Privacy Policy

Last updated: April 2026

The short version: Your data lives in your The Vault. It belongs to you. It does not leave your home without your explicit consent. We do not sell it, analyse it, or use it to train models. Ever.

1. Who we are

Homacy Ltd is a company registered in England and Wales. We make Homa, a personal companion that lives with you and your family. Our registered address and company number are available at Companies House. You can reach us at privacy@homacy.co.

2. The The Vault

Everything Homa learns about you is stored in your personal The Vault, an encrypted local memory that belongs to you. It contains:

Everything you have told Homa
Everything she has observed in your home
Your preferences, routines, relationships, and history
Health and wellbeing information you have shared
Any content you have created or shared with her

Your The Vault is encrypted with keys that only you hold. It does not leave your home without your explicit instruction. We cannot access it. We do not want to.

3. What we collect at account level

To provide the Homa service, we collect:

Your name and contact email address (for account management)
Your subscription and billing information (processed by Stripe, we do not store card details)
Diagnostic information about service availability and app stability (crash reports, performance data, never content)
Device identifier for app authentication

We do not collect: the content of your conversations with Homa; your health data; location data beyond what is needed for home geofencing (stored locally); biometric data (stored locally in your The Vault); any data from the environmental scanning features.

4. How we use what we collect

Account-level data is used only to:

Provide and manage your subscription
Send you service communications (not marketing, unless you opt in)
Maintain the security and stability of the service
Comply with legal obligations

We do not use your data to train AI models. Not ours. Not anyone else's. Your conversations with Homa are not training data. They are private.

5. Who we share data with

We share account-level data only with:

Stripe — payment processing (their privacy policy applies to payment data)
Apple / Google — app distribution; subject to their platform terms
Legal authorities — only when legally compelled and only to the extent required by law

We do not sell data. We do not share data with advertisers. We do not share data with data brokers. We do not share your conversations, health information, or anything from your The Vault with any third party under any circumstances.

6. Data retention

Account data is retained for the duration of your subscription plus 90 days. If you cancel, we delete your account data within 90 days. Your The Vault can be deleted at any time at your instruction, this deletion is permanent and irreversible. If you choose Homacy (digital continuation), separate terms apply and you will be asked to consent explicitly.

7. Your rights (UK GDPR)

You have the right to:

Access the account-level data we hold about you
Correct inaccurate data
Delete your account and all associated data
Object to processing of your data
Data portability, receive your data in a portable format
Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, contact privacy@homacy.co. We will respond within 30 days.

8. Children

Homa is used by families including children. Where Homa is used with a child under 13, parental consent is required and the child's interaction data remains in the family The Vault under parental control. We apply heightened protections to all data relating to minors. We do not knowingly collect data from children directly without parental consent.

9. Health and mental health data

Homa may observe patterns related to health and mental wellbeing. This information is treated with the highest level of sensitivity. It is stored exclusively in your The Vault. It is never shared. Homa does not diagnose. She flags, supports, and refers. Clinical decisions remain with you and your healthcare providers.

10. Security

Your The Vault is encrypted using AES-256-GCM. Data in transit between your device and our servers is encrypted using TLS 1.3. Your four-word security key is the only key to your The Vault, we do not hold a copy. If you lose it, recovery is possible only through the vault recovery system you set up during onboarding.

11. International transfers

Account-level operational data may be processed by our infrastructure providers in the UK and EU. We use only providers with adequate data protection safeguards. Your The Vault content is stored on your device and, where vault backup is enabled, on nodes within the jurisdictions you select, never transferred outside your chosen jurisdictions without your instruction.

12. Changes to this policy

We will notify you of material changes to this policy by email and within the app before they take effect. The current version is always at homacy.co/privacy.

13. Contact

Data Protection enquiries: privacy@homacy.co
General enquiries: hello@homacy.co
Post: Homacy Ltd, London, England