Skip to main content

Privacy Policy

Last updated: 11/21/2025

At Domu Match, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our roommate matching platform.

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, complete your profile, or communicate with us.

Account Information

  • University email address
  • Password (hashed and encrypted)
  • Account creation date

Profile Information

  • Name and contact details
  • University and program of study
  • Study year and academic preferences
  • Lifestyle preferences (cleanliness, quiet hours, social activities)
  • Personality traits and compatibility factors
  • Profile photos (optional)

Verification Documents

  • Government-issued ID (for identity verification)
  • Selfie photo (for facial recognition matching)
  • University email verification

Communication Data

  • Chat messages with potential roommates
  • Support requests and inquiries
  • Feedback and survey responses

Usage Data

  • Platform usage patterns and interactions
  • Matching preferences and selections
  • Device information and IP address
  • Cookies and tracking technologies

2. How We Use Your Information

We use the information we collect to provide, maintain, and improve our services:

  • Provide and improve our roommate matching services
  • Verify your identity and ensure platform safety
  • Communicate with you about potential matches and platform updates
  • Analyze usage patterns to improve our matching algorithm
  • Prevent fraud, abuse, and security threats
  • Comply with legal obligations and enforce our terms
  • Send you important notifications and updates
  • Personalize your experience and recommendations

3. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

With Your University

We may share information with your university housing department for verification purposes and to provide support services.

With Potential Matches

We share your profile information (excluding sensitive data like ID documents) with compatible students to facilitate roommate matching.

With Service Providers

We may share information with third-party service providers who assist in platform operations. All processors have signed Data Processing Agreements (DPAs) and comply with GDPR requirements. See our Third-Party Processors section below for details.

For Legal Compliance

We may disclose information when required by law, court order, or governmental authority, or to protect our rights and safety.

With Your Consent

We may share information with your explicit consent or at your direction.

4. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

  • Encryption of data in transit and at rest
  • Secure authentication and access controls
  • Regular security audits and vulnerability assessments
  • Employee training on data protection
  • Limited access to personal data on a need-to-know basis
  • Regular backups and disaster recovery procedures

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Your Rights and Choices (GDPR Articles 15-20)

You have the following rights regarding your personal information:

Right of Access (Article 15)

You have the right to access and review your personal information. Request a data export through Privacy Settings β†’ Download Your Data, or contact domumatch@gmail.com. We will provide your data within 30 days.

Right to Rectification (Article 16)

You can update or correct your profile information at any time through your account settings.

Right to Erasure (Article 17)

You can request deletion of your account and associated data through Privacy Settings β†’ Delete Account. Your account will be deleted after a 7-day grace period, subject to legal retention requirements (e.g., verification documents: 4 weeks per Dutch law).

Right to Data Portability (Article 20)

You can request a copy of your data in JSON format through Privacy Settings β†’ Download Your Data. Data is provided in a structured, machine-readable format.

Right to Restrict Processing (Article 18)

You can request restriction of processing by contacting domumatch@gmail.com. We will restrict processing while your request is being reviewed.

Right to Object (Article 21)

You can object to certain processing activities, such as automated decision-making (matching algorithm). Contact domumatch@gmail.com to exercise this right.

Right to Withdraw Consent (Article 7)

You can withdraw consent for non-essential cookies and tracking at any time through the Cookie Preference Center (accessible from the cookie banner or settings).

How to Exercise Your Rights: To exercise your rights, you can: (1) Use the Privacy Settings page in your account, (2) Email domumatch@gmail.com with your request, or (3) Contact our Data Protection Officer at domumatch@gmail.com. All requests are processed within 30 days as required by GDPR.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your use of our platform:

Essential Cookies

Required for the platform to function properly, such as authentication and session management.

Analytics Cookies

Help us understand how users interact with our platform to improve our services.

Preference Cookies

Remember your preferences and settings for a personalized experience.

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality.

7. GDPR Compliance

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to be informed about data processing
  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ('right to be forgotten')
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

We process your personal data based on the following legal bases:

  • Consent: When you provide explicit consent for data processing
  • Contract: To perform our contract with you (providing matching services)
  • Legal obligation: To comply with legal requirements
  • Legitimate interests: To improve our services and ensure platform safety

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, in compliance with GDPR and Dutch law:

  • Account data: Retained while your account is active, anonymized after 2 years of inactivity
  • Verification documents: Retained for 4 weeks after verification (Dutch law requirement - UAVG), then deleted
  • Chat messages: Retained for 1 year after last message in chat, then deleted
  • Match suggestions: Retained for 90 days after expiry, then deleted
  • Reports: Retained for 1 year after resolution, then deleted
  • Application logs: Retained for 90 days, then deleted
  • Analytics data: Retained in anonymized form for up to 2 years

You can request deletion of your account and data at any time through your Privacy Settings or by contacting domumatch@gmail.com. We will process your request within 30 days (GDPR requirement), subject to legal retention requirements (e.g., verification documents: 4 weeks per Dutch law).

9. Children's Privacy

Our platform is intended for students aged 17 and older. We do not knowingly collect personal information from children under 17. If you believe we have collected information from a child under 17, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the 'Last updated' date. We encourage you to review this Privacy Policy periodically.

11. Third-Party Processors

We use the following third-party service providers to operate our platform. All processors have signed Data Processing Agreements (DPAs) and comply with GDPR requirements:

Supabase

Database, authentication, hosting, storage

Location: EU (primary), US (backup) | DPA: Standard Contractual Clauses (SCCs)

Sentry

Error tracking, session replay (with your consent)

Location: US, EU | DPA: Standard Contractual Clauses (SCCs)

Vercel

Hosting, analytics (with your consent)

Location: US, EU | DPA: Standard Contractual Clauses (SCCs)

Persona/Veriff/Onfido

Identity verification (KYC)

Location: US, EU | DPA: Signed DPAs

Email Providers

Transactional emails, notifications

Location: US, EU | DPA: Standard Contractual Clauses (SCCs)

For detailed information about our processors, DPAs, and transfer mechanisms, see our Third-Party Processors documentation. You can request information about processors by contacting domumatch@gmail.com.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: domumatch@gmail.com

Data Protection Officer: domumatch@gmail.com

DSAR Requests: Use Privacy Settings in your account or email domumatch@gmail.com

For Data Subject Access Requests (DSAR), you can also use the Privacy Settings page in your account to request data export or account deletion.