Your GDPR rights on DomuHQ

Who DomuHQ is, legally

Data Controller, DomuHq s.r.o., IČO 23641550, Poličanská 1487, 190 16 Praha 21, Újezd nad Lesy, Czech Republic. Privacy and data-protection contact, privacy@domuhq.cz. GDPR-request form, domuhq.cz/gdpr.

Laws we follow

• Regulation (EU) 2016/679, the EU General Data Protection Regulation (GDPR).
• Act No. 110/2019 Coll., the Czech data-protection act.
• Act No. 127/2005 Coll., the Czech ePrivacy act, governs cookies.
• Regulation (EU) 2024/1689, the EU AI Act, governs the AI-based compatibility matching.

Your eight GDPR rights

• Access, get a copy of every piece of personal data we hold on you. Self-serve via Profile, Data and Security, Download my data.
• Rectification, correct anything inaccurate. Self-serve in profile editor for most fields; email privacy@domuhq.cz for fields you cannot edit directly.
• Erasure, delete your data. Self-serve via Delete my account (anonymized within 24 hours, fully purged after 30 days). See [Export or delete your data](/help/export-or-delete-your-data).
• Restriction, ask us to stop processing your data for specific purposes (e.g. marketing) without deleting the account. Use the toggles in Preferences or email privacy@domuhq.cz.
• Objection, object to processing based on legitimate interests, including profiling for matching. Email privacy@domuhq.cz with the specific basis you are objecting to.
• Portability, get a copy of your data in a machine-readable format you can hand to another service. The Download my data flow delivers this as PDF or JSON in-app.
• Withdraw consent, where processing relies on consent (analytics, marketing, biometric verification), withdraw any time. Cookie banner for analytics; Preferences for marketing; email privacy@domuhq.cz for biometric.
• Complain to the regulator, the Czech Office for Personal Data Protection (ÚOOÚ) at uoou.cz.

Automated decision-making and the AI Act

Our compatibility score is generated by an algorithm trained on personality + lifestyle answers. Under GDPR Art. 22, you have the right to information about meaningful logic involved and the right to challenge decisions made entirely by automated processing.

What this means in practice on DomuHQ:

• We do not use AI to make decisions about you that have legal or similarly significant effects. Compatibility scores influence what gets surfaced, they do not determine your access to housing or pricing.
• Final decisions (whether to accept an applicant, whether to connect with a roommate, whether to apply to a listing) are always made by humans, never automatically.
• You can ask us to explain why your score with another user is what it is. Email privacy@domuhq.cz and we will return the dimension-level breakdown.
• You can opt out of being used to train our matching model. Email privacy@domuhq.cz. Your existing matches stay, your data stops feeding future training rounds.

Where your data lives and who processes it

DomuHQ's primary infrastructure runs on Amazon Web Services in the EU, both Frankfurt and Ireland regions, inside the EEA. Backups and secondary services run on Hetzner (EU) and Cloudflare (global edge for cached static content).

We share specific subsets of your data with the following processors for the purposes listed:

• Didit, identity verification (passport/ID + selfie).
• Stripe, payment processing (we never see card details).
• DeepL, in-chat EN ↔ CS translation.
• AWS Bedrock and Rekognition, AI-based matching and content moderation.
• Anthropic, conversational AI (DomuBot, when launched).
• Cloudflare, CDN and edge security.
• DataDog, error and performance monitoring.
• Google Analytics 4, aggregated product analytics (opt-in via cookie banner).
• Mailgun, Sinch, and Bird, transactional email and SMS.
• Mapy.cz, map tiles and geocoding for property locations.
• ČÚZK (Czech Cadastral Registry), property-ownership cross-check for hosts.
• Apple, App Store transactions (iOS in-app purchases).
• Hetzner, secondary EU infrastructure.
• DigiSign, electronic contract signing (planned integration, not yet live).

Each processor is bound by a Data Processing Agreement and only receives the minimum data required for its function. The full list, including their data-processing terms, is on our privacy page.

Complaints

If you believe we have mishandled your data, contact us first at privacy@domuhq.cz, we try to resolve issues directly. If you are not satisfied, you can complain to the Czech Office for Personal Data Protection at uoou.cz, +420 234 665 111, posta@uoou.cz. ÚOOÚ is the competent authority for GDPR in the Czech Republic. You can complain in Czech or English.