Privacy Policy
Last updated: March 2026
Beta Notice
You are using a pre-release (beta) version of Domu Match. This means features may change, data may be reset, and additional data collection (such as bug reports and session logs) may be done to help us improve the product. This policy explains all of that clearly below.
Domu Match is designed for students and young professionals who want to find compatible roommates. This Privacy Policy explains in clear language how we use your data and your rights under the GDPR, the Dutch GDPR Implementation Act (UAVG), and EU AI transparency obligations.
1. Privacy at a Glance
Below is a quick summary. The full detail follows in each numbered section.
| Topic | Short Answer | Section |
|---|---|---|
| Who controls your data? | DMS Enterprise (eenmanszaak), trading as Domu Match (handelsnaam), Netherlands. | § Who We Are |
| What do we collect? | Account info, lifestyle answers, ID verification status, messages, beta feedback & logs. | § Data We Collect |
| Why? | To match you, keep the platform safe, run the beta, and improve the product. | § Purposes & Legal Bases |
| Legal basis (GDPR) | Contract, consent (lifestyle & beta feedback), legitimate interest (security). | § Purposes & Legal Bases |
| Do we store your ID? | No. Persona processes it; we only receive a verification result. | § ID Verification |
| Who else sees your data? | Persona, EU cloud providers, anonymized stats to Pilot Universities only. | § Third-Party Disclosures |
| How long do we keep it? | While your account is active; 1 year inactivity triggers deletion. | § Data Retention |
| What happens after beta? | We will notify you at least 30 days in advance of any data wipe or migration. | § Beta-Specific Data |
| Your rights? | Access, rectify, delete, port, withdraw consent, object. | § Your Rights |
| Data breach? | We notify affected users and the Dutch DPA within 72 hours of confirmed breach. | § Security |
2. Who We Are and Scope
Controller
The controller responsible for your personal data is Domu Match, a trade name (handelsnaam) registered to DMS Enterprise (eenmanszaak) in the Netherlands with KVK number 97573337. Contact details are in Section 13.
Who this policy applies to
- Students (17+) and young professionals using Domu Match to find roommates.
- Visitors to our website or app.
- Beta testers who registered via domumatch.com/beta or an invite link.
- Users connected through Pilot Universities.
3. Data We Collect
3.1 Account and Profile Data
- Name, email address, and password.
- University name, study programme, year of study, general schedule.
- Housing preferences (location, budget, room type, move-in date).
- Optional Profile Picture
3.2 Lifestyle and Behavioural Data (Harmony Questionnaire)
To improve roommate matching, we offer a lifestyle questionnaire covering:
- Daily rhythms (wake/sleep times, noise tolerance).
- Tidiness and use of shared spaces.
- Social habits (visitors, parties, introvert/extrovert preferences).
- Study/social balance.
Sensitive data: Some answers may indirectly hint and/or reveal data about topics such as your health, religion and sexual orientation. We only process this data with your explicit consent.
3.3 Beta-Specific Data (additional to normal use)
This section applies only during the beta period and would not apply once the full product launches.
- Crash reports and error logs (automatically captured when something breaks).
- Session recordings or heatmaps (if enabled) - you will be informed at sign-up and can opt out in Settings.
- In-app feedback submissions and bug reports you submit voluntarily.
- Usability survey responses.
- Feature interaction logs (e.g., which screens you visit, how long you spend on steps).
We use this data solely to fix bugs, improve the product, and to inform us on design decisions.
3.4 ID Verification (Persona)
- Persona processes your government ID and a selfie/liveness check.
- Domu Match does not store raw ID images or biometric templates.
- We receive only: verification status (verified / not verified), full name, date of birth, and issuing country.
3.5 Communication and Chat
- Messages you send and receive, plus metadata (timestamps, read status).
- Your real identity is hidden from other users by default; you control when to reveal it.
3.6 Usage and Technical Data
- Device type, OS, browser type, IP address, timestamps, pages viewed.
- Approximate location (country/region) derived from IP - used for security and anonymized analytics only.
4. Purposes and Legal Bases (Art. 6 GDPR)
| Purpose | Examples | Legal Basis (GDPR Art. 6) |
|---|---|---|
| Account & matching | Create account, suggesting roommates, enabling chat | Art. 6(1)(b) - Contract |
| Deep lifestyle profiling | 200-questionnaire - Harmony/Context scores | Art. 6(1)(a) + Art. 9(2)(a) - Consent |
| Beta testing & product improvement | Bug logs, crash reports, session data, feedback forms, usability surveys | Art. 6(1)(a) - Consent (at sign-up) |
| Platform security & fraud prevention | ID verification, abuse reporting, incident logs | Art. 6(1)(f) - Legitimate interest |
| University analytics | Anonymized housing/matching statistics for Pilot Universities | Anonymized = not personal data; pre-anonymization steps: legitimate interest |
| Legal compliance | Responding to lawful authority requests, record-keeping obligations | Art. 6(1)(c) - Legal obligation |
You can withdraw consent for the lifestyle questionnaire or beta data collection at any time in Settings. We will stop using those data for new purposes and delete or anonymize them within a reasonable period.
5. Beta-Specific Data: What Happens After Beta
This is one of the most important sections for beta testers to understand.
| Event | What happens to your data |
|---|---|
| Beta ends, product launches | Your account and profile data carry over unless you delete them. Beta-specific logs and session recordings are deleted within 90 days of launch. |
| Beta is discontinued (no launch) | We will give you at least 30 days’ notice. You may export your questionnaire data. All personal data will be deleted or anonymized within 60 days of shutdown. |
| Data reset during beta | We may reset certain test data (e.g., matches, scores) for technical reasons. We will notify you in-app at least 7 days in advance where possible. |
6. Automated Decision-Making and Profiling (Art. 22 GDPR)
How the matching algorithm works
- Harmony score - based on lifestyle answers.
- Context score - based on academic/practical context.
- These combine into a compatibility score used to rank suggested profiles.
No binding decisions: The algorithm only suggests matches. You always choose who to contact and live with. No automated system produces legal or similarly significant effects about you.
EU AI Act transparency
In line with EU AI Act transparency obligations, we disclose that we use automated systems for matching, explain the main factors, and regularly review the system to reduce unfair bias. Contact us if you believe the system treats you unfairly.
7. Third-Party Disclosures
Persona (ID Verification)
- Processes your government ID and selfie/video as our data processor.
- We receive only the verification outcome and limited attributes.
Cloud Hosting Providers
- We use EU-based servers (e.g., AWS/Azure/Google Cloud EU regions) under data processing agreements.
- Providers may not use your data for their own marketing.
Beta Tooling (e.g., crash reporting, session recording tools)
- Where third-party tools are used for beta monitoring (e.g., Sentry, or similar), these act as data processors under GDPR-compliant agreements.
- We will list active beta tools in our Cookie/Tracking Notice.
Pilot Universities
- Receive only anonymized and aggregated data (cannot identify you).
- Any research needing more detailed data requires your explicit consent.
We do not sell your personal data to any third party, ever.
8. Data Retention
- Most personal data: kept while your account is active.
- Inactivity: accounts inactive for 1 year are deleted or anonymized (Dutch DPA guidance).
- Lifestyle questionnaire data: deleted/anonymized when you withdraw consent or delete your account.
- Beta logs and session data: deleted within 90 days of beta end or your account deletion, whichever comes first.
- Security/incident logs: may be kept longer where required by law or for ongoing investigations.
9. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the Autoriteit Persoonsgegevens (Dutch DPA) within 72 hours of becoming aware.
- Notify affected users without undue delay if the breach is likely to result in a high risk to you personally.
- Describe the nature of the breach, data affected, likely consequences, and measures taken.
10. Your Rights
Under the GDPR and UAVG, you have the following rights, typically exercisable through Settings or by contacting us:
| Right | What it means |
|---|---|
| Access | Request a copy of all data we hold about you. |
| Rectification | Correct inaccurate or incomplete data. |
| Erasure | Request deletion of your account and personal data (subject to legal exceptions). |
| Withdraw consent | Withdraw consent for lifestyle questionnaire or beta data collection at any time. |
| Data portability | Download your questionnaire responses and key data in a portable format. |
| Object | Object to processing based on legitimate interest. |
| Restriction | Ask us to temporarily restrict processing while we review a request. |
We may verify your identity before acting on a request. We aim to respond within one month as required by law.
You also have the right to lodge a complaint with the Autoriteit Persoonsgegevens: https://autoriteitpersoonsgegevens.nl
11. Minors (Age 17–18)
Domu Match is open to users aged 17 and above. Users under 18 are permitted, but we encourage parents or guardians to review this policy. If you are under 18 and based in the Netherlands, you may use our platform without parental consent under Dutch law, as Domu Match is a practical housing service. We do not use data of under-18 users for any purpose other than operating the service.
12. Security Measures
- Encryption in transit (TLS/HTTPS) and at rest for all databases and storage.
- Strict access controls - only authorized personnel with genuine need can access personal data.
- Regular updates, monitoring, and incident response procedures.
- Security by design and by default, in line with the 2026 Cybersecurity Act (Cbw).
No system is perfectly secure. We will notify you promptly if a breach affects you (see Section 9).
13. Contact and Complaints
- Privacy contact / DPO: domumatch@gmail.com
- Website: domumatch.com/contact
If you would like to, you may contact the Autoriteit Persoonsgegevens at https://autoriteitpersoonsgegevens.nl.
14. Definitions
- Personal data
- Any information relating to an identified or identifiable person.
- Special category data
- Particularly sensitive data (health, racial/ethnic origin, religion, sexual orientation) requiring extra protection and explicit consent.
- Biometric data
- Data from technical processing of physical characteristics that allows unique identification. Persona may create biometric templates during ID checks; Domu Match does not store these.
- Profiling
- Automated processing to evaluate personal aspects (preferences, behaviour). For Domu Match this means computing Harmony and Context scores.
- Beta tester
- A user who registered during the public beta period to trial the product before full launch.
This document was last reviewed and updated in March 2026. Domu Match reserves the right to update this policy; material changes will be notified by email or in-app notification with at least 15 days’ notice.