Privacy Policy

This Privacy Policy describes how HomeStart (“HomeStart,” “we,” “us,” “our”) handles information when you use our mobile application and related websites (the “Services”).

HomeStart is a financial planning and education tool for people preparing to buy a home. We are not a lender and do not offer loans, credit decisions, or underwriting. Information and estimates in the app are for informational purposes only and are not financial, legal, or tax advice. You should consult qualified professionals for advice specific to your situation.

By using the Services, you agree to this Policy. If you do not agree, please do not use the Services.

1. Who we are

Data controller: HomeStart, United States.

Contact (privacy questions): hello@homestartapp.com

Security reports: security@homestartapp.com (see our Security overview).

2. Information we collect

2.1 Information you provide

• Account information. Email address and authentication information processed through Google Firebase Authentication. If you choose Google or Facebook (Meta) sign-in, we receive the profile and identifier information those providers share with us according to your settings and their policies.
• Planning information you enter. Information you add in the app to build your plan—for example, housing goals, budget assumptions, income and debt figures you choose to enter, savings targets, timelines, and similar fields stored with your plan. You decide how much detail to provide.
• Manual balances and labels. If you do not link a bank, you may enter account nicknames and amounts manually so the app can still show progress toward your goals.

2.2 Information from optional bank linking (Plaid)

If you choose to connect a financial institution, we use Plaid Inc. and its Plaid Link technology. Your financial institution login credentials are collected by Plaid, not by us. We do not store your bank password for that connection flow.

Subject to your authorization and Plaid’s terms, we may receive information such as:

• Institution name and identifiers Plaid uses to identify the connection;
• Account identifiers, names, and types for linked accounts;
• Balance and available-funds information used to show savings progress and related planning views;
• Technical identifiers Plaid provides so we can maintain or refresh the connection.

The exact categories can depend on your institution and what you authorize. Plaid’s privacy notice explains its practices in more detail.

You may disconnect linked accounts at any time using the in-app controls for connected accounts or institution linking. Disconnecting stops new data from that connection from flowing to HomeStart; we describe retention in Section 5.

2.3 Information collected automatically

• Service operations. When you use the Services, Google Firebase and related Google Cloud services may process technical information needed to run the app and backend—for example, device type, operating system version, app version, crash or diagnostic signals, and security-related logs. We use this to operate, secure, and improve the Services.
• Analytics. We do not use third-party advertising or cross-app tracking SDKs for behavioral ads. Any product analytics we enable are limited to understanding how the app is used and improving features.
• Notifications. If you opt in to push notifications, we process a device token so your device can receive messages you have agreed to. You can turn off notifications in your device or app settings.

2.4 Other sources

The app may request non-sensitive reference or market information from third-party data sources (for example, public economic or housing-related datasets) to show context in planning features. Those requests do not include your bank credentials. They may use parameters derived from general planning inputs (such as region-level preferences you have entered).

3. How we use information

We use the information above to:

• Provide the Services: authenticate you, sync your plan, show savings and cash-to-close context, and run optional account linking;
• Display illustrative estimates and readiness-style summaries based on what you enter or link—not for lending, credit decisions, or guarantees about buying a home;
• Maintain security, prevent abuse, debug issues, and improve reliability;
• Send optional communications you have requested (such as product updates or reminders, where available and permitted);
• Comply with applicable law and enforce our Terms of Service.

We do not sell your personal information as that term is commonly defined in U.S. state privacy laws, and we do not use Plaid data to advertise unrelated third-party financial products.

4. Sharing

We share information only as needed to run the Services or as required by law:

• Service providers who process data on our instructions, including Google (Firebase, Firestore, Cloud Functions, and related Google Cloud infrastructure), Plaid (for linking and related financial data), and Apple (for distributing the app and device-level services).
• Sign-in providers (Google, Meta/Facebook) when you choose those sign-in methods, as described in their policies.
• Authorities or others if we believe disclosure is required to comply with law, protect safety, or defend our rights.

We may share aggregated or de-identified information that cannot reasonably identify you—for example, statistics about feature usage.

5. Data retention

We keep your account and plan information while your account is active so the Services work as you expect.

If you delete your account, we will delete or de-identify your personal information within a reasonable period, typically within thirty (30) days, unless a longer period is required by law, dispute resolution, or backup and disaster-recovery systems (in which case we delete when those backups cycle off or as soon as practicable).

When you disconnect a linked institution, we stop receiving new data from that connection. We remove or refresh stored Plaid-related data on your account in line with disconnection and account settings, subject to short technical delays.

Communications you send us (for example, support or privacy requests) may be retained for a limited time for recordkeeping and quality.

6. Security

We use technical and organizational measures appropriate to the nature of the Services, including encryption in transit (such as HTTPS/TLS), access controls on our systems, and server-side handling of sensitive tokens (including Plaid-related tokens). No online service is completely secure; we encourage you to use a strong device passcode and keep your app updated.

More detail is available in our Security overview.

7. Your rights and choices

Depending on where you live, privacy laws may give you rights to access, correct, delete, or export personal information, or to object to or restrict certain processing. We will honor applicable requests as required by law.

• Access and updates. You can review and update much of your information directly in the app.
• Linked accounts. You can disconnect financial institutions in the app as described in Section 2.2.
• Notifications. You can disable push notifications in device or app settings.
• Marketing. If we send optional promotional email, we will provide a way to opt out.

How to delete your account

To request deletion of your account and associated personal information, email us at hello@homestartapp.com from the email address associated with your account, with the subject line “Account deletion request,” or use any in-app account deletion option we make available. We may verify your identity before processing. Deletion may not remove information we must keep for legal or legitimate business reasons (for example, limited billing or security logs), as described in Section 5.

Regional notices

EEA, UK, and Switzerland. Where the GDPR or similar laws apply, we rely on appropriate legal bases such as performance of a contract (providing the Services), legitimate interests (security and improvement, balanced against your rights), and consent where required (for example, optional linking or certain notifications). You may have the right to lodge a complaint with a supervisory authority.

United States (state laws). Residents of certain states may have additional rights (for example, to know, delete, or opt out of certain processing). To exercise rights, contact hello@homestartapp.com. We do not “sell” personal information or use sensitive data for prohibited purposes as defined in those laws, consistent with Section 3.

8. Children’s privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us and we will take steps to delete it.

9. International transfers

We are based in the United States. If you use the Services from another country, your information may be processed in the U.S. and in other countries where our providers operate. Those countries may have different data protection laws than your own. Where required, we use appropriate safeguards (such as standard contractual clauses approved by regulators) for transfers of personal data from the EEA, UK, or Switzerland.

10. Changes

We may update this Policy from time to time. We will post the updated version on this page and change the “Last updated” date. If changes are material, we will provide additional notice as appropriate (for example, in-app notice or email where we have your address).

11. Contact

Questions about this Privacy Policy: hello@homestartapp.com

Website: https://homestartapp.com