Privacy Policy
This policy explains what data housesit.world stores, how it is used, where it is processed, and how you can exercise your rights over it.
Effective: 2026-05-29. Data controller: Dzmitry Zhur, based in Poland.
Who we are
housesit.world is operated by Dzmitry Zhur, based in Poland. For the purposes of GDPR, we are the data controller for the personal data described below. To contact us about anything in this policy, use the in-app feedback button or email tehzienergy@gmail.com.
What we collect
We collect: account identity (name, email, profile photo via your Google or email signup), onboarding details (sitter type, primary intent, preferred destinations), profile content (bios, photos, languages, pet experience), listing and application activity, reviews you submit, moderation records (reports filed, account actions), verification state (whether you completed Stripe Identity, success/failure status — we do not store the ID document itself, Stripe does), and the minimum operational data needed to run messaging and matching safely.
Private versus member-visible data
Approximate property locations, public profiles, approved external references, and trust signals (Verified ID badge, review history) are visible to other signed-in members. Exact addresses, arrival instructions, emergency contacts, identity-verification document content, and message contents stay restricted by server-side access rules. Address reveals only happen after a homeowner accepts a sitter for a specific sit.
Why we use the data
We use member data to authenticate accounts, run onboarding and discovery, support applications and messaging, enforce trust and safety rules, process verification workflows, send transactional emails (welcome, application notifications, message reminders, verification updates), and maintain operational history needed for support and moderation. We do not sell data.
Legal basis (GDPR)
We process personal data on the following legal bases: (a) performance of a contract — to deliver the service you signed up for; (b) legitimate interest — to keep the platform safe, prevent fraud, and improve the product; (c) consent — for optional analytics and marketing communications; (d) legal obligation — where retention is required by law (e.g., financial records).
Third-party processors
We rely on: Clerk (authentication, based in the US, contracted with appropriate data transfer safeguards), Convex (application database and real-time messaging), Stripe (payment processing and Stripe Identity for verification — Stripe holds and processes ID document content directly; we receive only verification outcomes), Vercel (hosting and analytics), Resend (transactional email delivery), Mapbox (map tile rendering — only approximate coordinates leave our servers, never exact addresses), and optionally Google Analytics (only after consent). Each processor has its own privacy policy covering its handling of data.
Cookies and analytics
Essential cookies are used for authentication and core product stability. Optional analytics (Vercel Analytics, Google Analytics) only run after you grant consent through the cookie banner. Google Analytics scripts stay unloaded until consent is granted. You can review and update your consent at any time from the cookie banner or settings.
Retention and deletion
We retain operational records while your account is active and for the minimum period needed for safety, billing, moderation, and dispute handling after deletion. You can request account deletion through the in-app settings flow at any time. Confirmed deletions remove personal identifiers from active queries; some records may be retained in anonymized or pseudonymized form for fraud prevention, legal compliance, or aggregated statistics.
Your rights under GDPR
If you are in the EU/UK, you have the right to: access the data we hold about you, correct inaccurate data, request deletion (right to be forgotten), restrict or object to certain processing, data portability (receive your data in a structured format), and lodge a complaint with your local data protection authority. To exercise any of these rights, use the in-app settings flow or contact us. We respond within 30 days.
Children
housesit.world is not intended for users under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, contact us and we will delete it.
Data transfers
Some of our processors are based outside the EU (notably Clerk, Stripe, Vercel — US-based). We rely on Standard Contractual Clauses or equivalent legal mechanisms for transfers. EU member data is protected by GDPR-equivalent safeguards regardless of where it is processed.
Security
We use industry-standard security practices: encrypted connections (TLS), encrypted databases, server-side access controls enforced through Convex, and least-privilege patterns for any tooling that touches member data. ID document images are never stored on our infrastructure — they live with Stripe's vault. Despite our efforts, no system is perfectly secure; we maintain incident response procedures and will notify affected users in the event of a breach.
Updates to this policy
We may update this policy as the product evolves. The effective date below reflects the last meaningful change. Material changes will be communicated via in-app notice or email.
Questions about this policy?
Use the in-app feedback button on any page. It goes directly to the founder. We respond within a few days.