Privacy Policy

How Hasset collects, uses, and protects your personal information.

Effective date
April 5, 2026
Last updated
April 8, 2026
Applies to
Hasset iOS & Android apps, hasset.io
Contact
privacy@hasset.io
01

Who We Are

Hasset is a household asset and maintenance management application. This Privacy Policy applies to the Hasset mobile application (available on iOS and Android) and the website at hasset.io.

For privacy-related questions or requests, please contact us at privacy@hasset.io.

If you are located in the European Union or European Economic Area, this policy fulfils our obligations under the General Data Protection Regulation (GDPR). You have specific rights described in Section 8 below.

02

Data We Collect

We collect only the data necessary to provide the Hasset service.

Account data

  • Email address (required for account creation)
  • Password (stored as a secure hash; we never store your plain-text password)

Household data you enter

  • Asset details: brand, model, serial number, purchase date, purchase cost, warranty expiry, notes
  • Maintenance tasks: name, frequency, due dates, completion history
  • Cost records: amounts, dates, categories, descriptions
  • Contractor details: name, phone number, category, notes
  • Property names (Landlord tier)

Files and media you upload

  • Asset photos (taken with camera or selected from gallery)
  • Receipt and invoice documents (PDF, JPG, PNG)
  • Appliance label images submitted for AI scanning

Device and usage data

  • Website analytics data on hasset.io, such as page views, approximate location, browser/device information, and on-site interactions, collected via Google Analytics only after you consent to analytics cookies
  • Push notification token (to deliver maintenance reminders)
  • Device type (iOS / Android), used for push notification routing
  • AI scan usage count per month (to enforce your tier limits)
  • IP address (used temporarily for rate-limiting the AI scan feature; not stored permanently against your profile)

Payment data

Hasset uses RevenueCat to manage subscriptions. Payment card details are processed by Apple (App Store) or Google (Play Store) directly and are never transmitted to or stored by Hasset. RevenueCat provides us with subscription status only (tier level, renewal date, entitlements).

We do not collect: location data, contacts, browsing history, advertising identifiers, or any data unrelated to managing your household assets.
03

How We Use Your Data

PurposeLegal basis (GDPR)
Providing the app: storing and displaying your assets, tasks, costs, and contractorsPerformance of contract
Sending maintenance reminders and warranty expiry push notificationsPerformance of contract
AI label scanning: analysing appliance label images to extract asset informationPerformance of contract
Enforcing tier limits (asset count, monthly scan quota)Performance of contract
Managing your subscription via RevenueCatPerformance of contract
Preventing abuse: IP-based and global rate limiting on the AI scan featureLegitimate interest
Improving the service: aggregated, anonymised scan analytics (most scanned brands, categories)Legitimate interest
Measuring website traffic and page performance through Google Analytics on hasset.ioConsent
Responding to support or privacy requestsLegitimate interest
Complying with legal obligationsLegal obligation

We do not use your data for advertising. We do not sell your data to any third party.

04

Third-Party Services

Hasset relies on the following third-party services to operate. Each acts as a data processor under our instruction.

Google Analytics is used only on the hasset.io website and only after the visitor has granted consent to analytics cookies. The mobile apps do not include Google Analytics, and website visitors can revisit their choice at any time using the Cookie Settings link in the footer.

ServicePurposeData shared
SupabaseCloud database, authentication, and file storageAll app data (encrypted in transit and at rest)
AnthropicAI label scanning (Claude API)Appliance label images only - see Section 5
RevenueCatSubscription managementApp User ID, subscription status
Google AnalyticsWebsite traffic measurement and page performance analyticsWebsite usage data such as page views, approximate location, browser/device data, and interactions on hasset.io after consent
Expo / Expo PushPush notification deliveryDevice push token, notification payload
Apple App StoreiOS app distribution and in-app purchasesGoverned by Apple's Privacy Policy
Google Play StoreAndroid app distribution and in-app purchasesGoverned by Google's Privacy Policy

We do not integrate advertising networks or social media trackers into the Hasset website or apps. The mobile apps do not include analytics SDKs, and the website uses Google Analytics only with consent.

05

AI Label Scanning

Hasset includes an optional feature that lets you photograph an appliance label. The image is sent to Anthropic's Claude API to extract the brand, model, serial number, category, and subcategory of the appliance.

What happens to the image

  • The image is transmitted securely (HTTPS) from your device to our server-side function.
  • Our server sends the image to Anthropic's API for processing.
  • The image is not stored by Hasset after the scan completes.
  • Anthropic processes the image under their own API terms and privacy policy. Anthropic does not use API inputs to train their models by default.

Scan limits and usage logging

We log the number of scans you perform each month (count only, not the images themselves) to enforce your tier's monthly scan quota. Aggregated scan analytics (brands, categories) are retained for service improvement.

The AI scan feature is entirely optional. You can add assets manually at any time without submitting any image.
06

Data Storage & Security

All Hasset data is stored on Supabase infrastructure. Supabase uses PostgreSQL databases hosted on AWS with encryption at rest (AES-256) and encryption in transit (TLS 1.2+).

Access to your data is enforced by Row-Level Security (RLS) policies at the database level, meaning each user can only access their own records - even if a programming error occurred in the application layer.

Files you upload (photos, receipts) are stored in Supabase Storage, which is also encrypted at rest and served over HTTPS.

While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We encourage you to use a strong, unique password for your Hasset account.

07

Data Retention

We retain your data for as long as your account is active and for a reasonable period afterwards to allow account recovery.

  • Active account: all data is retained and accessible to you.
  • Account deletion: when you delete your account through the app, all your personal data - including assets, tasks, costs, contractors, files, and push tokens - is permanently deleted from our systems within 30 days.
  • Scan usage records: aggregated and anonymised scan analytics may be retained beyond account deletion, but these contain no personally identifiable information.
08

Your Rights

If you are in the European Union, European Economic Area, or United Kingdom, you have the following rights under GDPR:

Right of access

You can request a copy of all personal data we hold about you.

Right to rectification

You can correct inaccurate data at any time directly within the app.

Right to erasure ("right to be forgotten")

You can delete your account and all associated data from within the app (Account Settings -> Delete Account). This triggers permanent deletion of all your personal data.

Right to data portability

You can export all your household data as a CSV file from within the app (Account Settings -> Export My Data).

Right to object / restrict processing

You can object to or request restriction of processing for purposes based on legitimate interest. Contact us at privacy@hasset.io.

Right to withdraw consent

Where processing is based on consent (for example, push notifications or website analytics cookies), you can withdraw consent at any time through your device notification settings or the Cookie Settings link on hasset.io.

Right to lodge a complaint

You have the right to lodge a complaint with your national data protection authority. In Lithuania, this is the State Data Protection Inspectorate (VDAI).

To exercise any right not available directly in the app, email privacy@hasset.io. We will respond within 30 days.
09

Children's Privacy

Hasset is designed for adults and is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us at privacy@hasset.io and we will delete it promptly.

10

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by email before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent version.

Continued use of Hasset after the effective date of a revised policy constitutes your acceptance of the changes.

11

Contact Us

For any privacy-related questions, requests, or complaints, please reach out to us:

Hasset — hasset.io

privacy@hasset.io