Privacy Policy
Last updated: April 13, 2026 — Version 2.0
1. Data Controller
GeraHome is operated by Gera Systems (registered in England and Wales). We are the data controller under the UK GDPR and Data Protection Act 2018.
- Website: gerahome.com
- Data Protection: privacy@gera.services
2. What Personal Data We Collect
2.1 Identity and Contact Data
Full name, email address, phone number, home address (required for service delivery), profile photo.
2.2 Home and Property Data
Your home address, property type, access instructions, and job details. Access codes are encrypted and auto-deleted within 24 hours of job completion.
2.3 Transaction and Payment Data
Payment method type, last four digits of cards, job quotes, invoices, and payment history.
2.4 Location Data
Your home address for provider matching. GPS location via mobile app only with your permission.
2.5 Background Check Data (Service Providers)
DBS check results (UK), trade certifications, proof of insurance, and professional licences. DBS results are retained 6 months per the DBS Code of Practice.
2.6 Usage and Technical Data
IP address, browser type, device identifiers, session data, crash logs.
3. Legal Bases for Processing
| Purpose | Legal Basis |
|---|---|
| Account creation and management | Contract (Art. 6(1)(b)) |
| Matching you with local providers | Contract (Art. 6(1)(b)) |
| Sharing your address with booked provider | Contract (Art. 6(1)(b)) |
| Background checks on service providers | Legitimate Interests + Legal Obligation (Art. 6(1)(c)(f)) |
| Processing payments | Contract (Art. 6(1)(b)) |
| Fraud prevention | Legitimate Interests (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
4. Data Retention
- Account data: while active + 2 years after closure
- Financial records: 6 years (HMRC)
- DBS check results: 6 months from decision
- Access codes: deleted within 24 hours of job completion
- Analytics: 13 months rolling
5. Who We Share Your Data With
We do not sell your data. We share only as necessary:
- Booked service providers — name, address, job details (after booking confirmed)
- DBS Update Service — background checks on professionals
- Railway, Neon, Vercel — infrastructure; Stripe — payments
- PostHog (EU, anonymised analytics); Sentry (EU, error monitoring)
- Resend — transactional email
- Legal/regulatory authorities — when required by law
6. Your Rights
Access, rectify, erase, restrict, port, or object to your data. Email privacy@gera.services — response within one calendar month. Complaints to the ICO.
7. Security
TLS 1.2+ in transit, AES-256 at rest, MFA on admin systems, regular OWASP audits. ICO notified within 72 hours of qualifying breach.
8. Cookies
Essential, functional, and (with consent) analytics cookies. See our Cookie Policy.
9. Contact
- Data Protection: privacy@gera.services
- Support: support@gerahome.com