Back to home

Privacy Policy

Last updated: 2026-05-10 (DRAFT)

DRAFT — pending counsel review.

This text was prepared by Roomly engineering and reflects the V1 implementation as of May 10, 2026. It has not yet been reviewed by a privacy attorney. The launch checklist requires counsel sign-off before any user is onboarded; do not rely on this draft for legal compliance verification.

1. Who we are

Roomly is a household management application for California renters. We help roommates track shared expenses, settle balances, and coordinate household chores. This privacy policy covers our web application at roomly.foo. Native iOS and Android apps are in development and not yet available; if and when they ship, this policy will be updated to cover the additional collection surfaces (e.g., push notification tokens).

2. Information we collect

We collect the following categories of personal information directly from you when you create an account or use the service:

  • Identifiers: name, email address, account ID. Source: provided by you at sign-up.
  • Household details: household name, California ZIP code (verified against the 90001–96162 range to scope the V1 product). Source: provided by you when you create or join a household.
  • Financial transaction records: expense descriptions, dollar amounts, dates, payer and participant identifiers, settlement records, dispute reasons. Source: provided by you when you log a household expense or settlement.
  • Communication preferences: notification channel toggles (email, in-app; push when our mobile apps ship). Source: your settings page (UI shipping in V1.1; until then, defaults are in-app on, email off).
  • Authentication credentials:password hash (we never store your raw password — Better Auth's scrypt-based hashing is one-way), session tokens, push notification tokens. Source: created automatically as you sign in and use the apps.
  • Activity records:activity feed events (e.g., "you created an expense"), audit log entries when an admin acts on your behalf. Source: created automatically as you and your housemates use the service.
  • Inferred information: none. We do not derive predictive profiles or demographic inferences from your activity.

We do notcollect: precise geolocation (your ZIP is your household ZIP, not your physical location); sensitive personal information under CPRA § 1798.140(ae) (no race, religion, biometrics, health data, message contents, or financial account credentials); information about minors with actual knowledge they are under 16 (Roomly's terms of service require all users to be 18 or older).

3. How we use your information

The business purposes for which we use the information above:

  • Operating the household management service: rendering your expense list, computing balances, dispatching invitations.
  • Authentication and account security: email-verified sign-up, password reset, session management, rate limiting credential routes.
  • Service-essential transactional messages we send unconditionally because they are required to operate the service: email-verification, password-reset, and CCPA request acknowledgement emails. CAN-SPAM §7702(2) treats these as transactional, exempt from the opt-out requirement.
  • Opt-in product communications: settlement receipts, chore reminders, and the weekly digest. You control these from your notification preferences and may opt out at any time.
  • Service improvement and debugging: aggregate, IP-anonymized usage analytics only after you opt in via the cookie banner. PostHog never loads and no analytics cookies are set unless you click Accept. Crash-only error monitoring runs without consent (legitimate-interest service-security basis); PII is scrubbed at the boundary. Performance / transaction telemetry is gated on the same consent.
  • Legal compliance and audit: maintaining an audit log of administrative actions for § 19 Q5 accountability, retaining records of consumer privacy rights requests for the 24-month minimum the 2025 CPPA regulations specify.

4. Categories of third parties we share with

All third parties listed below operate as service providers under CCPA — each has signed a data processing addendum that restricts the use of your data to providing the contracted service to Roomly. None of them may sell or share your information for their own commercial purposes.

  • Vercel (vercel.com): web hosting, deployment infrastructure. DPA.
  • Neon (neon.com): managed PostgreSQL database hosting for your household and account data. DPA.
  • Cloudflare R2 (cloudflare.com): private object storage for receipt uploads (V1.1 — currently no receipts are uploaded). DPA.
  • Sentry (sentry.io): error monitoring. Personal information is filtered out at our boundary (cookies, headers, ZodError values, password fields, authorization tokens) before any event reaches Sentry. DPA.
  • PostHog (posthog.com): product analytics. Loads only after you opt in via the cookie banner — defaults are opt-OUT, and the Global Privacy Control browser signal (navigator.globalPrivacyControl) is honoured automatically without prompting. When loaded, we run with autocapture disabled and IP anonymization enabled; we do not record individual user sessions. DPA.
  • Resend (resend.com): transactional email delivery (sign-up verification, password reset, CCPA acknowledgement). DPA.
  • Trigger.dev (trigger.dev): scheduled background jobs (CCPA SLA tracking, balance snapshots).

5. We do not sell or share your information

Roomly does not sell or share your personal information for cross-context behavioral advertising. We do not have advertising partners. The "service provider" contracts with the third parties above forbid them from using your data for their own commercial purposes.

Because Roomly does not sell or share, we are not required to maintain a "Do Not Sell or Share My Personal Information" link, but we provide one anyway: visit your privacy settings to record an opt-out. Because Roomly is structurally non-selling, the opt-out takes effect immediately upon submission — there is no fulfillment delay.

6. Your California privacy rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) give you the following rights:

  • Right to knowwhat personal information we have collected about you, where we got it, what we use it for, and who we share it with. Submit via the "Export my data" option in your privacy settings.
  • Right to deleteyour personal information. Submit via the "Delete my account" option in your privacy settings. We will refuse only if you are the sole owner of an active household — transfer ownership first.
  • Right to correctinaccurate personal information. Most fields are self-serve (edit your profile); submit a formal correction request via the privacy settings page for anything that isn't.
  • Right to opt out of sale or sharing. We do not sell or share. The opt-out toggle in your privacy settings records the request for audit purposes.
  • Right to limit use of sensitive personal information.We do not collect any of the SPI categories defined by CPRA § 1798.140(ae), so this right is structurally satisfied.
  • Right to non-discrimination. We will not deny service, charge different prices, or provide a different level of quality because you exercised any of the rights above.

7. How we respond to your requests

We acknowledge receipt of every verifiable consumer request within 10 business days via email. We respond within 45 calendar days. If we need more time, we will email you with the reason and a new deadline before the original 45-day period ends, and our response will be no later than 90 days from receipt (Cal. Civ. Code § 1798.130(a)(3)).

Designated submission methods (Cal. Civ. Code § 1798.130(a)(1)(A) — at least two are required; we offer three):

  • Signed-in: the privacy settings inside the app. Faster verification because we already authenticated your session.
  • Public form: roomly.foo/privacy/request. Use this if you can't sign in (lost password and lost email access, or suspended account). We verify identity out-of-band before fulfilling — typically by sending a confirmation link to the email you submit, or by matching against account-history details we'd expect the consumer to know.
  • Email: privacy@roomly.foo. Same verification path as the public form for unauthenticated requesters.

Authorized agents: include a signed authorization from the consumer, your government-issued identification (we keep a redacted copy for verification only), and confirmation that the consumer has your permission. We may verify the consumer directly before fulfilling.

8. Data retention

We retain your information as follows:

  • Account profile and household data:for as long as you have an active account. When you delete your account, household-side records (your share of an expense, settlements you sent or received) are retained but stripped of your identifier — your roommates' history is preserved in a fully tombstoned form (CPRA § 1798.105(d)(7) security/integrity exception).
  • Soft-deleted households: 30 days, then hard-deleted.
  • Audit logs:retained indefinitely with your identifier removed upon account deletion. Required for CCPA accountability and breach disclosure under Cal. Civ. Code § 1798.82.
  • Records of your privacy requests: retained for at least 24 months from the date of receipt to comply with the 2025 CPPA regulation update.
  • Sentry error events:retained per Sentry's data lifecycle (90-day default for events; 30-day for transactions).
  • PostHog analytics:retained per PostHog's data lifecycle (1 year default for events; we do not record session replays).
  • Cloudflare R2 receipts (V1.1): deleted when you delete your account or remove the receipt manually.

9. Security

We use industry-standard practices: TLS for all network traffic, scrypt-hashed passwords (Better Auth's default), HTTP-only signed session cookies for the web, stored-in-secure-keychain bearer tokens for mobile, per-route rate limits on the credential surface, and secret rotation runbooks for our database, auth, and email credentials.

We are obligated to disclose breaches of unencrypted personal information under Cal. Civ. Code § 1798.82 within 45 days of discovery.

10. Outside California

Roomly is California-only at V1. Sign-up requires a California ZIP for your household, and the application's CHECK constraints reject non-CA ZIPs. We nonetheless apply CCPA / CPRA rights to every Roomly user regardless of attested state — the over-inclusion is intentional.

11. Contact

For privacy questions, email privacy@roomly.foo. For all other inquiries, email hello@roomly.foo.

12. Changes to this policy

We will update this policy when our practices change. The "last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated by email to your account address.