1. Introduction
Daniel Ilievski ("we," "us," or "our") operates the DomRadar mobile application ("Service"). This Privacy Policy explains what personal data we collect, how we use it, and your rights under applicable law, including the General Data Protection Regulation (GDPR).
DomRadar is a real estate alert service. We process personal data to provide you with notifications when real estate listings match your saved search criteria.
Data Controller: Daniel Ilievski · [email protected]
2. Data We Collect
2.1 Account Information
When you sign in via Google or Apple, we receive your display name, email address, and a unique identifier from the authentication provider. We do not receive your password — authentication is handled entirely by Google or Apple.
2.2 Search Preferences
To deliver alerts we store the search criteria you configure: listing type (sale or rental), property category, location, minimum and maximum size (m²), and maximum price.
2.3 Interaction Data
We store records of how you interact with listings: listings you save, listings you mark as "not interested," and alerts we have delivered to you.
2.4 In-App Feedback
If you submit a rating (1–3 stars) through the in-app feedback prompt, we store your star rating, optional free-text feedback, platform (iOS or Android), and app version. 4–5 star ratings route directly to the App Store or Google Play and are not stored on our servers.
2.5 Notification Preferences
Preferred notification frequency, quiet hours, and your push notification token (provided by Expo).
2.6 Usage and Analytics Data
We collect first-party analytics to understand how the app is used: event name and timestamp, session ID (randomly generated per session), device ID (randomly generated, stored locally on your device), platform, and app version. We do not use Google Analytics, Meta Pixel, or any third-party behavioral tracking.
2.7 Subscription Data
If you subscribe to PRO, RevenueCat processes your payment and notifies us of your subscription status. We store your subscription expiry date and whether a renewal reminder has been sent. We never see your payment card details.
2.8 Technical Data
Country (inferred from your device settings at registration), timestamps of account creation and updates, and timestamps of last notification sent and last feed viewed.
3. How We Collect Data
| Data | Collection Method |
|---|---|
| Account info | Social login (Google / Apple) |
| Search preferences | You enter them in the app |
| Interaction data | Your in-app actions (save, dismiss) |
| In-app feedback | You submit via the rating prompt |
| Push token | Automatically generated by Expo on your device |
| Analytics | Automatically on app events |
| Subscription status | RevenueCat webhook |
| Country | Device locale at registration |
4. Legal Basis for Processing (GDPR)
| Data Category | Legal Basis |
|---|---|
| Account information | Performance of contract (Art. 6(1)(b)) |
| Search preferences | Performance of contract (Art. 6(1)(b)) |
| Interaction data | Performance of contract (Art. 6(1)(b)) |
| Push notification token | Performance of contract (Art. 6(1)(b)) |
| In-app feedback | Legitimate interest in improving the Service (Art. 6(1)(f)) |
| Analytics (first-party) | Legitimate interest in understanding usage (Art. 6(1)(f)) |
| Subscription data | Performance of contract (Art. 6(1)(b)) |
5. How We Use Your Data
- Deliver alerts: Match your search criteria against new listings and send push notifications.
- Operate the app: Maintain your account, preferences, and saved listings.
- Manage subscriptions: Track PRO status and send renewal reminders.
- Improve the Service: Analyze usage patterns and in-app feedback to fix bugs and improve features.
- Security: Detect and prevent abuse.
We do not sell your personal data. We do not use your data for advertising or behavioral profiling.
6. Third-Party Services
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Authentication | OAuth token exchange | policies.google.com/privacy | |
| Apple | Authentication | OAuth token exchange | apple.com/privacy |
| Expo, Inc. | Push notifications | Push token, notification payload | expo.dev/privacy |
| RevenueCat, Inc. | Subscription management | User ID, purchase events | revenuecat.com/privacy |
| Supabase / AWS eu-west-1 | Database hosting | All user data (infrastructure processor) | supabase.com/privacy |
All processors are bound by data processing agreements. Your data stored in our database resides on servers within the EU (AWS eu-west-1, Ireland). We do not share your data with real estate agencies, advertisers, or data brokers.
7. Cookies and Tracking
DomRadar is a mobile application. We do not use browser cookies. We use:
- AsyncStorage: Local device storage for app preferences and UI state. This data never leaves your device.
- Device ID: A randomly generated identifier stored locally on your device, used for first-party analytics. Not linked to your name or email.
- Session ID: A randomly generated identifier that resets with each app session, used for analytics grouping.
8. Data Retention
| Data | Retention Period |
|---|---|
| Account and preferences | Until you delete your account |
| Saved and dismissed listings | Until you delete your account |
| Delivered alerts | Until you delete your account |
| In-app feedback | Retained indefinitely for product improvement |
| Analytics events | 24 months |
| Revoked tokens | Until token expiry |
| Waitlist email | Until you request removal |
When you delete your account, we delete or anonymize your personal data within 30 days, except where we are required to retain it by law.
9. Data Security
- All data in transit is encrypted via HTTPS/TLS.
- Passwords are not stored — authentication is delegated to Google and Apple.
- JWT access tokens expire after 60 minutes; refresh tokens expire after 30 days.
- Database access is restricted to authorized backend services only.
No system is completely secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authority as required by GDPR within 72 hours.
10. Your Rights (GDPR)
If you are located in the EU/EEA, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Restriction: Request that we restrict processing of your data.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interest.
- Withdraw Consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Slovenian Information Commissioner (ip-rs.si) or the supervisory authority in your country of residence.
11. Children's Privacy
DomRadar is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, contact us at [email protected] and we will delete it promptly.
12. International Data Transfers
Our database is hosted within the EU (AWS eu-west-1, Ireland). Some third-party processors (Expo, RevenueCat) may process data in the United States. Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the app or by email. The "Last Updated" date at the top reflects the most recent revision. Continued use of the Service after changes constitutes acceptance.
14. Contact
Daniel Ilievski
Email: [email protected]
General inquiries: [email protected]
You may also contact the Slovenian Information Commissioner:
Information Commissioner of the Republic of Slovenia (IP RS)
Dunajska cesta 22, 1000 Ljubljana, Slovenia · ip-rs.si