Privacy Policy

1. Introduction and Data Controller

At Conejome, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

Data Controller:

Conejome is operated by Rabbit Hole Technologies Oy (Business ID 3587542-1)
Registered Address: Sibeliuksenkatu 9 A 14, 00250 Helsinki, Finland
Country: Finland
Email: support@conejome.com
Data Protection Contact: dpo@conejome.com

2. Information We Collect

2.1 Information You Provide

  • Account information (name, email, password)
  • Profile information
  • Property listings and descriptions
  • Messages sent through our platform
  • Payment information (processed securely by Stripe)
  • Contact information for landlords and tenants

2.2 Automatically Collected Information

  • Device information and IP address
  • Browser type and version
  • Usage data and analytics
  • Cookies and similar tracking technologies

3. Legal Basis and How We Use Your Information

Under GDPR, we process your personal data based on the following legal grounds:

3.1 Contract Performance (GDPR Art. 6(1)(b))

Processing necessary to provide our services:

  • Account creation and authentication
  • Property listing and search functionality
  • Facilitating communication between landlords and tenants
  • Processing contact information unlock payments
  • Delivering platform features you requested

3.2 Legal Obligation (GDPR Art. 6(1)(c))

Processing required by law:

  • Tax and accounting requirements
  • Fraud prevention and detection
  • Responding to legal requests from authorities

3.3 Legitimate Interest (GDPR Art. 6(1)(f))

Processing for our legitimate business interests:

  • Platform security and abuse prevention
  • Improving user experience and platform functionality
  • Analytics to understand platform usage
  • Customer support and dispute resolution

We have conducted a legitimate interest assessment (LIA) to ensure that our interests do not override your fundamental rights and freedoms.

3.4 Consent (GDPR Art. 6(1)(a))

Where applicable, with your explicit consent:

  • Marketing communications (you can withdraw consent anytime)
  • Optional cookies and analytics

4. Information Sharing and Disclosure

4.1 With Other Users

When you list a property or unlock contact information:

  • Property listings are visible to all platform users
  • Your contact information is shared after payment is processed
  • Messages are shared between conversation participants

4.2 With Service Providers (Data Processors)

We share information with trusted service providers who process data on our behalf under GDPR-compliant data processing agreements:

  • Stripe for payment processing (Note: Conejome does not store credit card details; Stripe processes payments securely)
  • Supabase for data storage and authentication
  • Resend for transactional email delivery
  • Analytics providers to improve our service

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests from authorities.

5. Data Security

We implement appropriate security measures to protect your information:

  • Encryption of data in transit and at rest
  • Secure authentication through Supabase
  • Regular security audits and updates
  • Access controls and monitoring

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Rights and Choices

Under GDPR and applicable data protection laws, you have the following rights:

  • Right of Access (Art. 15) - Access and obtain a copy of your personal information
  • Right to Rectification (Art. 16) - Update or correct your personal information
  • Right to Erasure (Art. 17) - Delete your account and associated data ("right to be forgotten")
  • Right to Data Portability (Art. 20) - Receive your data in a structured, commonly used format and transmit it to another controller
  • Right to Object (Art. 21) - Object to processing based on legitimate interests or for direct marketing purposes
  • Right to Restriction (Art. 18) - Request restriction of processing under certain circumstances
  • Right to Withdraw Consent (Art. 7) - Withdraw consent at any time for processing based on consent (e.g., marketing communications)

How to Exercise Your Rights:

To exercise any of these rights, please contact us at support@conejome.com or dpo@conejome.com. We will respond to your request within one month.

Right to Lodge a Complaint:

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Finnish Data Protection Authority (Tietosuojavaltuutetun toimisto):

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
P.O. Box 800
33101 Tampere, Finland
Website: tietosuoja.fi
Phone: +358 (0)29 566 6700

You also have the right to lodge a complaint with the supervisory authority in your country of residence if you are located in another EU member state.

7. Cookies and Tracking

We use cookies and similar technologies to enhance your experience, analyze usage, and personalize content. Under GDPR, we obtain your consent before using non-essential cookies.

Cookie Categories

Strictly Necessary Cookies

Essential for platform functionality, authentication, and security. These do not require consent.

Examples: Session cookies, authentication tokens

Functional Cookies

Enable enhanced functionality and personalization (e.g., language preferences, search filters).

Requires consent - you can opt-out via browser settings

Analytics Cookies

Help us understand how users interact with our platform to improve user experience.

Requires consent - you can opt-out via browser settings

Marketing Cookies

Used to deliver relevant advertisements (if applicable in the future).

Requires explicit consent - you can opt-out at any time

Managing Cookies: You can manage or withdraw cookie consent at any time via your browser settings. Note that disabling certain cookies may affect platform functionality.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.

Retention Periods by Data Category

  • Account Data: Retained while your account is active and for 30 days after account deletion (to allow for account recovery)
  • Property Listings: Retained while listing is active and for 90 days after deletion (for dispute resolution)
  • Messages & Communications: Retained for 12 months after last message or until account deletion
  • Payment Records: Retained for 7 years to comply with tax and accounting legal obligations
  • Analytics Data: Anonymized after 24 months
  • Support Communications: Retained for 3 years after last contact

Account Deletion: When you delete your account, we will:

  • Immediately deactivate your account
  • Delete your personal information within 30 days
  • Anonymize data required for legal compliance or legitimate business purposes
  • Retain payment records as legally required (7 years)

Some information may be retained in backup systems for up to 90 days after deletion.

9. Children's Privacy

Our platform is not intended for users under 18 years of age. We do not knowingly collect information from children. If we become aware that we have collected information from a child, we will take steps to delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers (Supabase, Stripe, Resend) operate data centers.

Safeguards for International Transfers

We ensure appropriate safeguards are in place to protect your information when transferred internationally:

  • Standard Contractual Clauses (SCC): Where applicable, we use EU-approved Standard Contractual Clauses with our data processors to ensure GDPR-level protection
  • EU-US Data Privacy Framework: Some of our service providers participate in the EU-US Data Privacy Framework, providing additional safeguards for transatlantic data transfers
  • Data Processing Agreements: All third-party processors are bound by GDPR-compliant data processing agreements
  • Technical Safeguards: Encryption in transit and at rest for all data transfers

You have the right to obtain information about the safeguards we use for international transfers by contacting us at dpo@conejome.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our platform. Your continued use of Conejome after changes become effective indicates acknowledgment of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: support@conejome.com

Last updated: December 30, 2025