Privacy Policy

We keep this short and plain. Here is what we collect, why we collect it, and what we do — and don't do — with it.

Last updated: May 2026

What we collect

Account information. When you sign in we collect your email address. If you complete your profile, we also store your first and last name. We do not collect a password — authentication is handled via magic links sent to your email.

Listing content. When you post an apartment, we store the details you provide: description, pricing, photos, availability, and the neighborhood of the listing. Photos are stored on our CDN.

Usage data. We collect aggregate site-visit counts (total, daily, and monthly) to understand traffic. We do not build individual user profiles from browsing behavior or use third-party advertising trackers.

Cookies. We set a single authentication cookie after you sign in so you stay logged in across page loads. We do not set advertising or tracking cookies.

How we use it

  • To authenticate you and keep your session active.
  • To display your listings and saved apartments to you.
  • To send transactional emails — magic-link sign-ins and any confirmations you explicitly request.
  • To understand how the platform is being used at an aggregate level so we can improve it.

We do not sell your data. We do not use your information for behavioral advertising. We do not share it with third parties except the infrastructure providers that run the platform (hosting, email delivery, image storage).

How long we keep it

We retain your account information and listings for as long as your account is active. If you delete your account, your profile and listings are soft-deleted immediately and purged from our systems within 30 days. Email addresses in our newsletter list are retained until you unsubscribe.

Your rights

You can view and update your profile at any time from your account settings. You can delete your account from the profile page — this removes your personal information and all your listings. If you want a copy of the data we hold about you, or have any other privacy-related request, contact us and we will respond within 30 days.

Security

We use HTTPS everywhere, store passwords in hashed form (we don't actually store passwords at all — magic-link auth means there's nothing to hash), and use short-lived signed tokens for authentication. Access to production systems is restricted to the core team.

No system is perfectly secure. If you discover a vulnerability, please contact us responsibly rather than exploiting it.

Changes to this policy

If we make material changes to this policy we will update the date at the top and, where appropriate, notify users by email. Continued use of the platform after changes are posted constitutes your acceptance of the revised policy.