Privacy Policy

Golden Key Estates LLC ("Company," "we," "us," or "our") operates the Hauseora platform (the "Service"). This Privacy Policy explains what information we collect, how we use it, and what choices you have.

We take your privacy seriously. Your home is personal, and the data you store with us deserves the same level of care. We do not sell your data. We do not use it for advertising. We use it only to provide and improve the Service.

1. Information We Collect

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Store your property data, manage tasks, coordinate vendors, and deliver the core functionality of Hauseora.
• Process payments: Manage your subscription, process charges, and handle billing inquiries.
• Communicate with you: Send account notifications, billing receipts, security alerts, and service updates. We may also send product tips and announcements, which you can opt out of at any time.
• Improve the Service: Analyze usage patterns to fix bugs, improve performance, and develop new features.
• Provide support: Respond to your questions, troubleshoot issues, and resolve disputes.
• Ensure security: Detect and prevent fraud, abuse, and unauthorized access.
• Comply with legal obligations: Respond to lawful requests from government authorities and comply with applicable law.

3. Data Storage & Security

Your data is stored on cloud infrastructure provided by Supabase (backed by AWS). All data is encrypted in transit (TLS/SSL) and at rest. We implement industry-standard security measures including:

• Encrypted database connections
• Row-level security policies that ensure you can only access your own data
• Field-level encryption (AES-256-GCM) for sensitive data such as access codes, gate codes, and OAuth tokens
• Secure authentication with hashed passwords
• Regular security reviews of our infrastructure

While we take reasonable precautions to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents. See Section 15 for our breach-notification commitment.

4. Third-Party Services (Sub-processors)

We use a limited number of third-party services to operate the Service. Each receives only the data necessary for their function:

5. AI Processing

Hauseora includes AI-powered features such as the in-app assistant. When you use these features, your prompts and the relevant context drawn from your account (e.g., property names, vendor names, task descriptions, briefing summaries) are transmitted to our AI provider, OpenAI, for processing.

We have configured this integration so that:

• Your data is not used to train OpenAI models or any third-party model.
• AI conversations are not connected to advertising or third-party marketing systems.
• OpenAI may retain prompts for a limited period for abuse monitoring, after which they are deleted in accordance with their API data-handling policy.

You can avoid AI processing of any specific information by not entering it into AI features. If you require AI features to be disabled on your account, contact us at privacy@hauseora.com.

6. Data Sharing

We do not sell, rent, or trade your personal information to third parties.

We may share your information only in the following limited circumstances:

• Service providers: With the sub-processors listed in Section 4, solely to operate the Service.
• Legal requirements: When required by law, subpoena, court order, or governmental regulation.
• Safety: To protect the rights, safety, or property of Golden Key Estates LLC, our users, or the public.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you before your data is subject to a different privacy policy.
• With your consent: In any other case, only with your explicit permission.

7. Your Rights

You have the following rights regarding your data:

• Access: You can access all of your data through the Service at any time. You may also request a copy of your data by contacting us.
• Correction: You can update or correct your information directly through your account settings.
• Deletion: You can request deletion of your account and all associated data by contacting us. We will process deletion requests within 30 days, except where we are legally required to retain certain information.
• Export (Portability): You can request an export of your data in a standard, machine-readable format.
• Opt out of communications: You can unsubscribe from marketing emails using the link at the bottom of those emails. You can disable push notifications through your browser or device settings, or by toggling notification preferences within the Service. You cannot opt out of essential service communications (such as billing and security alerts).

To exercise any of these rights, contact us at privacy@hauseora.com.

8. Data Retention

We retain your data for as long as your account is active and as needed to provide the Service. After you close your account or request deletion:

• Your property data, documents, and content are deleted within 30 days.
• Billing records may be retained for up to 7 years to comply with tax and accounting obligations.
• Anonymized, aggregated usage data (which cannot identify you) may be retained indefinitely to improve the Service.
• Backups containing your data are purged within 90 days of deletion.

9. Data of Household Members & Staff

If you use Hauseora to manage information about household staff, vendors, or other individuals, you are responsible for ensuring you have appropriate permission to store their contact information and related data in the Service.

We process this data on your behalf, as directed by you. If a person whose data you have stored contacts us with a privacy request, we will direct them to you and assist you in fulfilling the request.

10. Cookies

We use cookies only for essential functionality:

• Authentication cookies: To keep you logged in and maintain your session.
• Preference cookies: To remember your settings and preferences.
• Security cookies: To support security features and detect unauthorized activity.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies that follow you across other websites. You can manage cookies through your browser settings, though disabling essential cookies may prevent the Service from functioning properly.

11. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Because there is no industry-wide standard for honoring DNT signals, the Service does not currently respond to them. We do not, however, track you across third-party websites or use behavioral advertising regardless of DNT status. See Section 10 for our cookies practices.

12. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal data, please contact us at privacy@hauseora.com.

13. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

• Right to know: You may request a description of the personal information we have collected about you in the past 12 months, including the categories of sources, purposes of collection, and any third parties with whom we shared it.
• Right to delete: You may request deletion of your personal information, subject to certain legal exceptions.
• Right to correct: You may request correction of inaccurate personal information we hold about you.
• Right to opt out of sale or sharing: We do not sell or share personal information for cross-context behavioral advertising. There is nothing to opt out of.
• Right to limit use of sensitive personal information: See Section 14.
• Non-discrimination: We will not discriminate against you for exercising your CCPA or CPRA rights.

"Shine the Light" disclosure: California Civil Code § 1798.83 entitles California residents to request information about disclosures of personal information to third parties for those parties' direct marketing purposes. Hauseora does not share personal information with third parties for their direct marketing purposes.

To submit a CCPA/CPRA request, contact us at privacy@hauseora.com. We will verify your identity before processing any request and respond within 45 days (or as required by law).

14. Sensitive Personal Information

The CPRA defines a category of "sensitive personal information." In limited circumstances, we may collect:

• Account login credentials: Email and password (passwords are stored only as one-way hashes) to authenticate you to the Service.
• Geolocation data: Only if you choose to enter property addresses or upload location-tagged content.
• Property access information: Gate codes, alarm codes, Wi-Fi passwords, and similar codes you choose to store. These are encrypted with AES-256-GCM at rest.

We use sensitive personal information only as necessary to provide the Service, secure your account, and comply with law. We do not use it to infer characteristics about you, sell it, or share it for cross-context behavioral advertising. California residents have the right to limit our use of sensitive personal information; contact us at privacy@hauseora.com to exercise this right.

15. Security Breach Notification

If we become aware of a security breach affecting your personal information, we will notify you without undue delay and, where required by law, within seventy-two (72) hours of discovery. The notification will describe the nature of the breach, the categories of information affected, the steps we are taking to mitigate harm, and recommended actions you can take. We will use the email address associated with your account for notification.

16. Data Processing Agreement

If you use Hauseora as a business or on behalf of an organization that requires a separate data processing agreement (DPA), please contact us at privacy@hauseora.com. We will provide our standard DPA on request, which incorporates Standard Contractual Clauses where required for international transfers.

17. International Users

The Service is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, where data protection laws may differ from those of your jurisdiction. By using the Service, you consent to this transfer and processing.

18. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

20. Contact Information

If you have questions about this Privacy Policy or how we handle your data, please contact us: