Hovioo

Privacy Policy

Effective: June 22, 2026

Hovioo ("we", "us", "our") operates the Hovioo real-estate platform (mobile app, web app, and admin tools, collectively the "Service"). This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and the rights you have over it. It applies to all users of the Service.

1. Information we collect

  • Account information — email address, first name, last name, country, hashed password. Collected when you create an account.
  • Listing content — property descriptions, addresses, prices, photos, amenity flags, and any other content you submit when publishing a listing.
  • Location data — approximate (city-level) location for searching nearby properties, and precise location (only with your explicit OS-level permission) for "near me" search and saved searches.
  • Messages — message content you send to other users (e.g. inquiries to property owners), and the parties to those messages.
  • Device and usage data — IP address, device type, OS version, app version, crash reports, error events, and basic interaction analytics (which screens you visit, which actions you take). Used to operate and improve the Service.
  • Cookies and similar technologies — only for session authentication (an httpOnly cookie storing your auth token). No advertising or third-party tracking cookies.

2. Why we use your information

  • To create and authenticate your account, and keep you signed in.
  • To operate the Service — display listings, route messages, save favorites and searches, send notifications about properties matching your saved searches.
  • To send transactional email (password reset, listing approval/rejection, message notifications, account-related notices).
  • To detect and prevent abuse, fraud, spam, and security threats.
  • To comply with legal obligations and respond to lawful requests.
  • To improve the Service via aggregate analytics and crash reports.

3. Who we share with

We do not sell your personal information. We share data only with service providers strictly needed to operate the Service:

  • DigitalOcean (cloud infrastructure, Frankfurt, Germany) — hosts our database and servers.
  • Cloudflare (DNS) — resolves domain names for our domain.
  • Resend (transactional email) — sends emails on our behalf (password resets, alerts).
  • Sentry (error tracking) — captures application crashes and errors to help us fix bugs.
  • Vercel (admin panel hosting) — hosts the administrator interface.

All processors are bound by data-processing agreements that require them to handle your data only on our instructions and to provide reasonable security safeguards.

4. Data retention

  • Account data — retained while your account is active. Deleted within 30 days of account closure (subject to legal-hold exceptions).
  • Listings — retained while published; soft-deleted on removal and purged after 90 days.
  • Messages — retained for 18 months after the last interaction.
  • Server logs / crash reports — retained for 30 days.
  • Database backups — retained for up to 7 days.

5. Your rights

You can at any time:

  • Access, correct, or delete your account information from the in-app Settings → Profile screen.
  • Request a full export of your data by emailing us.
  • Request immediate deletion of your account and associated data by emailing us.
  • Opt out of non-essential email notifications (Settings → Notifications).
  • Withdraw OS-level permissions (location, photos, camera) at any time via your device settings.

6. Security

We use industry-standard safeguards including TLS encryption for all data in transit, encryption at rest for our database, hashed and salted passwords (bcrypt), rate limiting on authentication endpoints, role-based access controls for administrators, and audit logging for sensitive operations. No system is completely secure; we cannot guarantee absolute security.

7. Children's privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with their data, contact us and we will delete it.

8. International transfers

Your data is stored in the European Union (DigitalOcean Frankfurt region). Where processors operate from other countries (e.g. the United States for Sentry and Vercel), we rely on Standard Contractual Clauses and similar safeguards approved by the European Commission.

9. Changes

We may update this Policy from time to time. Material changes will be notified via email and a banner in the app at least 30 days before they take effect. The "Effective" date at the top of this page indicates the latest version.

10. Contact

For questions about this Policy or to exercise your rights, contact us at privacy@hovioo.com.

Local data-protection authority — If you are a resident of Tunisia, you may file a complaint with the Instance Nationale de Protection des Données Personnelles (INPDP, https://www.inpdp.nat.tn). EU residents may contact their local supervisory authority.

Terms of Service · Privacy Policy · © 2026 Hovioo