• Service communications: contract performance.
• Marketing communications or non-essential personalization: consent, which can be withdrawn at any time.

5. Matching, ranking and profiling

HouseMate uses information provided by users to suggest potentially compatible profiles, roommates and listings. The system may consider distance, budget, move-in date, stay duration, daily habits, roommate preferences, interests, profession and other profile data.

These features rank and recommend content within the app. They do not produce legal or similarly significant effects: users remain free to ignore, skip, favourite, contact or not contact other users or listings.

6. Visibility to other users

Some profile and listing data is shown to other authenticated users through minimized views and controlled functions. Users may see name, photo, bio, age, approximate area, distance, relevant preferences, compatibility, published listings and images. Precise profile coordinates and full listing addresses are not intended for general discovery; they may be used internally for distance, ranking and listing management, and may be shown in authorized contexts such as a listing inquiry conversation.

7. Providers and recipients

We may disclose or make personal data available to service providers as necessary, including:

• Supabase, for authentication, database, storage, realtime functions and session management;
• Google and Apple, if you use social login;
• OpenStreetMap, Nominatim and related map/tile providers, for address search and map display;
• email, hosting, domain, security, support and operational providers that may be adopted;
• public authorities, advisors or counterparties where required by law or necessary to protect rights, safety and service integrity.

8. International transfers

Some providers may process data or metadata outside the European Economic Area. Where this happens, HouseMate will rely on GDPR transfer tools such as adequacy decisions, standard contractual clauses or equivalent safeguards where applicable.

9. Retention

• Account and profile data is kept while the account is active, unless legal obligations or legitimate interests require retention.
• Listings remain while managed by the user or needed for authorized conversation/history context.
• Skipped profile and listing actions are designed for limited retention, currently 90 days.
• Conversations may remain available to participants. After account deletion, direct chats may remain read-only for the surviving participant with a deleted-user placeholder.
• Deleted-listing inquiry context may remain in minimized form; precise address and thumbnail data are designed to be redacted after a retention period, currently 180 days.
• Reports may be retained longer for safety, moderation, abuse prevention and legal protection.

10. Account deletion

The app includes an account deletion function. Deletion removes the account, profile, profile images and directly linked data where technically and legally possible. Some data may remain in minimized or restricted form, such as conversations visible to another participant, listing inquiry history, safety reports or data needed for legal obligations and claims.

11. Your rights

Subject to GDPR limits, you may request access, rectification, erasure, restriction, portability, objection and withdrawal of consent. Contact info@housemateapp.it. You may also lodge a complaint with the competent data protection authority.

12. Security

HouseMate adopts proportionate technical and organizational measures, including user-based authorization, private storage buckets, controlled access functions, designed retention/deletion controls and separation between internal data and discovery data. No system is risk-free, so please use strong passwords and avoid sharing unnecessary data in profiles, listings or chat.

13. Minors

HouseMate is for adults. The service is designed with a minimum age of 18. If you believe a minor has created an account, contact us.

14. Changes

We may update this policy to reflect changes in the service, law or providers. For material changes, we may notify you in-app, by email or require renewed acceptance.