Privacy Policy

Last updated: 23 April 2026

1. Who we are

HuisPin ("we", "us", "our") operates the website www.huispin.com and related services. We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR / AVG).

Contact: [email protected]

2. What data we collect

We collect the following personal data when you use our service:

•Account information: email address, name, and hashed password when you register via email, or your name and email via Google OAuth sign-in.

•Search preferences: your rental search criteria (city, price range, property type) that you configure in your profile.

•Usage data: pages visited, features used, and timestamps for improving our service.

•Technical data: IP address, browser type, device type, and operating system — collected automatically via server logs and our error-tracking service (Sentry).

3. How we use your data

We use your personal data for the following purposes:

•Providing our service: matching rental listings to your search profile and sending you alerts via email, WhatsApp, or push notifications.

•Account management: authenticating your identity, managing your subscription, and communicating with you about your account.

•Service improvement: analyzing usage patterns to improve functionality, fix bugs (via Sentry error tracking), and develop new features.

•Security: protecting against fraud, spam, and abuse using Google reCAPTCHA v3.

•Legal obligations: complying with applicable laws and regulations.

4. Legal basis for processing

We process your personal data based on the following legal grounds (Art. 6 GDPR):

•Contract performance (Art. 6(1)(b)): processing necessary to deliver our rental alert service to you.

•Legitimate interest (Art. 6(1)(f)): security measures, error tracking, and service improvement.

•Consent (Art. 6(1)(a)): optional marketing communications — you can withdraw consent at any time.

5. Third-party services

We share data with the following third parties, only as necessary to operate our service:

Service	Purpose	Data shared	Location
Sentry (Functional Software Inc.)	Error tracking & performance monitoring	IP address, browser info, error details	EU/US (Standard Contractual Clauses)
Google reCAPTCHA v3	Bot protection during login/registration	IP address, browser behavior signals	US (Standard Contractual Clauses)
Google Fonts	Typography	IP address (loaded from Google servers)	US
Google OAuth	Optional social sign-in	Name, email (from your Google account)	US (Standard Contractual Clauses)

We do not sell your personal data to any third party.

6. Cookies and similar technologies

We use the following cookies:

•Session cookie (authjs.session-token): strictly necessary for keeping you logged in. This is a JWT-based authentication cookie with a maximum lifetime of 30 days. No consent required under ePrivacy regulations.

•reCAPTCHA cookies: set by Google reCAPTCHA v3 to assess bot risk during login and registration.

We do not currently use any analytics cookies, advertising cookies, or tracking pixels.

7. Data retention

•Account data: retained as long as your account is active. When you delete your account, we erase your personal data within 30 days, except where retention is required by law.

•Server logs: automatically deleted after 90 days.

•Error tracking data (Sentry): automatically deleted after 90 days.

8. Your rights under GDPR

You have the following rights regarding your personal data:

•Access (Art. 15): request a copy of the personal data we hold about you.

•Rectification (Art. 16): correct inaccurate or incomplete data.

•Erasure (Art. 17): request deletion of your data ("right to be forgotten").

•Restriction (Art. 18): limit how we process your data.

•Data portability (Art. 20): receive your data in a machine-readable format.

•Objection (Art. 21): object to processing based on legitimate interest.

•Withdraw consent (Art. 7): withdraw any previously given consent at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Data security

We implement appropriate technical and organizational measures to protect your personal data:

•Passwords are hashed using bcrypt before storage — we never store plaintext passwords.

•All data is transmitted over HTTPS/TLS encryption.

•Access to personal data is restricted to authorized personnel only.

•Our infrastructure is hosted on secured servers within the EU.

10. International data transfers

Some of our third-party service providers (Sentry, Google) may process data outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs), in compliance with Chapter V of the GDPR.

11. Children's privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at [email protected].

12. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Website: https://www.autoriteitpersoonsgegevens.nl

Phone: +31 (0)70 888 8500

13. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.