Legal

Privacy Policy (draft)

Not legal advice. Replace this draft with language that matches your real collection, use, sharing, retention, and regional obligations (including Massachusetts and, if applicable, GDPR/UK GDPR).

Who we are

Describe the operating entity (legal name, address). If you use subprocessors (e.g. Vercel, database host, Google OAuth, Twilio Verify, email provider), the final policy usually lists categories of vendors and links to their privacy terms.

Information you may collect

  • Account data: email, optional display name; password hash for email/password accounts.
  • Reviews: free text, rent and unit details, scores, amenities, year of lease, moderation flags.
  • Optional phone number and verification status if you use SMS verification.
  • Technical data: IP address, cookies or session tokens, logs for security and debugging.
  • Reports and admin actions on content.

How you use information

Final copy should cover: providing the service, authentication, moderation, abuse prevention, legal compliance, communicating with users, and product improvement. If you do not sell personal information, say so in plain language where required (e.g. some U.S. state laws).

Sharing and retention

Explain how long accounts, reviews, and logs are kept; when data is deleted or anonymized; and backups. Describe any required disclosures to law enforcement.

Security and rights

Summarize reasonable safeguards. List how users can access, correct, export, or delete data, and how you verify requests. If you operate only in the U.S., say so; if you have EU/UK users, address lawful bases and international transfers.

Children

State that the service is not directed at children under 13 (or under 16, per counsel) and that you do not knowingly collect their data—aligned with your Terms age rule.

See also Terms of Service (draft).

← Home