Privacy Policy
Last updated: July 7, 2026
1. Who we are
This Privacy Policy explains how HomesteadHQ ("HomesteadHQ", "we", "us") handles your personal data when you use our home-management service (the "Service"). HomesteadHQ acts as the data controller of the personal data described in this Policy, meaning we decide why and how it is processed. If you have any questions, contact us through the in-app support channel.
2. Personal data we collect
- Account data: email address, password hash, display name.
- Content you provide: homes, appliances, maintenance tasks, contractors, uploaded documents, notes, and related metadata.
- Support communications: messages you send us and our replies.
- Usage & device data: log data, IP address, browser and device identifiers, timestamps, and error diagnostics collected automatically to operate and secure the Service.
- Cookies & similar technologies: strictly necessary cookies for authentication and session state (see section 8).
Payment card data is collected directly by Paddle, our Merchant of Record (see section 5). We do not receive or store your full card details.
3. How we use your data and the legal bases
- Provide the Service (create your account, store your content, send reminders) — necessary for performance of our contract with you.
- Security & fraud prevention (rate limits, abuse detection, audit logs) — our legitimate interest in keeping the Service safe.
- Product improvement & diagnostics (error reporting, aggregated usage) — our legitimate interest in maintaining and improving the Service.
- Customer support — necessary for our contract and our legitimate interest in responding to you.
- Legal compliance (tax, accounting, responding to lawful requests) — compliance with legal obligations.
- Marketing communications — only where you have opted in; you can withdraw consent at any time.
4. AI features
Pro plans include an AI home assistant. When you use it, the prompts and relevant context are sent to our AI model provider(s) so a response can be generated. We do not use your prompts or your content to train third-party foundation models.
5. Who we share data with
- Merchant of Record — Paddle. Paddle.com processes all payments, invoicing, tax, and refunds as the seller of record. Paddle receives the personal data needed to process your order (name, email, billing/tax info, purchased items) and acts as an independent controller for that processing under its own privacy notice.
- Infrastructure & hosting subprocessors (database, storage, edge hosting, transactional email, error monitoring) — processing your data on our behalf under written data-processing terms.
- AI model providers — only the content you submit to AI features, for the purpose of generating a response.
- Professional advisers (legal, accounting) — where necessary and under duties of confidentiality.
- Authorities — where required by law or to protect our rights, users, or the Service.
We do not sell your personal data.
6. International transfers
Some of our subprocessors (including Paddle) may process your data outside your country of residence, including outside the UK/EEA. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an equivalent adequacy mechanism.
7. Retention
We keep your account data and content for as long as your account is active. If you delete your account, we delete or anonymise your personal data within a reasonable period, except where we are required to retain limited records to meet legal, tax, or accounting obligations, or to resolve disputes. Payment records held by Paddle are retained under Paddle's own retention schedule.
8. Cookies
We use only strictly necessary cookies and browser storage to keep you signed in and to remember basic preferences. We do not use advertising or cross-site tracking cookies. You can clear cookies at any time from your browser settings; doing so will sign you out.
9. Your rights
Depending on where you live, you have rights over your personal data, which may include:
- access to a copy of your data;
- correction of inaccurate data;
- deletion ("right to be forgotten");
- restriction or objection to certain processing;
- portability of data you provided;
- withdrawing consent where processing is based on consent;
- lodging a complaint with your local data protection authority.
You can exercise most rights directly from your account settings or by contacting us through in-app support. We aim to respond within one month.
10. Security
We use appropriate technical and organisational measures to protect your data, including encryption in transit, encryption of stored credentials, database-level row-level security, and access controls. No system is completely secure, and we cannot guarantee absolute security.
11. Children
The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children.
12. Changes to this Policy
We may update this Policy from time to time. Material changes will be communicated through the Service or by email. The "Last updated" date at the top reflects the most recent revision.