HuniDu
GDPR Compliant

Your data rights
under GDPR

HuniDu is fully compliant with the EU General Data Protection Regulation (GDPR). Your family's data belongs to you, and we're committed to protecting your rights.

Your data rights

Under GDPR, you have comprehensive rights over your personal data

Right to Access
Request a copy of all personal data we hold about you and your household
Export your data anytime from Settings → Privacy
Right to Portability
Receive your data in a machine-readable format to transfer to another service
Download JSON export with all your family's data
Right to Erasure
Request deletion of your personal data and household information
Delete account from Settings → Account → Delete
Right to Restriction
Limit how we process your data while we verify accuracy or legality
Contact privacy@hunidu.family to request restrictions
Right to Rectification
Correct inaccurate or incomplete personal information
Edit your profile and household data anytime
Right to Object
Object to processing of your data for specific purposes
Manage consent preferences in Settings → Privacy

Need help exercising your rights?

Legal basis for processing

We only process your data when we have a lawful basis to do so

Contractual Necessity
Processing necessary to provide HuniDu services you've signed up for
Examples:
  • Account creation and authentication
  • Calendar events and meal plans
  • Family member profiles
Legitimate Interest
Processing necessary for our legitimate business interests, balanced with your rights
Examples:
  • Service improvement and analytics
  • Security monitoring and fraud prevention
  • Customer support
Consent
Processing based on your explicit opt-in consent, which you can withdraw anytime
Examples:
  • Marketing emails and newsletters
  • Optional analytics and usage tracking
  • Third-party integrations
Legal Obligation
Processing required to comply with legal requirements
Examples:
  • Tax and accounting records
  • Responding to lawful requests
  • Regulatory compliance

What data we collect

Transparent about what we collect and how long we keep it

Account Information

Email addressNamePassword (hashed)Profile photo
Retention Period
Until account deletion + 30 days

Household Data

Family member profilesCalendar eventsMeal plans and recipesTasks and choresBudget transactions
Retention Period
Until account deletion + 30 days

Usage Data

Login timesFeature usageDevice informationIP addresses (anonymized after 90 days)
Retention Period
90 days (anonymized), 2 years (aggregated)

Communication Data

Support ticketsEmail correspondenceIn-app messages
Retention Period
3 years for support history

Third-party processors

We work with trusted partners who help us provide HuniDu services

Supabase (Database)
Data storage and authentication
Location: EU (Frankfurt) or US (Oregon) - you choose
Safeguards: Standard Contractual Clauses (SCCs)
Vercel (Hosting)
Application hosting and delivery
Location: Global edge network with EU data centers
Safeguards: Standard Contractual Clauses (SCCs)
OpenAI
AI meal suggestions and smart features
Location: United States
Safeguards: Data Processing Agreement, no training on your data
Stripe
Payment processing (paid plans only)
Location: United States
Safeguards: PCI DSS compliant, Standard Contractual Clauses

All third-party processors are bound by Data Processing Agreements (DPAs) and comply with GDPR requirements

International data transfers
How we protect your data when it crosses borders

EU Data Residency Option

EU customers can choose to have their data stored exclusively in our Frankfurt data center. This ensures your data never leaves the European Economic Area (EEA).

Standard Contractual Clauses (SCCs)

When we transfer data outside the EEA, we use European Commission-approved Standard Contractual Clauses to ensure the same level of protection as within the EU.

Additional Safeguards

All international transfers use encryption in transit (TLS 1.3) and at rest (AES-256). We conduct regular assessments of third-country data protection laws.

Data Protection Officer

Our DPO oversees GDPR compliance and is your point of contact for privacy matters

Contact Information

Postal Address

Data Protection Officer
HuniDu Inc.
123 Family Lane, Suite 400
San Francisco, CA 94102
United States

Response Times

Data access requests
Within 30 days
Deletion requests
Within 30 days
General inquiries
Within 5 business days
Right to lodge a complaint
If you're not satisfied with how we handle your data, you have the right to complain to a supervisory authority

While we hope to resolve any concerns directly, you can contact your local data protection authority or the Irish Data Protection Commission (our lead supervisory authority in the EU).

Irish Data Protection Commission

Website: www.dataprotection.ie
Email: info@dataprotection.ie
Phone: +353 57 868 4800

Questions about your data rights?

Our Data Protection Officer is here to help you understand and exercise your GDPR rights.