Privacy Policy

Last updated: June 2, 2026

Homekept is a service that helps homeowners track home maintenance, receive reminders, and exchange quotes with local contractors. This page explains what data we collect, why, and what you can do about it. We've tried to write it plainly.

1. What we collect

From you, directly

• Account info: your email address, an optional display name, an optional phone number, and your password (hashed — we never see the plaintext). If you sign in with Apple or Google, we receive the email associated with that identity plus an opaque user id from the provider.
• Home information you enter: address, year built, square footage, bedrooms, bathrooms, photos, and any maintenance tasks or logs you create. When you pick an address from the autocomplete we also store its approximate coordinates (latitude / longitude from the Google Places result) so we can surface local contractors first when you request a quote.
• Quote requests and messages: when you contact a contractor through Homekept, we store the request, any attached photos, and the conversation that follows.

Generated as you use the app

• Device tokens for push notifications (only if you opt in).
• Server logs with request metadata (timestamps, route paths, HTTP status). We do not log message bodies or attachment content. Recipient email addresses and other personal identifiers are scrubbed from error logs.
• In-app activity: which house you last opened, which tasks you completed and when. Used to power the home-score calculation and to sort your house list by most-recently-used. We do not record taps, swipes, or scroll positions.
• Crash reports: if the app crashes, Expo's built-in crash reporter sends a stack trace and device model to our servers so we can diagnose the problem. Crash reports contain no personal content from your account.
• Time-zone of your device so reminders fire at the right local time.
• Web analytics on homekept.app (the marketing site): aggregated pageviews, referrer, country, device type. Used to understand which channels people arrive from. See "Cookies" below.

2. Why we collect it

• To run the service: render your dashboard, send the reminders you asked for, deliver the messages you exchanged with contractors.
• To generate suggested maintenance schedules and cost estimates, using Claude (Anthropic) as the LLM. Your home's address, year built, and square footage are sent to Claude; no contact info, messages, or photos.
• To deliver email (via Postmark) when you send a quote or when a contractor replies. Your real email address is never exposed to a contractor — replies are routed through a Homekept relay address.

3. Who else sees your data

• Contractors you contact: see your masked display label (e.g. "Robson P."), the title and notes of the quote you sent them, and any photos you attached. They do not see your real email address or phone number unless you explicitly include them in a message.
• Service providers we use to run Homekept:
  • Google Cloud (hosting, database, storage) — your data lives here.
  • Postmark (transactional email delivery) — sees the messages we send to contractors and the replies they send back.
  • Anthropic (Claude API, for maintenance suggestions) — sees the limited house metadata described above.
  • Firebase (auth, push notification routing) — sees your device tokens and authentication state.
  • Google Analytics 4 (web analytics on homekept.app) — sees aggregated visit data described above. We have not enabled Google Signals, advertising features, or any cross-property identity sharing.
  We do not sell your data and we don't share it with advertisers.

4. Cookies

The marketing site at homekept.app sets a small number of first-party cookies used by Google Analytics 4 (_ga and related) to distinguish unique visitors and stitch together pageviews within a visit. They expire automatically (typically within 2 years) and contain no personal information beyond a random identifier. You can block them in your browser's settings without affecting your ability to use the Homekept app itself — the mobile app does not use cookies.

5. How long we keep it

As long as your account exists. When you delete your account (see below), we delete your user record immediately. This cascades to your homes, maintenance tasks, logs, photos, and push tokens. Messages you sent to a contractor remain in the contractor's thread for their records, but your identifying information is removed.

6. How to delete your account

Open the Homekept app → tap the profile icon (top-right of the home screen) → Delete account. Confirm. Your account is deleted immediately. There is no recovery window. If you have a problem accessing the app, email us at hello@homekept.app from the address associated with your account and we'll delete it manually within five business days.

7. Children

Homekept is not directed to children under 13. We do not knowingly collect data from anyone under 13. If you believe we have, email us and we'll delete it.

8. Security

Your password is hashed with bcrypt; we cannot see it. JWTs are stored on your device in Keychain (iOS) or EncryptedSharedPreferences (Android), not in plaintext. All API traffic is HTTPS. Photo storage is private — only authenticated users with access to the resource can fetch a given image. Photos uploaded to a quote thread have EXIF / GPS metadata stripped before they reach storage so your location is not embedded in the file.

9. Changes to this policy

We'll post the new version at this URL and update the "Last updated" date at the top. If we make a material change we'll also notify you in-app on next sign-in.

10. Contact

Questions, concerns, or a data-deletion request you can't complete in-app: email hello@homekept.app.