HomeHQ

Privacy

HomeHQ Privacy Policy

Last updated: May 2026

Summary

  • We never sell your data and never use it for advertising.
  • We never train AI models on your household's content. Our AI processors operate under zero-retention agreements.
  • Email and inbox scanning is opt-in per inbox and scoped to domains you choose. We never request SMS or iMessage access.
  • You can export or delete everything at any time.

Who we are

HomeHQ ("HomeHQ," "we," "us") is the service available at homehqapp.com. Contact us any time at hello@homehqapp.com.

Information we collect

  • Account info. Your email address (required for sign-in via magic link), display name, and — if you opt into SMS — a phone number you provide. We do not use passwords.
  • Household content. Tasks, lists, list items, calendar events, house manual entries, medical records, and photos you upload. Members you add (partner, kids, caregivers) including the display name and color you set for each.
  • Connected accounts. When you connect Google Calendar, Gmail, Apple iCloud, or Microsoft Outlook, we store an encrypted OAuth refresh token so we can sync on your behalf. We only request the scopes strictly needed (calendar events, narrowly-scoped email read access).
  • Voice recordings. Audio you record in the "Voice task" tool is sent to OpenAI's Whisper API for transcription, then discarded. We do not retain the audio after transcription.
  • Photos. Photos you attach to tasks, manual entries, or medical records are stored with unguessable URLs in Vercel Blob. They are not indexed publicly.
  • Payment info. Billing is handled by Stripe. We never see or store your card number; we only store the Stripe customer and subscription identifiers so we can match a payment to your household.
  • Operational logs. Standard request logs (IP, user agent, timestamp), used for security and debugging. Retained ~30 days.
  • Cookies. A single session cookie that keeps you signed in. No third-party advertising or tracking cookies.

How we use it

Everything we collect is used only to run HomeHQ for you — to show your tasks and calendar, sync to your connected accounts, generate the daily brief, extract tasks from inputs you voluntarily provide (a photo, a voice memo, an email in an inbox you connected), deliver notifications you opted into, and process your subscription. We do not use household content for advertising, marketing, or training third-party models.

AI processing

HomeHQ uses two AI providers to power features you trigger: Anthropic (Claude) for extracting tasks from photos and emails and for composing daily briefs, and OpenAI (Whisper) for voice transcription. Both providers process content under zero-data-retention terms — they do not retain your inputs after the response is returned, and your content is not used to train their models. Every AI suggestion is shown to you as a draft you confirm before it touches your calendar or task list.

Email scanning is opt-in and scoped

If you connect an inbox (Gmail or Outlook), HomeHQ only reads email from sender domains you add to your scope filter — for example your school, doctor, sports league, or daycare. We never read marital, financial, or therapeutic correspondence, and we never scan email outside the domains you authorized. You can disconnect an inbox at any time in /settings/inbox.

We never request SMS or iMessage access on any platform.

Subprocessors

These vendors process small slices of your data on our behalf, each under their own contractual privacy commitments:

  • Vercel — application hosting and photo storage (Vercel Blob).
  • Neon — managed Postgres database (US region).
  • Resend — transactional email delivery (sign-in links, daily brief, invitations).
  • Twilio — SMS delivery for the morning brief (only if you opt in).
  • Anthropic — AI task extraction and brief composition. Zero data retention.
  • OpenAI — voice transcription (Whisper) only, no chat or image models.
  • Stripe — payment processing for paid subscriptions.
  • Google — only if you connect Google Calendar or Gmail. Scopes limited to what each feature needs.
  • Apple iCloud — only if you connect Apple Calendar (CalDAV).
  • Microsoft Graph — only if you connect Outlook.
  • Amazon Alexa — only if you enable the HomeHQ skill. Linked accounts receive an opaque access token; Amazon never sees your household content directly — it sends voice intents that our servers fulfill.

Security

Traffic is encrypted in transit (TLS). Sensitive fields — OAuth refresh tokens, SMS subscriber details — are encrypted at rest with AES-256-GCM using a key stored separately from the database. We use magic-link sign-in only; we do not store passwords, which removes the largest class of breach risk.

Data retention

We keep your data as long as your account exists. When you delete your account from /account, your household, tasks, lists, calendar events, manual entries, medical records, photos, members, and connected-integration tokens are deleted within 30 days. Stripe retains billing records as required by US tax law. Operational logs roll off automatically after ~30 days.

Your rights

  • Access & export. Email us and we will provide a copy of your household's content in JSON within 30 days.
  • Correction. You can edit any field directly in the app.
  • Deletion. Delete your account from /account. Or email us to request deletion.
  • Opt-out. Disable any notification channel in /account → Notifications. Disconnect any integration in /settings.

If you live in California, you have the rights described in the CCPA — to know, delete, correct, and opt out of any sale of personal information. We don't sell personal information. If you live in the EU/UK, the GDPR rights of access, rectification, erasure, restriction, portability, and objection apply. Reach us at hello@homehqapp.com.

Children

HomeHQ accounts are for adults (13+). You can add children as members of your household — but a child member without their own login is purely a label (name, color, age if you provide it) that the adult account holder controls. We don't collect data from children directly. Parents and guardians are responsible for any information they add about their kids.

Changes to this policy

If we make material changes, we'll email everyone with an active account and post the change here with an updated date.

Contact

HomeHQ · hello@homehqapp.com · homehqapp.com

← Back to HomeHQ·Terms·SMS Terms·Help