Privacy Policy

When you use Roomit AI, we collect the following categories of data:

• Identifiers. We generate a unique user ID when you create an account, and we collect your device ID to help prevent fraud and secure your account.
• Contact information. We collect your email address and phone number. Your phone number is used for one-time password (OTP) verification and account recovery.
• User content. This includes profile photos, bio information, messages you send to other users, and any photos or descriptions you add to room listings.
• Location. We collect approximate location (city or neighborhood level) to show you relevant matches and listings nearby. We do not track your precise GPS coordinates in the background.
• Diagnostics. We collect crash logs and performance data via Sentry to identify and fix bugs.
• Usage data. We collect anonymized analytics via PostHog to understand how features are used and improve the app. This data is not linked to your personal identity.

We use your data for the following purposes:

• To provide the core roommate matching and messaging service
• To verify your identity and prevent fraud or abuse
• To enable communication between matched users
• To diagnose crashes and improve app stability
• To understand feature usage and guide product development

Your data is stored in encrypted databases hosted by Supabase. Profile photos and listing media are stored in secure cloud storage with strict access controls. Messages are encrypted at rest. All data in transit is protected with industry-standard TLS.

We do not store your government ID document images after verification is complete. Verification results are stored as a status flag, not as raw document data.

We do not sell your personal information. We share data only with trusted sub-processors who help us operate the app:

• Supabase — database and file storage
• Sentry — crash reporting and diagnostics
• PostHog — product analytics (anonymized)
• RevenueCat — subscription management and billing
• OpenAI — AI assistant features (profile writing, question suggestions). Under our enterprise agreement, OpenAI does not retain your data for training purposes.

Each sub-processor is contractually bound to use your data only for the specific services they provide to us and to maintain appropriate security measures.

• Account data is retained until you delete your account.
• Messages are retained for 12 months after account deletion, then permanently erased.
• Analytics and diagnostics data are anonymized within 90 days of collection.
• You can request immediate deletion of your data at any time (see Your Rights below).

You have the following rights regarding your data:

• Access. You can view all data associated with your account in the app Settings.
• Deletion. You can delete your account and all associated data from Settings → Account → Delete. Deletion is permanent and cannot be undone.
• Export. Email [email protected] with the subject "Data Export Request" and we will provide a copy of your data within 30 days.
• Correction. You can update your profile information directly in the app at any time.

Roomit is intended for users 17 and older, per our App Store and Google Play ratings. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will delete that information immediately.

We are COPPA-compliant. If you believe we have inadvertently collected information from a child under 13, please contact us at [email protected].

California residents (CCPA/CPRA): You have the right to know what personal information we collect, the right to delete it, and the right to opt out of sale. We do not sell your personal information. To exercise your rights, email [email protected].

EU and UK residents (GDPR): You have the right to access, rectify, erase, restrict processing, data portability, and object to processing. We process data under the lawful bases of contract performance and legitimate interest. To exercise your rights, contact [email protected].

For privacy-related questions or requests, please email [email protected]. We aim to respond within two business days.