Privacy Notice

What we hold, why we hold it, who else sees it, and how to get it back.

Who we are

Home Ops is operated by Harshal Sahetiya, a sole trader based in Ireland (the "controller"). You can reach us about anything in this notice — including data subject requests — at privacy@home-ops.app. If you believe we have mishandled your data you also have the right to complain to the Irish Data Protection Commission (DPC) at dataprotection.ie.

What we hold and why

Every category below is processed under a specific GDPR (EU 2016/679) lawful basis and kept for the period stated. We do not sell personal data and we do not use it for behavioural advertising.

Data	Why	Lawful basis	Retention
Email + password hash	Sign in	Contract	Until you delete your account
Household data — tasks, routines, meals, shopping list	Core product	Contract	Until you delete it or your account
Finance data — expenses, budgets, goals (encrypted at rest, AES-256)	Core product	Contract	Until you delete it or your account
Chat history	Give the AI continuity across turns	Contract + Legitimate interests	90 days, then auto-pruned
User memories (LLM-extracted preferences)	Personalise replies	Legitimate interests	Until you delete them or your account
Google Calendar events (cache)	Show your day in the brief	Consent (OAuth)	In-memory only, 5 minutes
Push notification tokens	Deliver reminders you opted in to	Consent (browser prompt)	Until you unsubscribe
Inner Circle people + life events	Birthday + anniversary reminders	Legitimate interests of the account holder	Until you delete them or your account
Audit log	Security + compliance	Legal obligation + Legitimate interests	90 days, then auto-pruned
Request log (idempotency keys)	Avoid duplicate submissions	Legitimate interests	24 hours
Consent log	Proof of consent grants/withdrawals	Legal obligation	Kept as required for evidentiary purposes

We do not knowingly hold "special category" data (health, biometrics, religion, etc.). Don't paste it into chat — the AI is not designed to handle it.

Automated decision-making

Home Ops uses a large language model (Claude, by Anthropic) to suggest tasks, summarise your day, and parse natural language. Suggestions are advisory — the model never makes decisions that produce legal or similarly significant effects on you. You can ignore any suggestion. We do not profile you for advertising or third-party purposes.

Your rights

Access / portability. Visit /api/me/export (signed-in) for a full JSON dump of every row visible to your account.
Erasure. Settings → Danger Zone, or call DELETE /api/me to hard-delete your account. Your personal data is erased and your shared contributions are de-identified immediately across every live copy (database, read models, caches). One bounded exception: encrypted database backups (point-in-time recovery) may retain pre-deletion state for up to our provider's recovery window (currently up to 7 days); backups are access-controlled, never served by the app, and roll off automatically — after which no copy remains.
Rectification. Edit anything you own directly in-app; or email us if you can't reach a record.
Restrict / object. Email us at the address above. We'll stop the processing you object to or explain why we can't.
Consent withdrawal. Per-subprocessor consent (Groq, Google TTS/Vision, Sentry) is on this page below; Google Calendar consent is at myaccount.google.com/permissions.
Complain. Irish Data Protection Commission — dataprotection.ie.

We respond to data subject requests within one month, as required by GDPR Article 12(3).

Subprocessors

Third parties we share specific bits of data with so the product works. Optional ones are only used if you turn on the relevant feature.

Supabase
EU (Ireland) — eu-west-1
Database, authentication, realtime sync
- Account email + password hash
- All household data (shopping list, tasks, meals, expenses, etc.)
- Audit log of every account action
Lawful basis
Contract — Art 6(1)(b)
Transfer
Data stays in the EU/EEA
Supabase privacy policy ↗
Anthropic (Claude API)
United States
AI butler — natural-language understanding + tool use
- The text of chat messages you send
- A bot-readable summary of the household state needed to answer (today's tasks, open shopping items, etc.)
Lawful basis
Contract — Art 6(1)(b)
Transfer
Standard Contractual Clauses (EU SCCs)
Anthropic (Claude API) privacy policy ↗
Resend
United States
Transactional email (signup confirmation, password reset)
- Account email address
- Email template variables (e.g. confirmation links)
Lawful basis
Contract — Art 6(1)(b)
Transfer
EU→US under the EU-US Data Privacy Framework
Resend privacy policy ↗
Groq
optionalUnited States
Speech-to-text (Whisper Large v3 Turbo)
- Audio recordings sent to the dictation / call features
- Transcribed text (returned to your device only)
Lawful basis
Consent — Art 6(1)(a)
Transfer
Standard Contractual Clauses (EU SCCs)
Groq privacy policy ↗…
Google Cloud Text-to-Speech
optionalGlobal (Google Cloud)
Text-to-speech for Call mode replies
- The text of bot replies sent for synthesis
Lawful basis
Consent — Art 6(1)(a)
Transfer
EU→US under the EU-US Data Privacy Framework
Google Cloud Text-to-Speech privacy policy ↗…
Google Cloud Vision
optionalGlobal (Google Cloud)
Receipt OCR for expense capture
- Receipt images uploaded for parsing (not stored on our side)
Lawful basis
Consent — Art 6(1)(a)
Transfer
EU→US under the EU-US Data Privacy Framework
Google Cloud Vision privacy policy ↗…
Sentry
optionalUnited States / EU (configurable)
Error tracking
- Stack traces of unhandled exceptions
- Hashed (blake2s) user / household identifiers for support correlation
Lawful basis
Legitimate interests — Art 6(1)(f)
Transfer
EU→US under the EU-US Data Privacy Framework
Sentry privacy policy ↗…
Stripe
optionalIreland (EU) for EU/UK customers; United States for global
Payment processing (subscriptions)
- Account email
- Billing details + card data (card data goes directly to Stripe; Home Ops never sees it)
- Subscription state webhook events
Lawful basis
Contract — Art 6(1)(b)
Transfer
Standard Contractual Clauses (EU SCCs)
Stripe privacy policy ↗…
Fly.io
EU (Ireland) — lhr region
API hosting (eu-west / Ireland)
- All API request metadata (paths, status codes, durations)
- No request bodies persisted by Fly itself
Lawful basis
Contract — Art 6(1)(b)
Transfer
Data stays in the EU/EEA
Fly.io privacy policy ↗
Vercel
Global edge network
Frontend hosting (Next.js edge)
- Page-render request metadata (path, IP, user-agent)
Lawful basis
Contract — Art 6(1)(b)
Transfer
EU→US under the EU-US Data Privacy Framework
Vercel privacy policy ↗

International transfers

Some subprocessors are based in the United States. Transfers from the EU/EEA to the US are made under the EU-US Data Privacy Framework (for DPF-certified processors) or under the European Commission's Standard Contractual Clauses (SCCs), as noted on each subprocessor card above. The transfer mechanism is part of our written agreement (DPA) with each one.

Logs & PII

We never log your email, display name, or household IDs in plaintext. Server logs use a deterministic blake2s hash so support can correlate a user across requests without seeing who they are. Errors sent to Sentry (when enabled) get the same scrubbing automatically.

Cookies

Home Ops only sets strictly-necessary cookies: ho_access and ho_refresh (your signed-in session, HttpOnly, SameSite=Lax). We do not use third-party tracking cookies, analytics pixels, or advertising cookies. Under PECR, strictly-necessary cookies do not require a consent banner — this notice is the disclosure.

Children

Home Ops is not intended for children under 13. At sign-up you confirm you are 13 or over. If you believe a child under 13 has created an account, please email us and we will delete it.

You may store family members' names and dates of birth (including children's) as part of life-event reminders. We process that data under the legitimate interests of the account holder; we do not share it with any third party beyond the subprocessors listed above, and you can remove anyone from your Inner Circle at any time.