Privacy Policy

2. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

• Consent (Art. 6(1)(a) GDPR): When you explicitly consent to data processing, such as signing up for our service
• Contract Performance (Art. 6(1)(b) GDPR): To provide our apartment hunting services to you
• Legal Obligation (Art. 6(1)(c) GDPR): To comply with tax, accounting, and other legal requirements
• Legitimate Interest (Art. 6(1)(f) GDPR): For service improvement, fraud prevention, and security

3. Data We Collect

3.1 Personal Information

• Name, email address, phone number
• Age, nationality, occupation, income information
• Move-in date preferences and apartment search criteria
• Identification documents (when required for landlord applications)
• SCHUFA or credit history information (with your explicit consent)

3.2 Authentication Data

• Email and password (encrypted)
• OAuth provider information (Google, Apple) if you choose social login

3.3 Third-Party Platform Credentials

• Login credentials for WG-Gesucht, Immowelt, eBay Kleinanzeigen, Facebook Marketplace
• These are encrypted at rest and only accessed when performing actions on your behalf

3.4 Communication Data

• Messages sent to landlords and potential co-tenants on your behalf
• Communication history with our support team
• WhatsApp messages (for WG message approvals)

3.5 Technical Data

• IP address, browser type, device information
• Cookies and similar tracking technologies
• Usage data and analytics

3.6 Payment Information

• Payment data is processed by Stripe (our payment processor)
• We store only subscription status and payment history metadata
• We do not store full credit card numbers

4. How We Use Your Data

• Service Delivery: Create and manage accounts on apartment platforms, contact landlords, schedule viewings
• Communication: Send service updates, respond to inquiries, provide customer support
• Payment Processing: Process subscription payments and manage billing
• Legal Compliance: Comply with tax, accounting, and regulatory obligations
• Service Improvement: Analyze usage patterns to improve our service
• Security: Detect and prevent fraud, abuse, and security incidents

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share data with the following categories of processors:

• Supabase: Database and authentication (EU/US - Standard Contractual Clauses)
• Stripe: Payment processing (GDPR compliant)
• Vercel: Hosting and infrastructure (GDPR compliant)
• Resend/Postmark: Email delivery (GDPR compliant)

5.2 Apartment Platforms

We share necessary information with landlords and co-tenants through platforms like WG-Gesucht, Immowelt, etc., as required to fulfill our service obligations.

5.3 Legal Obligations

We may disclose your data if required by law, court order, or to protect our rights or the safety of others.

5.4 No Data Sales

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

6. International Data Transfers

As an Indian company providing services to EU/EEA residents, your personal data is transferred from the EU to India. India does not currently have an adequacy decision from the European Commission. We ensure adequate protection for international data transfers through:

• EU Standard Contractual Clauses (SCCs) as approved by the European Commission
• Appropriate technical and organizational security measures
• EU Representative based in Frankfurt, Germany for GDPR compliance matters
• Compliance with GDPR requirements for data transfers to third countries

Additionally, some of our service providers (Supabase, Stripe, Vercel) are located outside India and may transfer data to the EU/US, which is protected through their own Standard Contractual Clauses and adequacy mechanisms.

7. Data Retention

• Active accounts: Data is retained as long as your account is active
• Deleted accounts: Data is deleted within 30 days of account deletion, except where legal obligations require longer retention
• Financial records: Retained for 10 years per German tax law (HGB/AO)
• Marketing consent: Withdrawn consent data is deleted immediately

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access (Art. 15 GDPR): Request a copy of your personal data
• Right to Rectification (Art. 16 GDPR): Correct inaccurate or incomplete data
• Right to Erasure (Art. 17 GDPR): Request deletion of your data ("right to be forgotten")
• Right to Restriction (Art. 18 GDPR): Limit how we use your data
• Right to Data Portability (Art. 20 GDPR): Receive your data in a machine-readable format
• Right to Object (Art. 21 GDPR): Object to data processing based on legitimate interests
• Right to Withdraw Consent (Art. 7(3) GDPR): Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your data protection authority

To exercise these rights, contact us at privacy@hausscout.com. We will respond within 30 days as required by GDPR.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• End-to-end encryption for sensitive credentials
• SSL/TLS encryption for data in transit
• Access controls and authentication
• Regular security audits and updates
• Employee confidentiality agreements
• Incident response procedures

10. Cookies and Tracking

We use the following types of cookies:

• Essential cookies: Required for service functionality (authentication, session management)
• Analytics cookies: Understand how you use our service (with consent)
• Marketing cookies: Not currently used

You can control cookies through your browser settings. Disabling essential cookies may affect functionality.

11. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect data from children. If we become aware that we have collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent notice on our website at least 30 days before the changes take effect.

13. Contact & Data Protection Officer

For privacy-related questions or to exercise your rights, contact us:

• Company: Cricinshots Gaming Private Limited
• Service: HausScout
• Registered Office: India
• EU Representative: Frankfurt, Germany
• Email: privacy@hausscout.com

Supervisory Authority (Germany):
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153, 53117 Bonn, Germany
Website: www.bfdi.bund.de

14. Consent Withdrawal

You can withdraw your consent at any time by emailing us at privacy@hausscout.com or through your account settings. This will not affect the lawfulness of processing based on consent before its withdrawal.