Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect your name and email address through our authentication provider, Clerk. You may sign in using email and password, Google OAuth, or Apple OAuth.

Preference Data

• Search preferences: Your selected city, property type (house, condo, any), budget range, minimum bedrooms and bathrooms, parking requirements, and whether you are looking to buy or rent.
• Visual preference profile: Our AI generates a mathematical representation of your aesthetic taste based on the property photos you like and pass on. This takes the form of a numerical vector — not a description of you, but a summary of the visual features you gravitate toward (e.g., natural lighting, modern finishes, open floor plans).
• Tag-based preferences: Weighted scores for categories such as room type, architectural style, property condition, and view type, derived from your swipe behavior.

Behavioral Data

• Swipe history: Each time you like or pass on a property photo, we record that action to improve your recommendations.
• Saved listings: Properties you bookmark for later review.
• Listing exposure counts: How many times a particular listing has been shown to you, used to ensure variety in your recommendations.
• Preference snapshots: Periodic saves of your preference state (approximately every 10 swipes) to track how your taste evolves and improve recommendation quality.

Product Interaction Data

If you click on a home product recommendation (e.g., furniture identified in a listing photo), we record the click to improve product relevance. These product links direct you to Amazon through the Amazon Associates affiliate program.

Technical Data

We collect standard technical information including authentication tokens (JWT), device type (web or mobile), and basic request metadata such as IP addresses and timestamps.

2. Information We Do Not Collect

We believe in collecting only what we need. Hestia does not:

• Access your camera, contacts, location services, microphone, or any device sensors. The mobile app only requests permission for an in-app browser (for OAuth sign-in) and secure token storage.
• Send push notifications.
• Use external AI APIs. All AI models (CLIP for visual analysis, Moondream for image understanding) run entirely on our own servers. Your preference data is never sent to OpenAI, Google, or any other third-party AI provider.
• Collect advertising identifiers (IDFA, GAID) or serve advertisements.

3. How We Use Your Information

• Account management: To create, authenticate, and manage your account.
• Personalized recommendations: To generate and continuously refine property recommendations based on your visual preferences and swipe behavior.
• Welcome email: To send a one-time welcome email when you register (delivered via Resend).
• City search: To convert your city preference into geographic coordinates for property matching (via Photon API / OpenStreetMap geocoding).
• Image delivery: To serve property listing images through our CDN (Cloudflare).
• Product recommendations: To display relevant home product links through the Amazon Associates affiliate program.
• Analytics: To understand how visitors use our website and improve the user experience (via Google Analytics).

4. How AI Processes Your Data

When you swipe on property photos, our CLIP model (running on our own servers) converts those images into mathematical vectors (512-dimensional embeddings). Your preference profile is a mathematical average of the vectors from photos you liked — it captures your visual taste without storing the actual images you interacted with.

This processing happens entirely on Hestia’s infrastructure. No image data or preference vectors are sent to external AI services.

Preference snapshots are periodically saved to track how your taste evolves, enabling us to improve the recommendation algorithm over time.

5. Cookies & Analytics

We use Google Analytics on our website to understand usage patterns including page views, traffic sources, and general user demographics. Google Analytics may set cookies on your browser to collect this information.

Hestia itself does not use cookies for authentication or tracking. Our authentication system is based on JWT (JSON Web Tokens) stored securely on your device, not in cookies.

You can opt out of Google Analytics by using your browser’s cookie settings, installing the Google Analytics Opt-out Browser Add-on, or enabling “Do Not Track” in your browser.

6. Data Storage & Security

• Your data is stored in PostgreSQL databases hosted on our own infrastructure, covering the Toronto and Greater Toronto Area property market.
• Authentication is handled by Clerk, which manages password hashing, OAuth token exchange, and session security according to industry standards.
• All communication between the app and our servers uses HTTPS/TLS encryption in transit.
• On mobile devices, authentication tokens are stored using Expo SecureStore, which leverages the device’s native secure enclave (Keychain on iOS, Keystore on Android).

7. Third-Party Services

We use the following third-party services. None of these services receive your preference vectors, swipe history, or AI-generated recommendation data.

8. Your Rights & Controls

• Reset preferences: You can reset your AI preference profile at any time using the “Reset Preferences” button in the app. This clears your preference vectors, tag weights, swipe history, and all recommendation data.
• Sign out: Signing out removes your authentication tokens from your device.
• Data deletion: You may request complete deletion of your account and all associated data by contacting us at privacy@hestiahomes.io.
• Regulatory rights: Under PIPEDA and Ontario privacy law, you have the right to access, correct, port, or delete your personal data. To exercise these rights, contact us at the email above.

9. Data Retention

Account data, swipe history, and preference data are retained as long as your account is active. This data is necessary to maintain and improve your personalized recommendations.

If you delete your account, all associated personal data is permanently removed from our databases.

10. Children’s Privacy

Hestia is not directed at children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. The “Last updated” date at the top of this page indicates the most recent revision. We encourage you to review this policy periodically.