Privacy Policy

Effective date: 20 June 2025

HomeNoter is a personal project ("we", "us", "HomeNoter"). Protecting your privacy and your data is important to us. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights under applicable privacy laws (including the UK GDPR).

1. Summary — what we collect and why

• What we collect: an email address used to log into the app and essential cookies. Optional data you choose to add about your home (documents, bills, expenses, photos, notes) is also stored if you provide it.
• Why we collect it: to provide and improve the HomeNoter service — i.e., to store and show your home records and to support optional AI features that help you manage and summarise your home data.
• No selling: we do not sell your personal data to third parties and we do not use your data for advertising or profiling outside the purposes described here.

2. Data we process

Account & login

We store the email address you use to register/log in. This is required to access your account and provide the service.

Optional home data

If you add details about your property — e.g., photos, bills, expenses, documents, notes or other records — those are stored and associated with your account. You control this content and may delete it at any time.

Cookies

HomeNoter only uses essential cookies required for the app to function (for example, session authentication cookies). We do not use tracking cookies for advertising or cross-site profiling.

Usage & diagnostics

We may collect minimal usage data (errors, server logs) for debugging and to keep the service reliable. Where possible, this data is aggregated and kept to a minimum.

3. Third-party services and storage

We use third-party processors to provide the service. These processors may store or process your data on our behalf:

• AWS — File and photo storage.
• OpenAI — Used only if you opt into AI features. When you use AI features, prompts and the relevant content needed to generate responses may be sent to OpenAI to create those responses.
• Upstash (vector store) — If you enable AI features, we may store vector embeddings of your data in Upstash to provide personalised AI outputs. These embeddings are only used to improve the AI's responses for your account.

These third parties act as data processors under our instructions. We encourage you to review their privacy policies to understand their practices. Use of these services may involve transfers of data outside the UK/EEA. Where applicable, we rely on standard contractual clauses, adequate safeguards, or other lawful mechanisms to protect personal data during transfer.

4. How we use your data (lawful bases)

• Performance of a contract: to provide the HomeNoter service (account access, storing your records).
• Consent: where you opt in to optional features (for example, AI features that send content to OpenAI), we rely on your consent to process that data for the specified purpose.
• Legitimate interests: for basic diagnostics, preventing abuse, and keeping the service secure and functional, balancing our interests with your privacy.

5. Data retention

We keep your account data (email and any data you upload) for as long as your account exists. You can request deletion of your account and all associated data at any time (see "Your rights" below). We may retain certain information where required by law or to the extent reasonably necessary for fraud prevention, resolving disputes, or enforcing our agreements.

6. Your rights (including GDPR)

If you are in the UK/EEA, you have rights under data protection law, including:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data (subject to legal limits).
• Right to restriction of processing — request limits on how we process your data.
• Right to data portability — request a machine-readable copy of data you provided.
• Right to withdraw consent — if you gave consent for optional features (e.g., AI), you can withdraw it at any time for future processing.
• Right to lodge a complaint with a supervisory authority (in the UK, the Information Commissioner's Office — ICO).

To exercise any of these rights, contact us at support@homenoter.com. We will respond within the timeframes required by law.

7. Security

We take reasonable technical and organisational measures to protect your data — for example, using HTTPS, access controls, and secure storage with our cloud provider. However, no service can be 100% secure; if a security incident affects your data, we will comply with applicable breach notification rules and notify you where required.

8. Children

HomeNoter is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected personal data from a child under 16, contact us at support@homenoter.com and we will take steps to remove it.

9. Changes to this policy

We may update this Privacy Policy from time to time. The "Effective date" at the top will indicate the last update. Where changes are material, we will try to notify users via the app or email before the changes take effect.

10. Contact

If you have questions about this policy or want to exercise your rights, please contact:

Email: support@homenoter.com

Note: HomeNoter is currently a personal project. This policy does not constitute legal advice. If you need a policy for a company or expect to scale or operate in additional jurisdictions, consider seeking legal advice to tailor the policy to your specific legal obligations.