Who we are
Home2 is a short-let marketplace operated by Home2 Ltd, a company registered in [jurisdiction of incorporation] under company number [company registration number], with its registered office at [registered office address].
For the purposes of UK GDPR, the UK Data Protection Act 2018, and the Nigeria Data Protection Act 2023, Home2 Ltd is the data controller for the personal data described in this policy. That means we decide what data is collected and why, and we’re accountable for it.
If you have any question about this policy, contact us at privacy@home2.app. Our data protection contact is [DPO or privacy contact, if appointed].
What we collect
We collect only what we need to run bookings, payments and trust between guests and hosts. Here is the whole list.
| Data | Why we need it |
|---|---|
Account details Your name, email address and phone number. | To create your account, sign you in, and verify your phone by one-time code. |
Identity documents Government ID and related checks, if you host or are asked to verify. | To confirm hosts are real people — the "verified" badge guests rely on — and to meet anti-fraud obligations. |
Booking and stay history Properties you book, dates, guest counts, and cancellations. | To run your bookings and show your trips. |
Payment details Card and payment data is entered directly into our payment providers and tokenised by them. We never see or store your full card number. For hosts, we store only the last 4 digits of your payout account. | To take payment for bookings and pay hosts out. |
Messages, reviews and photos Messages you send hosts or guests, reviews you write, and photos you upload to listings. | To let guests and hosts communicate, and to show reviews and listings. |
Device push token An anonymous identifier for your device, only if you allow notifications. | To send booking and payment notifications. Deny the permission and we never receive it. |
Technical logs IP address, device/browser type, and timestamps of requests to our servers. | To keep the service secure, debug faults, and detect abuse. |
What we don't collect
Just as importantly, here is what we do not do:
- We don’t track your location. The Home2 app does not read your device’s GPS or location at all. When you search a city, we match on the text you typed.
- We don’t run third-party analytics or advertising trackers. There are no ad networks, no advertising identifiers, and no cross-app tracking in the Home2 app.
- We don’t sell your personal data, and we don’t share it with marketing partners.
- We never store your full card number. It goes directly to our payment provider and we only ever receive a token and the last 4 digits.
Why we use your data
Data protection law requires us to have a lawful basis for each use. Ours are:
- To perform our contract with you — creating your account, taking payment, confirming bookings, paying hosts out, and passing a guest’s address to the host they booked with.
- To meet legal obligations — identity checks, tax and accounting records, and responding to lawful requests.
- For our legitimate interests — keeping the platform secure, preventing fraud, mediating disputes, and improving the service. We balance these against your rights.
- With your consent — push notifications, and any marketing email. You can withdraw consent at any time.
Where your data is stored
Home2 operates in Nigeria and the United Kingdom, so your data may be transferred between them and to our providers in the United States and the European Union.
Where data leaves the UK or Nigeria, we rely on approved safeguards — such as the UK International Data Transfer Agreement or Addendum, and the European Commission’s Standard Contractual Clauses — so it stays protected to the same standard. [Confirm the exact transfer mechanism and hosting regions with counsel]
How long we keep it
We keep personal data only as long as we have a reason to:
- Your account data — for as long as your account is open, and for a limited period afterwards while any dispute or refund window is still open.
- Booking and payment records — for as long as tax and accounting law requires us to keep them, typically six years, even after you close your account.
- Identity documents — [Confirm the real KYC retention period and implement it before publishing]
- Messages and reviews — reviews stay published after an account closes, but are disassociated from your name.
Your rights
You can ask us to:
- Give you a copy of the personal data we hold about you.
- Correct anything that’s wrong or out of date.
- Delete your data — see the next section.
- Restrict or object to how we use it, including any direct marketing.
- Port your data to another service in a machine-readable format.
- Withdraw consent at any time, where consent is what we relied on.
Email privacy@home2.app and we’ll respond within one month. These rights are free to exercise.
If you think we’ve got it wrong, you can complain to your data protection regulator — the Information Commissioner’s Office in the UK, or the Nigeria Data Protection Commission in Nigeria. We’d rather you told us first so we can fix it.
Deleting your account
You can ask us to delete your Home2 account and the personal data attached to it at any time.
Request account deletion here, or from the app under Profile → Privacy → Request deletion of all data.
We’ll delete your account details, messages, saved properties and device tokens. We’ll keep booking and payment records where tax and accounting law requires it, and reviews you wrote stay up but stop being linked to your name. Full details, including timescales, are on the deletion request page.
How we protect your data
Data is encrypted in transit. Access to production systems is limited to staff who need it. Payment card data never touches our servers — it goes straight to Stripe or Paystack, who are PCI-DSS certified. Host payout account numbers are held by the payment provider; we keep only the last 4 digits.
No system is perfectly secure, and we won’t pretend otherwise. If a breach affects your rights, we’ll tell you and the relevant regulator as the law requires.
Children's privacy
Home2 is not for children. You must be at least 18 to create an account, and we don’t knowingly collect data from anyone under 18. If you believe a child has given us personal data, email privacy@home2.app and we’ll delete it.
Changes to this policy
If we change how we use your data, we’ll update this page and move the effective date at the top. If the change is significant, we’ll tell you by email or in the app before it takes effect — we won’t make a material change quietly.
Contact us
Privacy questions, requests, or complaints:
For anything else — a booking, a refund, a problem with a stay — contact support@home2.app.
