Privacy

Privacy Policy

Last updated 2026-05-22

This policy describes what personal data iHouse collects, how we use and retain it, and the rights you have under the EU General Data Protection Regulation (GDPR). We aim to collect only what is necessary to run the service.

1. Data controller

iHouse ("we", "us") is the controller of personal data processed via this site. Contact: [email protected].

2. What we collect

Information you give us

Account: your email address (for magic-link sign-in) and, if you sign in with Google, your name and profile picture.
Saves and feedback: properties you save, ratings and comments you submit to the feedback wall.
Contact form: the name, email, and message you submit via /contact.

Information collected automatically

Server logs: IP address, user-agent, requested URL, timestamp — for troubleshooting and anti-abuse. Retained for up to 30 days.
Cookies: see our Cookie Policy.

3. How we use it

Authenticating you and keeping you signed in
Storing your saved properties and showing your feedback
Replying to your contact-form messages or feedback
Operating the service and preventing abuse
Sending email notifications you have explicitly opted in to

We do not sell your data to advertisers and we do not use it for automated decision-making or profiling.

4. Legal bases (GDPR Art. 6)

Contract: sign-in, saves, and feedback cannot function without the data.
Legitimate interests: server logs for troubleshooting and abuse prevention.
Consent: marketing email if we ever introduce it — withdrawable at any time.

5. Retention

Account data: for the lifetime of your account.
Saves and feedback: for the lifetime of your account, or until you delete them.
Server logs: ≤ 30 days.
Contact-form messages: ≤ 12 months, to keep a thread of context.

You can delete your account from /account at any time; associated personal data will be permanently removed within 30 days (after backup rollover).

6. Sharing and processors

We share only what is necessary with the following processors who help us run the service:

Google — OAuth sign-in (if used)
Resend — magic-link email delivery (EU region)
Hetzner — database and application hosting (Germany)
Vercel — edge hosting (EU region)

All processors are bound by GDPR and their data-processing agreements, with storage in the EU.

7. Your rights

Under GDPR, you have the right to:

access the data we hold about you
correct inaccurate data
have your data erased ("right to be forgotten")
restrict or object to certain processing
data portability — export your data in a structured format
lodge a complaint with the Data Protection Commission of Ireland

To exercise any of these, contact [email protected]. We will reply within 30 days.

8. Updates

We may update this policy from time to time; material changes will be announced on the site or by email. The 'last updated' date at the top of this page always reflects the current version.

2. What we collect

Information you give us

Account: your email address (for magic-link sign-in) and, if you sign in with Google, your name and profile picture.

Saves and feedback: properties you save, ratings and comments you submit to the feedback wall.

Contact form: the name, email, and message you submit via /contact.

Information collected automatically

Server logs: IP address, user-agent, requested URL, timestamp — for troubleshooting and anti-abuse. Retained for up to 30 days.

Cookies: see our Cookie Policy.

3. How we use it

Authenticating you and keeping you signed in

Storing your saved properties and showing your feedback

Replying to your contact-form messages or feedback

Operating the service and preventing abuse

Sending email notifications you have explicitly opted in to

We do not sell your data to advertisers and we do not use it for automated decision-making or profiling.

5. Retention

Account data: for the lifetime of your account.

Saves and feedback: for the lifetime of your account, or until you delete them.

Server logs: ≤ 30 days.

Contact-form messages: ≤ 12 months, to keep a thread of context.

You can delete your account from /account at any time; associated personal data will be permanently removed within 30 days (after backup rollover).

6. Sharing and processors

We share only what is necessary with the following processors who help us run the service:

Google — OAuth sign-in (if used)

Resend — magic-link email delivery (EU region)

Hetzner — database and application hosting (Germany)

Vercel — edge hosting (EU region)

All processors are bound by GDPR and their data-processing agreements, with storage in the EU.

7. Your rights

Under GDPR, you have the right to:

access the data we hold about you

correct inaccurate data

have your data erased ("right to be forgotten")

restrict or object to certain processing

data portability — export your data in a structured format

lodge a complaint with the Data Protection Commission of Ireland

To exercise any of these, contact [email protected]. We will reply within 30 days.