Privacy Policy
Last updated: May 26, 2026
This policy explains how Homeloop collects, uses and protects your personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable Spanish law.
1. Data Controller
Jorge Ariel Garrone, with address at Avenida Montserrat 15, Piso 1 Puerta 1, CP 08570 — Torelló, Barcelona, Spain. Email: privacy@gethomeloop.com. Acts as data controller under Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).
2. Information we collect
We collect the following personal data while you use Homeloop:
- Account data (via Clerk): email, name, profile picture, unique user identifier.
- Usage data: tasks (title, description, duration, dependencies), time blocks, schedules, family group members.
- Location data: GPS coordinates (latitude/longitude), only if you grant permission. Sent anonymously to the weather service to enrich scheduling; not stored linked to your identity.
- Subscription data: plan type (Pro/Family), status, period end date. Payment is processed by Google Play; Homeloop does not store card details.
- Technical data: push notification token, device language, last seen.
3. Purpose and legal basis for processing
We process your data for the following purposes, under the GDPR legal bases indicated:
- Service delivery: authentication, multi-device sync, AI schedule generation. Legal basis: contract performance (art. 6.1.b GDPR).
- Subscription and billing management. Legal basis: contract performance.
- Operational communications (service changes, policy updates, security). Legal basis: contractual and legal obligation.
- Product improvement from aggregated and anonymous data. Legal basis: legitimate interest (art. 6.1.f GDPR).
- Compliance with legal obligations (art. 6.1.c GDPR).
We do not engage in advertising profiling nor share your data with advertisers.
4. Third-party providers (data processors)
To provide the service we share data with the following providers. All act as data processors under contracts that ensure GDPR compliance:
Clerk
- Provider:
- Clerk, Inc. (United States)
- Data processed:
- Email, name, profile picture, unique identifier, authentication tokens
- Purpose:
- Authentication and account management
- Privacy policy:
- https://clerk.com/legal/privacy
RevenueCat
- Provider:
- RevenueCat, Inc. (United States)
- Data processed:
- Anonymous identifier, subscription status, transaction history (no card data)
- Purpose:
- In-app subscription and entitlement management
- Privacy policy:
- https://www.revenuecat.com/privacy/
Anthropic
- Provider:
- Anthropic, PBC (United States)
- Data processed:
- Task content (title, description, duration) used to generate schedules
- Purpose:
- AI-powered schedule generation
- Privacy policy:
- https://www.anthropic.com/legal/privacy
Fly.io
- Provider:
- Fly.io, Inc. (USA, processing in São Paulo, Brazil)
- Data processed:
- All traffic to the Homeloop backend
- Purpose:
- Backend hosting (API)
- Privacy policy:
- https://fly.io/legal/privacy-policy/
Supabase
- Provider:
- Supabase, Inc. (USA, data stored in São Paulo, Brazil)
- Data processed:
- All persistent data: accounts, families, tasks, schedules, time blocks, audit logs
- Purpose:
- Primary service database
- Privacy policy:
- https://supabase.com/privacy
Open-Meteo
- Provider:
- Open-Meteo (Switzerland)
- Data processed:
- Anonymous GPS coordinates (no user identifier)
- Purpose:
- Weather data for outdoor task scheduling
- Privacy policy:
- https://open-meteo.com/en/terms
Google Play Billing
- Provider:
- Google LLC (United States)
- Data processed:
- Payment information (handled entirely by Google; Homeloop never processes it) and transaction identifiers
- Purpose:
- Subscription payment processing
- Privacy policy:
- https://policies.google.com/privacy
5. International data transfers
Some of our providers process data outside the European Economic Area, mainly in the United States. These transfers rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission (art. 46 GDPR), or
- Adequacy decision (EU-US Data Privacy Framework, where the provider is certified).
You can request additional information about applied safeguards by writing to privacy@gethomeloop.com.
6. Data retention
We retain your data while your account is active. If you delete your account:
- Your personal and usage data are deleted within 30 days at the latest.
- Audit logs are kept up to 12 months for security and legal compliance purposes.
- Billing data is kept for the legally required period (up to 6 years in Spain under the General Tax Law).
7. Security
We apply appropriate technical and organizational measures to protect your data: in-transit encryption (TLS 1.2+), at-rest encryption in the database, role-based access control, event auditing, and daily backups with at least 7-day retention. Authentication is managed by Clerk with OAuth/OIDC standards.
8. Your rights
Under the GDPR, you can exercise the following rights at any time by writing to privacy@gethomeloop.com:
- Right of access: get confirmation and a copy of your data.
- Right to rectification: correct inaccurate data.
- Right to erasure (right to be forgotten): request deletion of your data.
- Right to restriction of processing.
- Right to data portability: receive your data in a structured format.
- Right to object to processing.
- Right to withdraw consent at any time.
- Right to lodge a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es.
We will respond to your request within 30 days.
9. Minors
Homeloop is not directed to children under 16. We do not knowingly collect data from minors under that age. If we detect that a minor has created an account without their guardian's consent, we will delete it.
10. Cookies
The Homeloop mobile app does not use cookies (mobile apps use native tokens). The gethomeloop.com website uses only strictly necessary technical cookies; it does not use analytics, advertising or tracking cookies that would require prior consent.
11. Changes to this policy
We may update this policy to reflect changes to the service or applicable law. Any significant change will be communicated by email or within the app before taking effect. The last-updated date appears at the top of this document.
12. Contact and supervisory authority
For any question about this policy or how we handle your data, you can contact us at privacy@gethomeloop.com.
If you believe your rights have not been properly addressed, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.