Skip to main content
App|

Privacy Policy

Privacy Policy

Last updated: February 23, 2026

1. Information We Collect

When you use HomeIQ, we collect the following information:

  • Account information: Name, email address, and profile image from your Google account when you sign in via OAuth.
  • Financial inputs: Income, debts, savings, and location data you enter into the affordability calculator. These are used solely to generate your analysis and are not shared with third parties.
  • Saved reports: If you choose to save a report, we store the analysis results linked to your account.
  • Usage data: API request metadata (route, status, response time) for operational monitoring. This does not include your financial inputs.
  • Feedback: Optional thumbs up/down ratings and comments you provide on analysis results.
  • Product analytics: Anonymized interaction data such as page views, button clicks, and feature usage, collected via PostHog to help us improve the product. This data is not linked to your financial inputs.

2. How We Use Your Information

  • Generate personalized home affordability analyses using AI agents.
  • Store saved reports so you can access them across sessions.
  • Monitor and improve service reliability and performance.
  • Evaluate AI response quality to improve accuracy and safety.

3. Third-Party Services

We use the following third-party services to operate the application:

  • Anthropic (Claude AI): Processes your financial inputs to generate analysis. Inputs are sent to the API but are not retained by Anthropic per their data usage policies.
  • Google OAuth: Handles authentication. We receive your name, email, and profile image.
  • Mapbox: Provides address autocomplete and geocoding. Address queries are sent to their API.
  • Langfuse: Tracks AI generation quality metrics (token counts, latency). No PII is sent.
  • Sentry: Captures application errors for debugging. Error context may include route paths but not financial data.
  • Stripe: Processes subscription payments for Pro plans. We do not store credit card numbers; all payment data is handled by Stripe per their PCI-DSS compliance. We store only your Stripe customer ID.
  • Realtor.com (via RapidAPI): Fetches matching property listings based on your location and budget. Location queries are sent to their API; no financial data is shared.
  • Neon (PostgreSQL): Hosts our database. Data is encrypted in transit (TLS). See Section 6 for encryption at rest.
  • PostHog: Collects anonymized product analytics (page views, clicks, feature usage) to help us understand how people use the app and run A/B tests. PostHog respects browser Do Not Track settings. No financial data is sent.

4. Data Retention

We retain data for the minimum period necessary:

  • Saved reports: Retained until you delete them or delete your account.
  • Usage events & error logs: Automatically purged after 90 days.
  • LLM cost records: Automatically purged after 90 days.
  • Feedback: Retained for up to 1 year, then purged.
  • OAuth tokens: Stored encrypted. Revoked when you unlink your account.
  • Subscription data: Stripe customer ID and plan tier are retained while your account is active. Deleted upon account deletion.

5. Your Rights

You have the right to:

  • Access: View all data associated with your account via the Saved Reports page.
  • Deletion: Delete individual saved reports at any time. To delete your entire account and all associated data, contact us at the email below.
  • Portability: Export your reports as PDF from the results dashboard.
  • Rectification: Re-run an analysis with corrected inputs at any time.

6. Data Security

We implement the following security measures:

  • All data in transit is encrypted via TLS (HTTPS enforced with HSTS).
  • Sensitive fields (OAuth tokens) are encrypted at rest using AES-256-GCM.
  • Content Security Policy (CSP) headers prevent XSS and data injection.
  • API inputs are validated with Zod schemas to prevent injection attacks.
  • Rate limiting protects against abuse.
  • Admin access is restricted to an allowlist of authorized emails.

7. Cookies

We use the following cookies:

  • Session cookie: A secure, HTTP-only JWT cookie for authentication. This is strictly necessary for the service to function when you sign in.
  • Analytics cookie: PostHog sets a first-party cookie to distinguish unique visitors and measure feature usage. This cookie does not contain personal information and is not shared with advertisers. It is not set if your browser has Do Not Track enabled.

We do not use advertising cookies or third-party tracking cookies.

8. Children's Privacy

This service is not directed at children under 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the service after changes constitutes acceptance.

10. Contact

For privacy-related questions or data deletion requests, contact us at: privacy@aicalculator.homes