Privacy Policy

Last updated: March 28, 2026

1. Information We Collect

When you create an account, we collect:

  • Account information: Name, email address, and password (hashed with bcrypt — we never store or see your plain-text password).
  • Google account data: If you sign in with Google, we receive your name and email from your Google profile. We do not access your contacts, calendar, or other Google data.
  • Home data: Home names, addresses, improvement records, asset inventories, warranty details, and maintenance schedules you enter.
  • Photos and receipts: Images you upload are stored as part of your account data.
  • Payment information: Processed securely by Stripe. We never store your credit card number on our servers.

2. How We Use Your Information

  • To provide and maintain the DwellRecord service.
  • To send transactional emails: account verification, password resets, family sharing invites.
  • To send periodic reminder emails about updating your records, warranty expirations, and maintenance schedules.
  • To process subscription payments through Stripe.
  • To improve our product through anonymized, aggregated usage analytics.

3. Data Storage and Security

  • Your data is stored on Neon, a SOC 2 compliant, encrypted PostgreSQL database with automated backups and point-in-time recovery.
  • All data in transit is encrypted via 256-bit TLS/SSL through Cloudflare.
  • Passwords are hashed with bcrypt (12 rounds).
  • Sessions use httpOnly, Secure, SameSite cookies.
  • We implement rate limiting, account lockout, and CSRF protection.

4. Third-Party Services

We use the following third-party services:

  • Stripe — payment processing
  • Google OAuth — optional sign-in
  • Resend — transactional emails
  • Cloudflare — DNS, CDN, and DDoS protection
  • Railway — application hosting
  • Google Analytics, Microsoft Clarity, Contentsquare — anonymized usage analytics
  • Anthropic (Claude AI) — receipt OCR processing (image data is not stored by Anthropic)

5. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Your home data, improvement records, and asset inventories are never shared with anyone except family members you explicitly invite.

6. Data Retention and Deletion

Your data is retained for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us at [email protected]. Upon deletion, all personal data, home records, and uploaded files are permanently removed within 30 days.

7. Cookies

We use essential cookies for authentication and session management. We also use analytics cookies (Google Analytics, Microsoft Clarity) to understand how visitors use our site. These do not contain personal information.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Export your data (via PDF reports).

9. Children's Privacy

DwellRecord is not intended for use by children under 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or requests, contact us at [email protected] or use our contact form.