Heimro
Get started

Heimro · Legal

Privacy Policy

How we collect, use, and protect personal data on Heimro.

Last updated: 7 June 2026

1. Who We Are

This Privacy Policy describes how Feynn AS ("Feynn", "we") collects, uses, and protects personal data through the Heimro platform. Heimro is a Feynn company.

Data Controller: Feynn AS
Organisation Number: 936 609 961
Address: Carl Jeppesens Gate 22, 0481, Oslo, Norway
Email: privacy@heimro.com

2. Personal Data We Collect

2.1 Information You Provide

  • Email, password, and account details
  • Property, room, and item information you input
  • Images and files you upload (e.g., room photos, receipts, floor plans)
  • Prompts, listing URLs, and content used for research and AI generation
  • Support messages or contact emails

2.2 Automatically Collected

  • IP address (short-term logs only)
  • Device, browser, and system metadata
  • Authentication events and security logs
  • Error logs for debugging and stability

2.3 Payments (Stripe)

Payment processing is handled by Stripe. We never store full card details.

2.4 OAuth Login Providers

If you log in via Google or Apple, we may receive your email, name, and account ID from the provider. We do not receive passwords.

2.5 AI Interaction Data

Text and images you submit for research or generation are sent to external AI providers strictly to produce outputs. We do not use customer content to train our own AI models. Third-party AI providers process content under their own terms. Where provider controls are available, we configure them to reduce retention and prevent training on customer content.

2.6 Email Communications

Email metadata (delivery status, timestamps, sender/recipient) is processed by Resend.

3. How We Use Personal Data

  • To operate your account and deliver the Heimro platform
  • To run AI generation, research agents, and price tracking jobs
  • To process payments and manage subscriptions
  • To diagnose errors, monitor performance, and prevent abuse
  • To send system notifications and support responses
  • To comply with legal obligations (tax, accounting, safety)

4. Legal Basis for Processing

Performance of Contract (Art. 6(1)(b))

Operating your account, running jobs, and delivering outputs.

Legitimate Interests (Art. 6(1)(f))

Security, diagnostics, fraud prevention, and platform improvement.

Consent (Art. 6(1)(a))

OAuth login, optional communications, and any future non-essential cookies.

Legal Obligation (Art. 6(1)(c))

Accounting, tax, compliance, and regulatory requirements.

5. Subprocessors & Service Providers

We do not sell personal data. We only share it with trusted subprocessors necessary to operate Heimro.

5.1 Core Infrastructure & Hosting

Supabase — database, authentication, row-level security
Cloudflare (R2) — object storage for images and files
Lovable — application platform, deployment, frontend hosting

5.2 Background Jobs & Agents

Trigger.dev — scheduling and execution of background jobs (price tracking, enrichment, AI workflows)

5.3 Payments

Stripe — subscription billing, invoicing, fraud prevention

5.4 Email Delivery

Resend — verification emails, notifications, system messages

5.5 Authentication Providers (OAuth)

Google and Apple — used only if you choose social login.

5.6 AI Model Providers

External AI services process the text and images you submit to generate outputs:

  • OpenAI
  • Google Gemini
  • Anthropic

5.7 Monitoring & Diagnostics

Sentry — error tracking and stability monitoring (no Session Replay).

6. International Data Transfers

Some subprocessors may process data outside the EEA. When this happens, we rely on EU–U.S. Data Privacy Framework (where applicable), Standard Contractual Clauses (SCCs), and adequacy decisions.

7. Data Retention

  • Account data — stored until account deletion
  • Logs — kept 30–180 days
  • AI interactions — short-lived unless tied to saved outputs
  • Images and files — retained until deleted by you or until account deletion
  • Payment records — retained per legal requirements

8. Your Rights

  • Access your data
  • Correct inaccurate information
  • Delete your data
  • Restrict processing
  • Data portability
  • Object to certain processing
  • Withdraw consent at any time

Contact: privacy@heimro.com. You also have the right to lodge a complaint with your local data protection authority.

9. Data Security

We use industry-standard encryption, strict access controls, Supabase row-level security (RLS), secure secret management, monitoring, and certified infrastructure providers (Lovable, Supabase, Cloudflare, Stripe). Details are available on our Security page.

10. Children's Privacy

The service is not intended for users under 16. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated by email or in-app notice.

12. Contact Us

Company: Feynn AS (operating Heimro)
Organisation Number: 936 609 961
Address: Carl Jeppesens Gate 22, 0481, Oslo, Norway
Email (privacy): privacy@heimro.com
Support: support@heimro.com