● ALL SYSTEMS LIVE
MyHomeTrack

Legal · Privacy

Privacy Policy

Last updated: 1 May 2026

MyHomeTrack (“MyHomeTrack,” “we,” “our,” or “us”) provides tools to help homeowners and builders track construction projects—including phases, budgets, expenses, vendors, site updates and related content (the “Services”). This policy explains how we handle information when you use the MyHomeTrack website, mobile apps, and related APIs.

Who we are

The Services are operated on behalf of the MyHomeTrack product. Contact: contact@myhometrack.app. For jurisdictional enquiries (including data protection notices), reach us at the same address.

Information we collect

Depending on how you use the Services and your project setup, categories of information may include:

  • Account & identifiers. Phone number used for one‑time‑passcode (OTP) sign‑in via Firebase Authentication; internal user identifiers; session and security tokens tied to API access (for example JWTs issued by our backend).
  • Profile & voluntary details. Display name or similar fields you enter in Settings.
  • Project data.Information you create or invite others to create within a project—such as phases, tasks or checklists, budget lines, diary or update‑log entries, expenses, invoices or bills (including attachments if you attach files), vendors, team members, roles & permissions, and timestamps.
  • Photos & files (including camera). You may attach construction photos from your gallery or capture new images with your device camera where the app requests Camera access. Those images are transmitted to our backend and stored using the cloud storage configured for production, subject to project permissions.
  • Device & push tokens (optional). If you opt in and we enable notifications, identifiers such as an Expo/device push token needed to route messages to your device.
  • Technical & operational data. HTTP headers, timestamps, coarse IP-derived security signals retained for short periods where needed for debugging, reliability, audit or abuse prevention, and error or performance diagnostics if we employ them.

We do not sell your personal information.

How we use information

We process information to:

  • Provide, secure, and improve the Services;
  • Authenticate users and enforce project-level permissions;
  • Operate collaboration features you participate in;
  • Prevent fraud or misuse and comply with legal obligations;
  • Respond to lawful requests from public authorities;
  • Communicate transactional or service messages (support, outages, notices).

Legal bases

Where European data-protection law applies (for example GDPR/UK GDPR), processing is typically grounded in performance of our contract with you as a user or project member, legitimate interests in securing and operating the Services, or consent where expressly requested (such as notifications or strictly optional analytics if we later enable them publicly).

How we retain information

We retain data as long as your account remains active or a project retains information you contributed, and for a reasonable period afterward for backups, legal compliance, disputes, or security—unless shorter retention is mandated by deletion requests we can fulfil.

Where data is processed & sub-processors

We host services and store data using cloud infrastructure. Depending on deployment, identifiable sub-processors can include—for example—Google Firebase (authentication), GCP or similar hosting for our API, object storage compatible with AWS S3 (for example Backblaze B2 where configured), mobile build and update infrastructure (such as Expo EAS where used), analytics providers only if expressly enabled at the project level with appropriate consent, and email/SMS or payment processors if activated for your account.

Sub-processors may process data globally; we rely on vendor contractual protections and lawful transfer tools where applicable.

Security

We use industry‑standard protections such as encryption in transit (TLS) between clients and servers, access controls aligned to authenticated roles inside projects, and least‑privileged operational access. No method is 100% secure—we encourage strong device passcodes and revoking unfamiliar sessions by signing out across devices after password or phone changes.

Your choices & rights

Depending on your jurisdiction you may access, rectify, delete, restrict, object to processing, or ask for portability of certain personal information. Email contact@myhometrack.app from the contact method associated with your account and describe your request. Verification may require your registered phone number. Deletion can make some or all project collaboration impossible thereafter. European users may also lodge complaints with their local supervisory authority.

Third‑party services

Our Services may integrate with third-party identity, infrastructure, messaging, billing or analytics APIs. Their processing is governed by their respective policies—we encourage reviewing Google Firebase’s notices for authentication events and any payment provider we display at checkout.

Children

MyHomeTrack is not directed to children under 13 (or the minimum age your region sets for valid consent without parental approval). If you believe a child provided information, contact us and we will take appropriate steps.

Changes to this policy

We may update this policy to reflect product, legal, or operational changes. We will revise the “Last updated” date and, where required, provide additional notice (for example in-app or by email). Continued use after changes become effective constitutes acceptance where permitted by law.

Contact

Questions about privacy: contact@myhometrack.app