Privacy Policy for the House Bober App
This Privacy Policy applies to the House Bober mobile app (iOS). A separate Privacy Policy applies to the website housebober.com.
1. Data Controller
House Bober
Maksym Marinchenko
Eichenstraße 157
41747 Viersen
Germany
Email: support@housebober.com
2. Overview of Data Processing
House Bober is an app for tracking recurring maintenance tasks for household items. A user account is required to use the app. Your data is processed solely for the purpose of providing app functionality, managing your subscription, and — if you enable it — sharing within your household.
3. What Data We Process
3.1 Account Data
During registration, we process:
- Email address
- Password (encrypted; never known to us in plain text)
- When signing in with Apple or Google: an anonymous user identifier, optionally email address (provided by the third party)
- Date of account creation and last sign-in
Legal basis: Art. 6(1)(b) GDPR (contract performance).
3.2 App Content Data
Within the app, we process the content you enter:
- List of your household items and assigned tasks
- Due dates and completion status of maintenance tasks
- Optional photos of items (available only on the Pro tier)
- Notes you enter yourself
Legal basis: Art. 6(1)(b) GDPR (contract performance).
3.3 Subscription Data
For subscription management, we process:
- Subscription status (free, Pro monthly, Pro yearly)
- Start and end of the current billing period
- Anonymous Apple transaction identifier
Payment data (credit card, bank details) is processed exclusively by Apple. We have no access to your payment information. Legal basis: Art. 6(1)(b) GDPR (contract performance).
3.4 Usage and Analytics Data
We process pseudonymous usage data to improve the app (e.g. which features are used, anonymous crash reports). No identification of individual persons takes place. See section 4.4 (PostHog) for details.
4. Service Providers (Data Processors)
4.1 Supabase (Authentication & Database)
For user accounts, database, and storage of your app content, we use:
Our Supabase project is hosted in the Europe region (Frankfurt, EU). Your content data is therefore stored within the EU. A Data Processing Addendum (DPA) under Art. 28 GDPR is in place with Supabase.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
4.2 RevenueCat (Subscription Management)
For cross-platform subscription status management we use:
RevenueCat, Inc.
270 Linden St., Suite A
San Francisco, CA 94102
USA
Privacy Policy: https://www.revenuecat.com/privacy/
RevenueCat processes an anonymous app user identifier and Apple transaction data to provide subscription status across platforms. No real-name or contact data is transmitted to RevenueCat. A DPA under Art. 28 GDPR is in place with RevenueCat. Data transfer to the USA is based on the EU-US Data Privacy Framework.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
4.3 Apple (Payment Processing & Sign in with Apple)
Apple Distribution International Ltd.
Hollyhill Industrial Estate
Hollyhill, Cork
Ireland
Privacy Policy: https://www.apple.com/legal/privacy/
Apple is the contractual partner ("Merchant of Record") for all in-app purchases and subscriptions. Apple processes all payment data independently in accordance with its privacy policy.
If you choose "Sign in with Apple", Apple transmits to us an anonymous user identifier and — if you permit — your email address (optionally as a private Apple Relay). We use this data solely to create and manage your account. Legal basis: Art. 6(1)(b) GDPR (contract performance).
4.4 PostHog (Product Analytics)
To improve the app we use pseudonymous product analytics by:
PostHog Inc.
2261 Market Street #4008
San Francisco, CA 94114
USA
Hosting region: EU (eu.posthog.com), Frankfurt
Privacy Policy: https://posthog.com/privacy
We use PostHog's EU instance. Your analytics data is therefore stored within the EU. PostHog records pseudonymous events such as "task completed" or "paywall displayed", linked to an anonymous device or user identifier. We do not capture sensitive content (e.g. the actual names of your items).
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in app improvement). You may object to processing at any time by contacting support@housebober.com. A DPA under Art. 28 GDPR is in place with PostHog.
4.5 Resend (Transactional Email)
For sending transactional emails (e.g. confirmation and password reset emails) we use:
Resend, Inc.
2261 Market Street #5039
San Francisco, CA 94114
USA
Privacy Policy: https://resend.com/legal/privacy-policy
Data necessary for delivery (email address, message content) is transmitted to Resend. A DPA under Art. 28 GDPR is in place with Resend. Data transfer to the USA is based on the EU-US Data Privacy Framework. Legal basis: Art. 6(1)(b) GDPR (contract performance).
4.6 Google (Sign in with Google – optional)
If you choose "Sign in with Google", we use:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland
Privacy Policy: https://policies.google.com/privacy
Google transmits to us your Google Account ID and — if you permit — your email address and name. We use this data solely to create and manage your account. Legal basis: Art. 6(1)(a) GDPR (consent by actively choosing Google Sign-In). You may choose a different sign-in method at any time.
5. Household Sharing (Pro Feature)
Pro users can invite up to five additional people to their household (six members in total). Invitations are issued via a one-time 6-digit code that expires after one hour.
When you join a household, your app content (items, tasks, photos) is visible to all members of the household. You may leave the household at any time; access to shared content ceases thereafter.
Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(a) GDPR (consent by actively redeeming the invitation code).
6. Retention Periods
- Account data is stored until your account is deleted.
- Content data is stored until deleted by you or until account deletion.
- Subscription data is stored during the active contractual relationship and, where applicable, to fulfil statutory retention obligations.
- Analytics data is retained in pseudonymous form for a maximum of 12 months.
7. Account Deletion
You can delete your account at any time within the app (Settings → Delete Account) or request deletion via email to support@housebober.com. After deletion, your account data and content will be removed without delay; pseudonymous analytics data continues to exist, separated from your identity.
8. Your Rights
You have the right to:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Objection (Art. 21 GDPR)
- Data portability (Art. 20 GDPR)
- Withdrawal of consent (Art. 7(3) GDPR)
To exercise your rights, contact support@housebober.com. You also have the right to lodge a complaint with the competent supervisory authority — for us, the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW).
9. International Data Transfers
Where personal data is transferred to service providers outside the EU (RevenueCat, PostHog, Resend, Apple, Google), this occurs either on the basis of the EU-US Data Privacy Framework (for US providers) or on the basis of EU Standard Contractual Clauses under Art. 46(2)(c) GDPR.
10. Changes to this Privacy Policy
We reserve the right to amend this Privacy Policy to adapt it to changes in the legal framework or to changes in app functionality. The current version is always available on this page.
Last updated: 21 May 2026