homepage.devβeta

Privacy Policy

Last updated: January 30, 2025

Introduction

At homepage.dev ("we," "our," or "us"), we respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our real-time collaborative homepage platform.

homepage.dev is a browser homepage platform that allows you to create personalized dashboards with pages, tabs, bookmarks, notes, and other productivity tools. We prioritize transparency and your control over your data.

Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address (via Clerk authentication)
  • Profile information (optional avatar, display preferences)
  • Organization/team information if you create or join a team

Content You Create

We store the content you create on our platform:

  • Homepages: Your custom homepage configurations, layouts, and settings
  • Pages & Tabs: Page names, icons, organization structure
  • Bookmarks: URLs, titles, descriptions, categories, and custom metadata
  • Notes & Content: Text notes, markdown content, and other productivity data
  • Collaboration Data: Real-time presence, shared content, team interactions

Usage Information

  • Browser type, version, and device information
  • Pages visited, features used, and interaction patterns
  • Real-time collaboration sessions and activity logs
  • Performance metrics and error reports (via Sentry)
  • IP address and general location data

Cookies and Tracking

We use cookies for authentication, preferences, and analytics. You can control cookies through your browser settings, but some features may not work without them.

How We Use Your Information

We use your information to:

  • Provide Services: Store and sync your homepages, bookmarks, and content across devices
  • Enable Collaboration: Share content with team members and manage real-time collaboration
  • Improve Platform: Analyze usage patterns to enhance features and user experience
  • Communicate: Send product updates, security alerts, and support responses
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Compliance: Meet legal obligations and enforce our terms of service

Legal Basis for Processing Your Data

Under the General Data Protection Regulation (GDPR), we are required to inform you of the legal basis for processing your personal data. We process your data under the following legal grounds:

1. Contract (Service Provision)

Processing is necessary to provide the homepage.dev service under our Terms and Conditions:

  • Account creation and authentication via Clerk
  • Homepage, page, tab, and bookmark storage and synchronization via Convex
  • Real-time collaboration features and presence status
  • Data export and backup functionality
  • Customer support and service communications
  • Processing subscription payments (for paid plans)

2. Consent

We ask for your explicit consent before processing data for the following purposes:

  • Analytics Cookies: Performance monitoring and usage analytics to improve our service
  • Preference Cookies: Remembering your settings, theme, and personalization choices
  • Marketing Communications: Promotional emails, newsletters, and product announcements (if opted-in)
  • Optional Integrations: Third-party services you explicitly enable

You can withdraw your consent at any time through our Cookie Settings page or by contacting us at privacy@homepage.dev. Withdrawing consent will not affect the lawfulness of processing based on consent before withdrawal.

3. Legitimate Interest

We process certain data based on our legitimate business interests, which we have carefully balanced against your rights and freedoms:

  • Security and Fraud Prevention: Detecting and preventing unauthorized access, abuse, and fraudulent activity
  • Error Monitoring: Using Sentry to track application errors and performance issues to maintain service quality
  • Service Improvements: Analyzing usage patterns to develop new features and enhance user experience
  • Legal Compliance: Meeting regulatory requirements and responding to legal requests
  • Business Operations: Internal administration, data backup, and disaster recovery

You have the right to object to processing based on legitimate interest. Contact us at privacy@homepage.dev to exercise this right.

Third-Party Services

We use carefully selected third-party services to operate our platform. Your data may be processed by:

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Team and Organization Data

When you join or create a team/organization on homepage.dev:

  • Team admins can view member activity and shared content
  • Shared homepages and content are accessible to all team members with permissions
  • Your presence status (online/offline) is visible to team members during active sessions
  • Organization owners can manage member access and permissions

Data Security

We protect your data through:

  • End-to-end encryption for data transmission (HTTPS/TLS)
  • Secure authentication via Clerk with industry-standard protocols
  • Regular security audits and vulnerability assessments
  • Access controls and role-based permissions
  • Automated backups and disaster recovery procedures
  • Error monitoring and security incident detection via Sentry

While we implement strong security measures, no system is completely secure. We encourage you to use strong passwords and enable two-factor authentication when available.

Your Rights and Controls

You have the right to:

  • Access: View and download all your personal data and content
  • Correct: Update your account information and profile settings
  • Delete: Request deletion of your account and all associated data
  • Export: Download your data in JSON format for portability
  • Restrict: Limit how we process your data
  • Object: Opt out of certain data processing activities
  • Withdraw Consent: Revoke permissions at any time

To exercise these rights, visit your account settings or contact us at privacy@homepage.dev.

Data Retention

We retain your data:

  • Active Accounts: As long as your account remains active
  • Deleted Accounts: 30 days grace period before permanent deletion
  • Legal Requirements: As required by law or regulatory obligations
  • Backups: Up to 90 days in secure backups for disaster recovery

You can permanently delete your account and all data at any time through your account settings.

International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. We ensure these transfers comply with GDPR and other applicable data protection laws through appropriate safeguards.

Standard Contractual Clauses (SCCs)

We have implemented the European Commission's Standard Contractual Clauses (SCCs) with all our US-based and international data processors. SCCs are legally binding contracts that ensure your data receives the same level of protection when transferred outside the EU/EEA as it does within it.

Our SCCs cover the following service providers:

  • Clerk (Authentication & User Management): Data Processing Agreement with SCCs in place for EU-US data transfers. Clerk maintains SOC 2 Type II compliance and adheres to the EU-US Data Privacy Framework.
  • Convex (Real-Time Database): Data Processing Agreement with SCCs in place. Data is processed in secure US data centers with encryption at rest and in transit.
  • Sentry (Error Monitoring): Data Processing Agreement with SCCs in place. Sentry is EU-US Data Privacy Framework certified and maintains ISO 27001 certification.
  • Vercel (Hosting & CDN): Data Processing Agreement with SCCs in place. Vercel maintains SOC 2 Type II compliance and processes data in accordance with GDPR requirements.

All our data processors have undergone security and compliance assessments to ensure they meet GDPR standards. We regularly review these arrangements to ensure continued compliance with data protection laws.

You have the right to request copies of the relevant SCCs and Data Processing Agreements. Please contact us at privacy@homepage.dev for more information about our international data transfer safeguards.

GDPR & CCPA Compliance

For residents of the EU/EEA and California, we provide additional rights:

  • Right to know what personal information is collected and how it's used
  • Right to request deletion of personal information
  • Right to opt-out of the sale of personal information (we don't sell your data)
  • Right to non-discrimination for exercising privacy rights
  • Right to data portability in machine-readable format

Children's Privacy

homepage.dev is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

We Value Your Privacy

We use cookies to enhance your experience, analyze site traffic, and provide personalized content. By clicking "Accept All", you consent to our use of cookies. You can customize your preferences or learn more in our Privacy Policy.

GDPR & ePrivacy Compliant