HomeTag← Back to home

Privacy Policy

Last updated: 19 February 2025

1. Who we are

HomeTag ("we", "us", "our") provides a QR-code home management service at hometag.vercel.app. We are the data controller for personal information collected through this service.

If you have any questions about this policy or how we handle your data, contact us at privacy@hometag.app.

2. What data we collect

We collect the following categories of personal data:

  • Account data: your name and email address, provided when you create an account.
  • Home inventory data: appliance names, makes, models, serial numbers, purchase dates, warranty dates, service schedules, and room assignments that you choose to enter.
  • Uploaded documents: receipts, manuals, certificates, photos, and any other files you upload and attach to items.
  • Usage data: log data such as IP addresses, browser type, pages visited, and timestamps, collected automatically when you use our service.
  • Payment data: if you subscribe to a paid plan, payment is processed by Stripe. We do not store your card details — only your subscription status and Stripe customer ID.

3. How we use your data

We use your personal data to:

  • Create and manage your account.
  • Provide the HomeTag service, including storing and displaying your home inventory.
  • Send warranty and service reminder emails (only if you have opted in by adding relevant dates and are on a paid plan).
  • Process subscription payments via Stripe.
  • Improve and maintain the service, diagnose technical problems, and ensure security.
  • Comply with our legal obligations.

We do not sell your data to third parties, and we do not use it for advertising purposes.

4. Legal basis for processing (UK GDPR)

We process your data on the following legal bases:

  • Contract: processing necessary to provide the service you signed up for (account management, inventory storage, email reminders).
  • Legitimate interests: improving the service, preventing fraud, and maintaining security.
  • Legal obligation: where we are required to process data by law.

5. Public item views

When a QR sticker is scanned by someone who is not the owner of that item, we display a limited public view of that item's details. The information shown is only what you have entered for that item — we do not display your name, email address, or account information to public viewers.

You can control which items are public or private from the item detail page.

6. Data storage and security

Your data is stored securely using Supabase (hosted on AWS in the EU region). Uploaded documents are stored in Supabase Storage. We use industry-standard encryption in transit (HTTPS/TLS) and at rest.

We apply row-level security policies to ensure that users can only access their own data.

7. Data retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data and uploaded files within 30 days, except where we are required to retain it for legal or accounting purposes.

8. Third-party services

We share data with the following third parties only as necessary to provide the service:

  • Supabase — database and file storage (EU region).
  • Stripe — payment processing (PCI DSS compliant).
  • Resend — transactional email delivery (reminder emails).
  • Vercel — hosting and infrastructure (edge network).

All third-party processors are contractually bound to handle your data in accordance with GDPR requirements.

9. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erasure ("right to be forgotten") — request deletion of your data.
  • Restrict processing of your data in certain circumstances.
  • Portability — receive your data in a machine-readable format.
  • Object to processing based on legitimate interests.

To exercise any of these rights, email us at privacy@hometag.app. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

10. Cookies

We use a single authentication session cookie to keep you logged in. This cookie is essential to the functioning of the service and does not track you across other websites. We do not currently use analytics or advertising cookies.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice on the service. The date at the top of this page always reflects when the policy was last revised.