Privacy Policy

Last updated: May 2026

We take your privacy seriously. This policy explains what data Roomie collects, how we use it, and your rights under UK GDPR.

1. Who we are

Roomie is an AI-powered room-finding service operating at roomieapp.co.uk, currently serving the Oxford rental market. For the purposes of UK data protection law, we are the data controller for personal information collected through this service.

For privacy-related questions, contact us at: hello@roomieapp.co.uk

2. What information we collect

When you use Roomie, we collect the following information through our conversational onboarding process:

Identity information: Your first name
Contact information: Your email address
Housing preferences: Budget, move-in date, preferred location, tenancy length, property type
Lifestyle information: Sleep schedule, noise preferences, cleanliness standards, social preferences, cooking habits, guest policy
Soft criteria: Pet ownership or allergies, working from home requirements, deal-breakers
Conversation history: The full transcript of your onboarding conversation with Roomie

We do not collect financial information, government identification, or payment details.

3. How we use your information

We use your personal information for the following purposes:

Matching: To match your profile against available Oxford room listings and identify suitable properties
Alerts: To send you email notifications when a room matching your criteria becomes available
Housemate compatibility: To assess compatibility between you and other tenants interested in the same property
Service improvement: To improve Roomie's conversation quality and matching accuracy

We do not use your information for advertising, and we do not sell your data to third parties.

4. Legal basis for processing

Under UK GDPR, we process your personal data on the following legal bases:

Consent: You provide information voluntarily through the onboarding conversation
Legitimate interests: To provide and improve our room-matching service
Contract performance: To deliver the alerts and matching service you have requested

5. Who we share your data with

We use the following trusted third-party services to operate Roomie:

Anthropic (Claude API): Your conversation messages are processed by Anthropic's AI models to power the Roomie conversation. Anthropic's privacy policy applies to this processing.
Supabase: Your profile data is stored in a Supabase-hosted database in the EU (Ireland region)
Resend: Your email address is used by Resend to deliver alert emails to you
Railway: Our application is hosted on Railway's servers

We do not share your personal information with landlords, letting agents, or any other third parties without your explicit consent.

6. Data retention

We retain your profile information for as long as you are actively using Roomie's matching service. If you have not received or engaged with a match alert for 12 months, we may delete your profile. You can request deletion at any time by emailing hello@roomieapp.co.uk.

7. Your rights under UK GDPR

You have the following rights regarding your personal data:

Right of access: Request a copy of the personal data we hold about you
Right to rectification: Ask us to correct inaccurate data
Right to erasure: Ask us to delete your personal data
Right to restriction: Ask us to stop processing your data in certain ways
Right to data portability: Receive your data in a machine-readable format
Right to object: Object to our processing of your data

To exercise any of these rights, email us at hello@roomieapp.co.uk. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

Roomie does not use tracking cookies or advertising cookies. We use only essential session data to maintain your conversation state during an active session.

9. Security

We take reasonable technical and organisational measures to protect your personal data, including encrypted data transmission (HTTPS), access controls on our database, and using reputable EU-based infrastructure providers.

10. Changes to this policy

We may update this privacy policy from time to time. We will notify active users of material changes by email. The "last updated" date at the top of this page reflects the most recent revision.