Privacy Policy

Privacy at a Glance

Who We Are and Scope

Controller

The controller responsible for your personal data is Domu Match B.V., registered in the Netherlands. You will find our contact details in the “Contact and Complaints” section.

Who this policy is for

This policy applies to students and young people (typically 17+) using Domu Match to find roommates, visitors to our website or app, and students connected through participating Pilot Universities.

Data We Collect

Account and profile data

We collect basic account and profile details, such as:

• Name, email address, and hashed password.
• University name, study programme, year of study, and general schedule.
• Housing preferences (location, budget, room type, move-in date).
• Optional profile picture.

Lifestyle and behavioural data (Harmony questionnaire)

To improve roommate matching, we offer a 200-question lifestyle questionnaire (8 blocks of 25 questions). It covers for example:

• Daily rhythms (wake-up time, sleep time, noise level).
• Tidiness and use of shared spaces (cleaning habits, organisation).
• Social habits (visitors, parties, shared meals, introvert / extrovert preferences).
• Study vs. social balance (how you like to spend weekdays and weekends).

Some answers may indirectly reveal sensitive data (for example, about your health, religion, or sexual orientation). You are never forced to share this: you can skip such questions or answer in a neutral way. We only process this deep lifestyle data with your explicit consent.

ID Verification with Persona

To reduce fraud and impersonation, we use Persona as our ID verification provider:

• During verification, Persona processes images or scans of your government ID and, where needed, a selfie or video for biometric comparison.
• Domu Match does not store your raw ID images or biometric templates.
• We receive only a verification status (for example: verified / not verified) and limited ID data (such as full name, date of birth, issuing country) needed to link the verification to your account.

Communication and chat

When you use our internal chat, we process:

• Messages you send and receive.
• Message metadata such as timestamps and read status.

By default, your real identity (full name and contact details) is concealed from other users. You control when and whether to mutually reveal your identity or share contact details.

Usage and technical data

We collect device and technical data to run and secure the platform, such as:

• Device type, operating system, browser type.
• IP address, timestamps, pages and screens viewed.
• Actions such as starting the questionnaire, sending messages, or updating your profile.

Purposes and Legal Bases (Art. 6 GDPR)

We must have a clear legal basis for each way we use your data. Below is an overview of what we do and why we are allowed to do it.

For the lifestyle questionnaire, you can always withdraw your consent. We will then stop using your lifestyle responses for new matches and delete or properly anonymize them (unless we must keep a small amount for legal reasons).

Data Minimization and Purpose Limitation

We carefully design our questions and data fields so that we only ask for what we truly need. Our main purposes are:

• Roommate matching and related communication.
• Platform safety, fraud prevention, and responding to reports.
• Anonymized, high-level “Student Success” analytics for universities.

We do not use your personal data for unrelated advertising, and we do not sell your personal data to commercial third parties. If we ever want to use your data for a new purpose that is not compatible with these, we will tell you first and ask for consent where required.

Automated Decision-Making and Profiling (Art. 22 GDPR)

How the matching algorithm works

Domu Match uses automated processing to suggest potential roommates:

• Harmony score (≈75%) – based mostly on your lifestyle answers (daily rhythms, tidiness, social habits, routines).
• Context score (≈25%) – based on your academic and practical context (programme, year, schedule, budget).
• These two scores are combined into an overall compatibility score which we use to rank profiles you might be interested in.

No solely automated legal or similarly significant decisions

Our system only suggests possible roommates. It does not decide where you may live, your academic results, or any legal or financial outcome. You always choose who to contact, who to chat with, and who to live with. This means you are not subject to decisions with legal or similarly significant effects made solely by our algorithm.

EU AI Act transparency

In line with the EU AI Act transparency rules, we clearly inform you that we use automated systems for matching, explain the main factors (Harmony ≈ 75%, Context ≈ 25%), and regularly review the system to reduce unfair bias. You can contact us if you think the system treats you unfairly.

Third-Party Disclosures

Persona (ID verification)

We use Persona to perform identity checks:

• Persona may process your government ID and selfie/video and create biometric templates to confirm that the ID belongs to you.
• Domu Match does not store these raw images or biometric templates. We only receive the verification outcome and limited ID data linked to your account.

Cloud hosting providers

We host Domu Match using reputable cloud providers with servers in the EU (for example, AWS, Azure, or Google Cloud EU regions). These providers act as processors under data processing agreements and may only use your data to run the infrastructure, not for their own marketing.

Pilot Universities (anonymized analytics)

We may share anonymized and aggregated data with Pilot Universities to understand how housing and roommate matching relate to student success. Universities cannot identify you from these datasets. If a specific research project needs more detailed data, we will apply strict safeguards and, if necessary, ask for your consent.

Data Retention (Storage Limitation)

We keep your data only as long as we reasonably need it for the purposes described above or as required by law.

• We keep most of your personal data while your Domu Match account is active.
• If your account is inactive for 1 year, we delete or irreversibly anonymize your personal data, following Dutch Data Protection Authority guidance.
• Lifestyle questionnaire data is kept and used only while you keep your consent and your account is active; if you withdraw consent or delete your account, we delete or anonymize it within a reasonable period.
• Certain logs or security-related records may be kept for a bit longer where necessary to investigate incidents or meet legal requirements.

Your Rights as a Student

Under the GDPR and UAVG, you have several important rights. You can usually exercise them through your account settings or by contacting us.

• Right of access and information: you can ask what data we hold about you and receive a copy.
• Right to rectification: you can correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”): you can request deletion of your account and personal data, subject to limited legal exceptions.
• Right to withdraw consent: you can withdraw your consent for the lifestyle questionnaire at any time, and we will stop using those data for new matches.
• Right to data portability: you can download your questionnaire results and other key data in a portable format, where technically feasible.
• Right to object and to restriction: you can object to certain processing based on legitimate interest and ask us to temporarily restrict processing while we review your request.

We may ask you to verify your identity before we handle your request. We aim to respond within one month, as required by law.

Security Measures

We use technical and organizational measures to protect your data, including:

• Encryption in transit (TLS/HTTPS) and encryption at rest for our databases and storage.
• Strict access controls: only authorized staff with a real need can access personal data.
• Regular updates, monitoring, and incident response procedures.

We design Domu Match in line with the principles of the 2026 Cybersecurity Act (Cbw), focusing on digital resilience and security by design and by default. No system is perfectly secure, but we work hard to minimize risks.

Contact and Complaints

If you have questions or want to exercise your rights, you can contact our privacy contact / Data Protection Officer (DPO):

• Name: DPO Domu Match
• Email: privacy@domumatch.example
• Postal address: Domu Match B.V., [Street and number], [ZIP code] [City], The Netherlands

You also have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) at https://autoriteitpersoonsgegevens.nl.

Definitions

Personal data

Any information that relates to an identified or identifiable person (for example, your name, email, user ID, or a combination of lifestyle answers that can be linked to you).

Special category data

Particularly sensitive data such as health information, data about racial or ethnic origin, religious or philosophical beliefs, or sexual orientation. These require extra protection and usually explicit consent.

Biometric data

Personal data resulting from technical processing of physical or behavioural characteristics (like facial images) that allow or confirm unique identification. For Domu Match, Persona may create biometric templates during ID verification, but Domu Match itself does not store those templates or raw ID images.

Profiling

Any automated processing of personal data to evaluate personal aspects, such as behaviour, preferences, or interests. For Domu Match, profiling mainly means using your lifestyle and context data to calculate Harmony and Context scores for roommate matching.

Automated decision-making

Decisions made only by machines, without human involvement, that produce legal or similarly significant effects. Domu Match does not make this type of decision about you; our system only suggests possible matches, and you stay in control.