HomeScore Privacy Policy
Effective date: May 22, 2026
Last updated: May 22, 2026
This Privacy Policy explains how HomeScore (“HomeScore,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data when you use:
- The HomeScore mobile application for iOS and Android (bundle identifier
com.homescore.app, the “App”); and - Our marketing and legal website at https://www.homescore.app (the “Website”), which provides information about the App and links to this policy.
This policy is written for a global audience, with emphasis on users in the European Economic Area (EEA), United Kingdom (UK), and Switzerland, and includes high-level disclosures for California residents where applicable.
Note: The HomeScore mobile app is not yet publicly available on the App Store or Google Play. It is launching soon. Store links on this website will be enabled when release is confirmed.
Important: This document is an engineering-aligned draft based on the HomeScore product as implemented in software. It is not legal advice. A qualified privacy lawyer must review it before publication, especially for App Store, Google Play, and GDPR/KVKK filings.
1. Who is responsible for your data?
| Role | Details |
|---|---|
| Data controller | HomeScore |
| Registered address | Address to be published before production launch |
| Country of establishment | To be published |
| Contact (general) | support@homescore.app |
| Privacy inquiries | privacy@homescore.app |
| Data Protection Officer (if appointed) | privacy@homescore.app or “Not appointed — contact privacy@” |
If we appoint a representative in the EU/UK under Article 27 GDPR, their details will be published here: Not applicable at this time.
2. Scope and relationship to other documents
- This policy covers the App and the Website. It does not govern third-party websites or app stores except as described in Section 10.
- Use of the App is also subject to our Terms of Service.
- In-app purchases of HomeScore Pro are processed by Apple App Store or Google Play; payment card data is handled by the store, not by us directly.
- The Website is informational in v1: it does not provide account login, map features, or review submission.
3. Summary of key practices (plain language)
| Topic | What HomeScore does |
|---|---|
| Purpose | Europe-wide housing experience reviews (noise, heating, safety perception, etc.), not reviews of private individuals |
| Account | Sign-in via Google or Apple through Supabase Auth (OAuth); we receive profile basics from the provider |
| Location | While-in-use permission only; used for map recenter, nearby discovery, and review pin placement — no background tracking, no location history trail |
| Public content | Reviews appear publicly only when moderation_status = approved and not deleted; author names are masked on public views |
| Subscriptions | RevenueCat + store billing; entitlement stored server-side in Supabase; we do not store your payment card |
| Push | Optional Firebase Cloud Messaging transactional alerts (saved place, nearby area, review status) |
| Analytics (App) | No third-party advertising or analytics SDK in the App dependency set as of this draft; limited engagement events stored in our database (e.g. push opened) |
| Deletion | In-app account deletion permanently removes your account and associated data via our delete-account backend function |
| Website cookies | Intended minimal by default; optional privacy-friendly analytics only if enabled (see Section 14) |
4. Categories of personal data we process
We process only data that is adequate, relevant, and limited to what is necessary.
4.1 Data you provide
| Category | Examples | Context |
|---|---|---|
| Account identifiers | User ID (UUID), email from OAuth provider | Supabase Auth |
| Profile data | Display name, avatar URL from Google/Apple metadata | profiles table; public display name may be masked in reviews |
| Review content | Ratings (1–10), category scores, tags, pros/cons text, living period | Housing experience; submitted via submit-review |
| Location labels | Address search text, chosen map pin, precision level (building / street / neighborhood / city area) | Geocoding and review placement; coordinates rounded before public storage |
| Optional rent / fee info | Monthly rent or building fee amounts and currency | Stored in private profile or contribution tables; aggregates only shown to others |
| Reports | Report reason, optional note | Private moderation record |
| Blocks | User IDs you block | Private to your account |
| Saved locations | Places you bookmark | Private to your account |
| Notification preferences | Channel toggles, locale for push copy | Settings |
| Support / feedback | Messages you send to us | Email or future support form |
4.2 Data collected automatically
| Category | Examples | Context |
|---|---|---|
| Device / push token | FCM token, platform | push_device_tokens for notifications you enable |
| Approximate map focus | Single rounded lat/lon (~1.1 km) for “nearby” alerts | user_geo_notification_focus; not continuous tracking |
| While-in-use location | One-shot GPS when you allow permission | Map and “near me”; not stored as a movement history |
| Quota / usage | Feature counters (searches, reviews, reports) | Server-side user_quotas / consume_quota |
| Engagement events | e.g. push_opened with metadata | user_engagement_events |
| Technical logs | IP address, timestamps in server/edge logs | Security and operations (short retention — Section 11) |
4.3 Data from third parties
| Source | Data |
|---|---|
| Google / Apple (OAuth) | Name, email, profile photo URL as permitted by your provider settings |
| Apple App Store / Google Play | Subscription status signals via RevenueCat webhooks (product ID, expiry, trial flags) — not full payment details |
| Map providers | Map tiles and rendering (see Section 10); device communicates with Apple Maps (iOS) or Mapbox (Android) under their policies |
4.4 Data we do not intentionally collect
- Government ID numbers, precise apartment unit numbers as a dedicated field, or occupant identities
- Continuous background location or historical location trails
- Payment card numbers or bank account details (stores handle payments)
- Health data, biometric data, or children’s direct registration (see Section 13)
5. Purposes and legal bases (GDPR Article 6)
For EEA/UK users, we rely on the following legal bases:
| Purpose | Legal basis | Details |
|---|---|---|
| Provide the App (account, map, reviews, profile) | Contract (Art. 6(1)(b)) | Necessary to deliver the service you request |
| Moderation, safety, abuse prevention | Legitimate interests (Art. 6(1)(f)) | Protect users and public safety; balanced against your rights |
| Push notifications (optional) | Consent (Art. 6(1)(a)) | Device permission + in-app toggles; withdraw anytime |
| While-in-use location | Consent (Art. 6(1)(a)) | OS permission prompt; optional for many features |
| Subscriptions and entitlement | Contract / Legitimate interests | Verify Pro access; fraud prevention |
| Compliance with law | Legal obligation (Art. 6(1)(c)) | Respond to lawful requests |
| Website operation & minimal analytics | Legitimate interests / Consent for non-essential cookies | See Section 14 |
We do not use your personal data for automated decision-making that produces legal or similarly significant effects solely based on automated processing.
6. How we use personal data (detailed)
6.1 Account and authentication
- We use Supabase Auth with Google and Apple OAuth only (no separate email/password flow in the current App).
- On sign-in, we create or update a
profilesrow and default notification preferences. - Your email may be stored for account recovery and compliance but is not shown publicly on reviews.
6.2 Housing experience reviews
- You may submit structured reviews about housing conditions (noise, heating, dampness/mold resistance, internet, safety perception, etc.).
- Submissions pass through server validation (
submit-review): profanity cleaning, rejection of private contact details, threats, hate speech, and unsafe personal accusations. - Public display requires content to be approved and not deleted. Pending or rejected content is not shown in public lists.
- Reviewer identity on public views uses a masked display form (e.g. initials with asterisks).
- Coordinates attached to public review locations are rounded (approximately 3 decimal degrees, on the order of ~100 m) to reduce exact-address exposure.
- Precision levels (building, street, neighborhood, city area) limit how specifically a place is described.
6.3 Map and location
- Permission: iOS
NSLocationWhenInUseUsageDescription; Android while-in-use only. We do not request “Always” / background location for product features. - Uses: Recenter map, approximate nearby discovery, place pin when sharing a review.
- No history: We do not build a timeline of your movements. Each fix is used for immediate feature needs unless you explicitly save a single rounded point for optional nearby push alerts (~2 decimal degrees, ~1.1 km).
- Map search history on device: recent map search queries may be stored locally on your device only (not uploaded as a history log).
6.4 Moderation and reporting
- Users may report reviews for reasons including private personal information, harassment, hate speech, false information, spam, illegal content, or other.
- Reports are private to the reporter and moderators.
- Moderators may approve, reject, flag for review, or remove content; actions are logged in
moderation_logs. - Repeated reports can return an approved review to needs review status.
6.5 Freemium, quotas, and HomeScore Pro
- Tiers: Guest (read-limited), Free (registered, quotas), Pro (paid).
- Quotas (examples, subject to change in admin configuration): AI search, map search, review creation, reports, saved locations, rent contributions, review history window.
- Pro purchases use RevenueCat and store receipts; Supabase holds entitlement (
user_subscriptions) updated only by ourrevenuecat-webhookEdge Function (server secret). - The App does not trust client-side flags alone for entitlement or quota enforcement.
6.6 Push notifications
- Powered by Firebase Cloud Messaging; tokens stored in
push_device_tokens. - Transactional types include: new public review at a saved location; new public review near your optional saved map center (~12 km); your review moderation status changes.
- Push copy avoids full review bodies and identities; may include coarse place labels (e.g. city).
- Opening a notification may log
push_openedinuser_engagement_events.
6.7 AI search (Pro feature)
- Conversational search runs on our servers (
ai-search/ai-search-streamEdge Functions), not in the client. - The client sends: conversation messages, language, optional masked name hints, optional coarse current location if permission already granted, and compact UI context — not email, private rent rows, or location history.
- LLM providers (e.g. OpenAI, Anthropic, Google) process prompts under our configuration; see Section 10.
- Replies are filtered for safety before display.
6.8 Geocoding
- Address searches are processed server-side via
geocode-locationusing a configurable provider (GEOCODING_PROVIDER_URL). - Results may be cached in
geocoding_cache(hashed queries, service-role only). - Per-user rate limits apply.
6.9 Data export
| Mechanism | Availability | Contents |
|---|---|---|
export-user-data Edge Function | Implemented server-side; not exposed in App UI as of this draft | Profile, private profile, reviews, rent contributions, saved locations, reports, notification prefs, engagement events, geo notification focus |
export-my-reviews Edge Function | Pro subscribers only | Your non-deleted reviews in JSON or HTML |
We plan to surface full export in the App UI; until then, contact privacy@homescore.app for access requests.
6.10 Account deletion
- You may delete your account in the App (Profile → delete account).
- Deletion invokes
delete-account, which sequentially removes dependent rows including reviews, votes, reports, blocks, saved locations, push tokens, quotas, subscriptions, private profile, and finally your Supabase Auth user. - Deletion is intended to be permanent and is not reversible.
- Content you published may disappear from public views; residual copies in backups may persist for a limited period (Section 11).
7. Children’s privacy
The App is not directed to children under 13 (or under 16 in certain EU countries where member state law requires parental consent for information society services). We do not knowingly collect personal data from children. If you believe a child has provided data, contact privacy@homescore.app and we will take appropriate steps to delete it.
App Store age rating and Play “target audience” must be configured consistently with this section.
8. International transfers
- Primary hosting: Supabase project region EU (Frankfurt).
- Processors may be located in the United States or other countries (Google, Apple, Mapbox, RevenueCat, LLM providers, Firebase/Google Cloud, Vercel for Website).
Where required, we implement appropriate safeguards such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission; and/or
- Reliance on adequacy decisions where applicable.
You may request a copy of relevant safeguards by contacting privacy@homescore.app.
9. Retention
| Data type | Retention approach |
|---|---|
| Account & profile | Until account deletion |
| Reviews you authored | Until deletion or account deletion; public copies removed when deleted |
| Moderation logs | Retained for audit and safety; deleted when actor account deleted where applicable |
| Reports | Retained as needed for moderation and legal defense |
| Push tokens | Until sign-out, deletion, or token invalidation |
| Subscription events | Immutable audit log; retained for finance/dispute periods |
| Geocoding cache | Cached results for efficiency; not tied to identity |
| Server logs | Short operational window (e.g. 90 days unless security incident) |
| Website logs (Vercel) | Per Vercel default / configuration |
We may retain anonymized or aggregated statistics that do not identify you.
10. Third-party processors and services
We use service providers who process data on our instructions:
| Processor | Role | Data involved |
|---|---|---|
| Supabase | Auth, database, Edge Functions, storage | Most account and app content |
| Apple | App distribution, Sign in with Apple, Apple Maps (iOS), IAP | Account, map tiles, purchase validation |
| Play distribution, Google Sign-In, Firebase FCM | Account, push delivery | |
| Mapbox | Map rendering (Android) | Device IP, map tile requests |
| RevenueCat | Subscription management SDK + webhooks | App user ID, subscription state |
| Geocoding provider | Address search (configurable URL) | Search queries |
| LLM providers (server-configured) | AI search | Prompts with approved public housing data context |
| Vercel | Website hosting | IP, access logs, optional Web Analytics |
Links to policies (fill before publish):
- Supabase: https://supabase.com/privacy
- Apple: https://www.apple.com/legal/privacy/
- Google: https://policies.google.com/privacy
- Mapbox: https://www.mapbox.com/legal/privacy
- RevenueCat: https://www.revenuecat.com/privacy
- Firebase: https://firebase.google.com/support/privacy
We do not sell your personal data. We do not share it for cross-context behavioral advertising.
11. Security
We implement technical and organizational measures appropriate to risk, including:
- Row Level Security (RLS) on Supabase tables
- Service role keys only on server Edge Functions, never in the App
- JWT-authenticated Edge Functions for sensitive operations
- Webhook secrets for RevenueCat
- Rate limiting on geocoding and AI search
- TLS in transit
No method is 100% secure. Report concerns to security@homescore.app or privacy@homescore.app.
12. Your rights
Depending on your location, you may have the following rights:
| Right | How to exercise |
|---|---|
| Access | In-app profile; export-user-data (on request); email us |
| Rectification | Update profile in App; contact us for corrections |
| Erasure | In-app account deletion |
| Restriction | Contact us; we will assess legally |
| Portability | Export endpoints; email request |
| Object | Object to processing based on legitimate interests |
| Withdraw consent | Revoke location/notification permissions in OS settings; disable toggles in App |
| Complaint | Lodge with your supervisory authority (EEA/UK) |
EEA/UK supervisory authority example: Your local data protection authority (list: https://edpb.europa.eu/about-edpb/about-edpb/members_en).
We respond within one month where GDPR applies, subject to lawful extensions.
13. California privacy notice (CPRA) — high level
If you are a California resident, you may have rights to know, delete, and correct personal information, and to opt out of sale/sharing for cross-context behavioral advertising.
- We do not sell personal information.
- We do not share for cross-context behavioral advertising as defined under CPRA.
- Sensitive personal information (precise geolocation) is used only for permitted purposes (while-in-use features) with consent.
- Shine the Light: We do not disclose personal information to third parties for their direct marketing purposes in exchange for consideration.
To exercise rights: privacy@homescore.app. We may verify your request.
14. Marketing website — cookies and analytics
The Website at https://www.homescore.app is separate from the App.
14.1 Default (recommended v1)
- Essential hosting cookies/session data as required by Vercel for delivery and security.
- No advertising cookies.
- No cross-site tracking pixels.
14.2 If you enable analytics
Document the actual tool here before launch, for example:
| Tool | Data | Cookies? |
|---|---|---|
| Vercel Web Analytics | Aggregated page views, referrer, country | Cookieless mode available |
| Plausible / Fathom | Aggregated traffic | Configurable |
Obtain consent where EU ePrivacy rules require it for non-essential storage/access.
14.3 Contact forms
If the Website adds a form, data submitted is used only to respond to your inquiry and is retained for 12 months unless longer needed for legal claims.
15. App Store Privacy Nutrition Label (Apple) — alignment guide
Use App Store Connect Privacy Nutrition Labels consistent with this policy. Indicative mapping for the App (verify with lawyer and actual data collection):
| Data type | Linked to user? | Used for tracking? | Purpose |
|---|---|---|---|
| Contact Info (email, name) | Yes | No | Account |
| User Content (reviews) | Yes | No | App functionality |
| Location (coarse / when in use) | Yes | No | App functionality |
| Identifiers (user ID, device token) | Yes | No | App functionality, notifications |
| Purchases (subscription status) | Yes | No | App functionality |
| Usage Data (engagement events) | Yes | No | Analytics (product improvement) |
| Diagnostics (if crash tools added later) | Update label | No | App functionality |
Tracking: Set to No unless you add advertising SDKs that engage in tracking under Apple’s definition.
16. Google Play Data safety — alignment guide
In Play Console Data safety form, declare:
- Data collected: account info, user-generated content, approximate location, app activity (engagement), device IDs (push token), purchase history (subscription state).
- Data shared: processors listed in Section 10.
- Encryption in transit: Yes.
- Deletion mechanism: In-app account deletion + policy URL.
- Committed to Play Families Policy if targeting minors — currently not directed to children.
Keep declarations in sync when adding analytics or crash reporting.
17. Changes to this policy
We may update this policy for legal, technical, or product changes. We will post the new version at https://www.homescore.app/privacy with a revised Last updated date. Material changes may be notified in-app or by email where appropriate.
Continued use after the effective date constitutes acknowledgment where permitted by law.
18. Contact
HomeScore
Address to be published before production launch
Email: privacy@homescore.app
Support: support@homescore.app
End of Privacy Policy