EFFECTIVE: 26 APRIL 2026 · LAST UPDATED: 26 APRIL 2026

Privacy Policy

This Privacy Policy explains how HomeProof handles personal data. It is designed to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA). The short version: we do not collect personal data. The long version explains why.

1. Data controller

The data controller for this Service is:

Tunari (Orest Kolodii, sole proprietor)
Email: tunarivpn@gmail.com
For all data subject inquiries, write to the email above with the subject line "GDPR / Privacy".

HomeProof has not appointed a Data Protection Officer because, as detailed below, we do not engage in large-scale personal data processing.

2. What personal data we collect

None.

HomeProof is an offline-first iOS application. All scanning, OCR, storage, and PDF generation happens on your device. We operate no user-account database, no analytics pipeline, no advertising identifier collection, no cookie tracking on the website (no cookies are set by this domain other than what your browser may set for SSL session reuse).

The only third-party SDK in the app is Sentry (sentry.io) for crash diagnostics. We have configured it with:

sendDefaultPii = false — no IP addresses, no user identifiers
attachScreenshot = false — no UI captures
attachViewHierarchy = false — no UI structure
enableUserInteractionTracing = false — no tap-by-tap recording
10% sampling of performance traces in Release builds

Sentry receives only the technical stack trace and runtime context required to fix crashes. No vault contents, receipts, or item names are transmitted.

3. Data stored on your device

Your vault — items, receipts, warranty cards, photos, OCR text, serial numbers, notes — is stored:

Locally on your iPhone or iPad in a SwiftData database, encrypted at rest by iOS.
Optionally in your private Apple iCloud database (CloudKit), if iCloud backup is enabled in HomeProof Settings. This is the same iCloud account you use for Photos, Notes, or Health. Apple's privacy terms apply to that data — Tunari has no access to it.

You can disable iCloud backup at any time in HomeProof → Settings → iCloud.

4. Lawful basis for processing (GDPR Art. 6)

Where any processing does occur (e.g. crash report transmission to Sentry):

Consent (Art. 6(1)(a)) — for crash diagnostics. The app starts Sentry only if a DSN is configured. You can disable this by deleting the SENTRY_DSN entry; future versions will expose this as a Settings toggle.
Contract (Art. 6(1)(b)) — for processing required to deliver the iCloud backup service you have requested.
Legitimate interest (Art. 6(1)(f)) — for diagnosing and fixing app crashes that affect all users.

5. Permissions we request from iOS

Permission	Purpose	Required?
Camera	Scan receipts and warranty cards	Optional — only on tap
Photo Library	Save scans / pick from library	Optional
Notifications	Warranty expiry reminders	Optional
Face ID / Touch ID	Lock the vault	Optional

None of these permissions are required to use the app. You can decline all of them and still maintain a vault by entering items manually.

6. Cookies and tracking on this website

This website (homeproofvault.com) sets no cookies for tracking, analytics, or advertising. The site is a static set of HTML and CSS files served from an Nginx web server. We do not use Google Analytics, Meta Pixel, or any other behavioural tracker. If the site is loaded through Cloudflare's CDN (we may enable this for DDoS protection), Cloudflare may set short-lived security cookies governed by their Privacy Policy.

7. In-app purchases

HomeProof Pro is sold as a yearly subscription via Apple's StoreKit. Apple is the seller of record. Apple handles your payment information directly. We receive only an entitlement flag (Pro: yes/no) — never your name, address, card number, or transaction ID.

8. International transfers

Crash reports sent to Sentry are processed at Sentry's EU region facility (ingest.de.sentry.io). Data is hosted within the European Union and does not leave it. If Sentry adds additional regions in the future, we will disclose them here before any change.

Your iCloud vault data is processed by Apple in your local Apple region per your Apple ID settings. Tunari has no access to it and does not direct its routing.

9. Data retention

Because we do not store personal data centrally, there is nothing to retain. Crash reports retained by Sentry are auto-deleted after 90 days per Sentry's default policy. Your local + iCloud vault is retained as long as you choose to keep it; deletion is one tap (HomeProof → Settings → "Delete vault").

10. Your rights under GDPR / UK GDPR

You have the following rights regarding personal data:

Right to access (Art. 15) — request a copy of any data we hold
Right to rectification (Art. 16) — correct inaccurate data
Right to erasure / "right to be forgotten" (Art. 17)
Right to restriction (Art. 18)
Right to data portability (Art. 20) — your vault is yours, exportable as PDF + raw image data via Files app
Right to object (Art. 21)
Right to withdraw consent at any time (Art. 7(3))
Right to lodge a complaint with your supervisory authority. EU users may contact their national data protection authority. UK users may contact the Information Commissioner's Office.

To exercise any of these rights: email tunarivpn@gmail.com with the subject "GDPR Request". We respond within 30 days as required by law (extendable to 90 days for complex requests).

11. Your rights under CCPA (California)

California residents have the right to:

Know what personal information is collected (answer: none)
Know whether it is sold or shared (answer: never)
Request deletion (answer: nothing to delete on our side)
Opt out of sale (answer: not applicable; we don't sell data)
Non-discrimination for exercising these rights

HomeProof has not sold or shared personal information in the past 12 months and does not intend to.

12. Children's privacy

HomeProof is not directed at children under 16 and does not knowingly process data from anyone under that age (under 13 in the United States per COPPA). If you become aware that a minor has used HomeProof, contact us and we will assist with vault deletion.

13. Security

iOS encrypts all SwiftData stores at rest using the device passcode-derived key. iCloud backups are encrypted in transit (TLS 1.3) and at rest by Apple. The app supports optional Face ID lock for an additional access barrier. We do not transmit your vault contents over any network controlled by us.

14. Changes to this policy

If we ever modify this policy in a way that materially affects your privacy posture (for example, adding a different telemetry SDK), we will:

Update this page with the change and date.
Update the App Store privacy disclosure.
Show an in-app notice describing the change before it takes effect, with an option to decline.

15. Contact

Privacy questions, complaints, GDPR/CCPA requests, or general feedback:

tunarivpn@gmail.com

One human reads every message. We aim to respond within 5 business days; legal requests within 30 days.