Privacy Policy

Effective Date: April 1, 2026 · Last Updated: April 1, 2026

HOMI TECHNOLOGIES LLC (“HōMI,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you use our platform, applications, and services.

1.Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you subscribe to a paid plan, our payment processor (Stripe) collects your payment information directly. We do not store credit card numbers on our servers.

Assessment & Financial Inputs

To generate your HōMI-Score, you may provide financial data such as income, debts, savings, credit information, and housing costs. If you opt into Plaid integration, we receive read-only financial account data (balances and transaction history) directly from your linked institutions.

Data	Purpose
Income & employment details	DTI calculation, readiness scoring
Debt balances & payment history	Liability analysis, score weighting
Savings & asset balances	Reserve ratio, emergency fund analysis
Credit score range (self-reported or Plaid)	Credit readiness factor
Housing costs & targets	Affordability modeling, mortgage estimates

Usage & Analytics Data

We automatically collect information about how you interact with the Service, including pages visited, features used, session duration, device type, operating system, browser type, and IP address. This data is used to improve the platform and diagnose technical issues.

Behavioral Genome Data

For Pro plan users, we analyze behavioral patterns across assessments to build a personalized behavioral genome: a model of your decision-making tendencies. This data is used exclusively to improve your AI coaching experience and is subject to automatic purge policies described in Section 5.

2.How We Use Your Data

We use your information to:

Provide the Service: Generate HōMI-Scores, run financial simulations, deliver AI coaching, and power the Agent platform
Improve the Platform: Analyze usage patterns, refine scoring algorithms, and train AI models using aggregated and anonymized data
Communicate: Send account notifications, billing receipts, security alerts, and product updates (you can opt out of marketing emails at any time)
Ensure Security: Detect fraud, prevent abuse, and enforce our Terms of Service
Legal Compliance: Respond to legal requests and comply with applicable laws

We NEVER sell your personal data to third parties.

Your financial information, assessment results, and behavioral data are never sold, rented, or traded to advertisers, data brokers, or any third party.

3.Data Sharing & Third-Party Services

We share data only with the following service providers, each of which is bound by contractual obligations to protect your data:

Data	Purpose
Supabase	Database hosting, authentication, and real-time data storage. All data encrypted at rest.
Stripe	Payment processing for subscriptions. PCI-DSS Level 1 compliant. We never see or store your full card number.
Plaid (opt-in only)	Read-only bank account linking for automated financial data input. You must explicitly authorize each connection.
Vercel	Application hosting and edge delivery. No user financial data is stored at the edge layer.

We may also share anonymized, aggregated data for research or statistical purposes. Such data cannot be used to identify any individual user.

We will disclose personal information if required by law, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

4.Data Retention

We retain your data according to the following schedule:

Account Data: Retained for the duration of your account, plus 30 days after deletion to allow for account recovery
Assessment Results: Retained for the duration of your account. Historical scores are available for progress tracking
Behavioral Genome Data: Automatically purged after 90 days of account inactivity. Active users' genome data is refreshed with each new assessment
Financial Inputs: Raw financial data submitted for assessments is retained for 90 days, then anonymized and aggregated
Usage Analytics: Retained in anonymized form for up to 24 months
Billing Records: Retained for 7 years as required by tax and accounting regulations

5.Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of all personal data we hold about you
Export: Download your data in a portable, machine-readable format (JSON or CSV)
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your account and associated data, subject to legal retention requirements
Opt-Out: Opt out of marketing communications, analytics tracking, or Plaid integration at any time
Restriction: Request that we limit processing of your data in certain circumstances
Objection: Object to processing of your data for certain purposes

To exercise any of these rights, contact us at legal@homitechnology.com. We will respond within 30 days.

California residents have additional rights under the CCPA/CPRA. Florida residents have additional rights under the Florida Digital Bill of Rights. Please contact us for jurisdiction-specific information.

6.Security

We implement industry-standard security measures to protect your data:

Encryption at Rest: All data stored in our databases is encrypted using AES-256 encryption
Encryption in Transit: All data transmitted between your device and our servers uses TLS 1.3 encryption
Row-Level Security (RLS): Database access is controlled by RLS policies that ensure users can only access their own data
Authentication: Secure authentication via Supabase Auth with support for email, OAuth, and multi-factor authentication
Regular Audits: We conduct regular security assessments and vulnerability scans
Access Controls: Internal access to user data is strictly limited on a need-to-know basis with audit logging

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected users in the event of a data breach.

7.Cookies & Tracking

We use essential cookies required for the Service to function (authentication, session management). We use analytics cookies only with your consent to understand how the platform is used and improve the experience.

We do not use third-party advertising cookies or trackers. We do not engage in cross-site tracking or sell data to advertising networks.

8.Children’s Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information promptly.

Users between the ages of 13 and 18 may use the Service only with the involvement and consent of a parent or legal guardian. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at legal@homitechnology.com.

9.Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice in the Service at least 30 days before taking effect. The “Last Updated” date at the top of this page indicates when the policy was most recently revised.

Your continued use of the Service after any changes take effect constitutes your acceptance of the revised Privacy Policy.

10.Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

HOMI TECHNOLOGIES LLC

Email: legal@homitechnology.com

Privacy inquiries: privacy@homitechnology.com