Privacy Policy

Effective Date: March 30, 2026

1. Introduction

This Privacy Policy explains how Launchborn LLC ("we," "us," or "our"), a company organized under the laws of the State of Wyoming, United States, collects, uses, and protects information when you use the FlatSwipe mobile application and website (collectively, the "Service").

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and authentication credentials through the sign-in method you choose (Email magic link, Google Sign-In, or Apple Sign-In). If you use the Service without signing in, we create an anonymous session identifier.

2.2 Profile Information

You may provide additional profile information including your display name, phone number, profile photo, and preferred contact methods (Telegram, WhatsApp, Viber, or Facebook Messenger). Profile photos you upload are processed and stored in our cloud infrastructure.

2.3 Identity Verification Data

If you choose to verify your identity, our third-party verification provider Didit may collect:

  • A photo of your government-issued ID (passport, national ID card, or driver's license)
  • A selfie for facial comparison
  • NFC chip data from your passport (if supported by your device)
  • Extracted document data (name, date of birth, document number)

This data is processed by Didit on their infrastructure. We receive only the verification status (approved or declined) and a session identifier. We do not store your ID photos, selfies, or document details on our servers.

2.4 Listing Data

If you create a listing, we collect the information you provide, including property title, description, address, coordinates, price, photos, amenities, and other property details. Photos you upload are processed (resized and converted to WebP format), moderated for content safety, and stored in our cloud storage.

2.5 Usage & Interaction Data

We collect information about how you interact with the Service, including:

  • Swipe actions (like, skip) and saved listings
  • Contact taps (when you view a landlord's contact details)
  • Search filters and preferences
  • Pages and screens visited
  • App session duration and frequency

2.6 Location Data

With your permission, we collect your approximate location to display nearby rental listings and calculate distances. Location data is processed via Google Maps services. You can revoke location access at any time through your device settings. The Service remains functional without location access, but distance-based features will be unavailable.

2.7 Device & Diagnostic Data

We automatically collect device information (device model, operating system version, unique device identifiers, IP address) and diagnostic data (crash logs, performance metrics) via Firebase Analytics and Firebase Crashlytics to improve the stability and performance of the Service.

2.8 Payment Information

Subscription purchases on mobile are processed through Apple App Store or Google Play via our subscription management partner RevenueCat. Web purchases are processed through Stripe. We do not collect or store your credit card numbers or bank details. We receive only subscription status, transaction identifiers, and purchase timestamps.

2.9 Cookies & Local Storage

Our website uses essential cookies and browser local storage for authentication sessions and user preferences (such as language selection). We do not use third-party advertising or tracking cookies.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Personalize your experience and display relevant listings
  • Process subscription transactions and manage your account
  • Send transactional communications (e.g., sign-in magic links via email)
  • Automatically translate listing content into your preferred language using AI
  • Moderate user-generated content (text and images) for policy compliance using AI
  • Detect and group duplicate listings for a better user experience
  • Monitor and analyze usage trends and app performance
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

4. AI & Automated Processing

We use artificial intelligence to process certain user-generated content:

4.1 Content Moderation

Listing text (titles, descriptions) and uploaded images are automatically screened for policy violations using OpenAI's moderation models. Content that is flagged may be automatically rejected. You may contact us to request a manual review of any automated moderation decision.

4.2 Automatic Translation

Listing content and user profile information may be automatically translated into multiple languages using OpenAI's language models to make the Service accessible to users in different regions. Your original content is sent to OpenAI's API for translation processing.

4.3 Duplicate Detection

We use automated systems to detect and group duplicate or near-duplicate listings based on location coordinates, pricing, and other listing attributes. This is done to improve search quality and does not involve sharing data with third parties.

Under applicable data protection laws (including GDPR Article 22), you have the right to request human review of any decision made solely by automated processing that significantly affects you. To exercise this right, contact us at the address below.

5. Sharing of Information

We do not sell your personal information. We share information with the following categories of service providers, each of which processes data only for the purposes described:

5.1 Infrastructure & Database

  • Google Firebase (Google Cloud Platform) — authentication, database (Firestore), cloud storage, serverless functions, analytics, and crash reporting. Data is hosted in the EU (europe-west4, Netherlands).

5.2 Payments & Subscriptions

  • RevenueCat — subscription lifecycle management and purchase validation for mobile and web platforms.
  • Stripe — payment processing for web-based subscriptions. Stripe receives payment method details directly and is a PCI DSS Level 1 certified processor.
  • Apple & Google — in-app purchase processing and app distribution on their respective platforms.

5.3 Identity Verification

  • Didit — identity document verification and facial recognition for the optional "Verified" badge. Didit processes biometric data under their own privacy policy. We receive only verification status.

5.4 AI & Content Processing

  • OpenAI — text and image content moderation, and multi-language translation of listing content. User-generated text and images are sent to OpenAI's API for processing. OpenAI's API data usage policy states that API inputs are not used for model training.

5.5 Email Delivery

  • Resend — transactional email delivery (sign-in magic links). Resend receives your email address solely to deliver authentication emails on our behalf.

5.6 Maps & Location

  • Google Maps — map rendering and geocoding on mobile. Your approximate location may be transmitted to Google when you use map features.
  • OpenStreetMap / Leaflet — map rendering on the web version. Map tile requests are made to OpenStreetMap tile servers.

5.7 Currency Data

  • Open Exchange Rates — currency conversion rates updated periodically. No user data is shared with this service.

5.8 Legal Requirements

We may disclose your information if required to do so by law, or in the good-faith belief that such action is necessary to comply with legal process, protect our rights or safety, or investigate potential violations of our Terms of Service.

5.9 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Data Retention

We retain different types of data for different periods:

  • Account data — retained for as long as your account is active.
  • Listing data & photos — retained while the listing is active. Deactivated listings and associated photos are deleted within 30 days.
  • Interaction data (swipes, contact taps) — retained for up to 12 months for analytics, then aggregated and de-identified.
  • Identity verification — we retain only the verification status. Biometric data is held and deleted by Didit according to their retention policy.
  • Payment records — transaction identifiers and subscription status are retained for the duration required by applicable tax and accounting laws.

If you request account deletion, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes. Anonymous and aggregated analytics data may be retained indefinitely.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and personal data
  • Request portability of your data in a machine-readable format
  • Withdraw consent for location data collection at any time
  • Object to or request restriction of certain data processing
  • Request human review of automated decisions that affect you (see Section 4)
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, please contact us at the address listed below. We will respond to your request within 30 days.

8. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

  • Encrypted data transmission (TLS) for all communications
  • Firebase Security Rules enforcing ownership-based access control
  • Server-side authentication and authorization for all API endpoints
  • Rate limiting on sensitive operations (authentication, moderation)
  • HMAC signature verification for all incoming webhooks
  • Secrets managed via Google Cloud Secret Manager

However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such data promptly.

10. International Data Transfers

Our primary database and cloud infrastructure are hosted in the European Union (Netherlands) via Google Cloud Platform. However, some of our service providers process data in other jurisdictions:

  • OpenAI (United States) — for content moderation and translation
  • Stripe (United States) — for payment processing
  • RevenueCat (United States) — for subscription management
  • Resend (United States) — for email delivery

By using the Service, you consent to the transfer of your information to these providers. We ensure that all transfers are conducted with appropriate safeguards in place, including standard contractual clauses where required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Effective Date" above. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Launchborn LLC

State of Wyoming, United States

Email: privacy@flatswipe.app