Last updated: March 2026

Privacy Policy

Name: Domera
Rating: 4.8 (127 reviews)
Author: Domera

Your privacy matters. Here's how we handle your data.

1. Data Controller

Domera ("we", "us"), operated from the United Kingdom, is the data controller for personal data processed through the Platform. We comply with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR). For any privacy-related questions, contact us at privacy@domera.com.

2. Data We Collect

We collect the following personal data:

Account data: Name, email address, phone number, and password hash when you register.

Building data: Building address, apartment numbers, sizes, ownership shares, and resident contact details entered by building managers.

Financial data: Billing amounts, payment status, and payment method. Card details are processed directly by Stripe and never stored on our servers.

Usage data: Login timestamps, pages visited, and feature usage for improving the service.

Communications: Votes cast, maintenance requests, and noticeboard posts within the Platform.

3. Legal Basis for Processing (GDPR Art. 6)

Contract performance (Art. 6(1)(b)): Processing necessary to provide the building management service you signed up for.

Legitimate interest (Art. 6(1)(f)): Service improvement, security, and fraud prevention.

Legal obligation (Art. 6(1)(c)): Compliance with financial regulations and tax obligations.

Consent (Art. 6(1)(a)): Optional email notifications — you can opt out at any time.

4. Data Sharing

We share personal data with the following processors:

Supabase (Database): Hosted in EU (Frankfurt). Stores all platform data.

Stripe (Payments): Processes card payments. Subject to Stripe's privacy policy.

Resend (Email): Sends transactional emails (payment reminders, notifications).

Vercel (Hosting): Hosts the web application.

We do not sell personal data. We do not share data with advertisers. All sub-processors are GDPR compliant with appropriate data processing agreements in place.

5. Within Your Building

Building managers can see apartment details, payment status, and contact information for all residents in their building. Residents can see the building directory (names, phone numbers, emails) and shared financial information (reserve balance, expenses). Votes cast are recorded with apartment identification for legal compliance.

This data sharing is necessary for the legitimate purpose of building management and is consistent with the legal obligations of co-ownership.

6. Data Retention

Account data: Retained while your account is active.

Financial records: Retained for 7 years after the last transaction (legal requirement).

Account deletion: Personal data removed within 30 days, except where retention is legally required.

Building data: Retained as long as the building is active on the Platform.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

Access your personal data

Rectify inaccurate data

Erase your data ("right to be forgotten")

Restrict processing

Data portability (export in machine-readable format)

Object to processing based on legitimate interest

Withdraw consent at any time

To exercise these rights, contact privacy@domera.com. We will respond within 30 days.

8. Data Security

We use industry-standard security measures including encrypted data transmission (TLS), encrypted data at rest, row-level security policies in our database, and regular security audits. Card payment data is handled entirely by Stripe (PCI DSS Level 1 certified) and never touches our servers.

9. International Transfers

Data is primarily stored in the EU. Where data is processed outside the EU (e.g., by Vercel's global CDN), appropriate safeguards are in place including Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority. For the UK, this is the Information Commissioner's Office (ICO). EU users may contact their national data protection authority — a full list is available at edpb.europa.eu.

11. Changes

We will notify you of material changes to this policy via email or in-app notification at least 30 days before they take effect.