We’re serious about security. Just as you protect your possessions in your home, we do the same for the data in your home's online profile.

dog house

Keeping it simple…

We’ve all seen Privacy Policy and Terms of Use of use. But, whilst essential, they can be a bit difficult to understand. So we’ve created this page to answer the questions you may have about our service. Let’s start off with a big bold statement:

“The security of your data and the protection and retention of your trust is our absolute priority. We will always work hard to show that we deserve your trust.”

Will you sell my data?

NO!!! As we mention on our ‘about us’ page, our founders really are normal people, the type of people that hated the banks for the mess they got us into and that can’t stand companies who deceive their users. So the last thing we would want to do is sell your data, as that trust and the very fabric of our mission would be irreparably damaged.

Do you share my data?

Only in the way that makes our website function, never to people you wouldn’t want us to. Here’s quick analogy, we all love a good analogy….

Think of it as your car sharing fuel with the engine. It’s essential for it to work and you don’t mind at all. But if someone started syphoning your fuel and sharing it with someone else, then you would be pretty annoyed.

All websites share data in one way or another but we’re probably the first company to explain, in simple terms, what that means. It’s nothing sinister and we do not share it with people or businesses that do not facilitate some function or feature on our platform. Here’s an example. When you upload, let’s say, an insurance certificate that you want to store in your profile, it gets encrypted and stored on highly secure servers. These are owned by Amazon Web Services (yes, that Amazon). AWS is by far the largest and most secure cloud computing company in the world. The fact that our website is ‘hosted’ on AWS is a very good thing and the term sharing comes from us sharing your stored document to these very, VERY secure servers. All the biggest and best tech companies in the world use cloud computing services to operate their website – this is the good definition of sharing. The bad definition is sharing your info with 3rd parties that you would not want us to. (Cambridge Analytica ring any bells….naughty facebook) WE WILL NEVER DO THAT!

Is it secure? I could end up with a lot of my info stored in my property profile after all.

VERY. Here are some facts to get us started:

1. We are Certified by the Information Commissioners Office. That means personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –

(a) at least one of the conditions in Schedule 2 is met, and

(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

Personal data shall be accurate and, where necessary, kept up to date.

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Personal data shall be processed in accordance with the rights of data subjects under this Act.

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

2. We use TLS encryption when communicating your information to our servers. What does this mean? That any info you add to Habiplace is encrypted (very secure) and then stored on our servers (more on them in point 3).

3. We use Amazon Web Services (AWS) data centres to store our data. AWS data centres have electronic surveillance, multi-factor access control and they are staffed 24×7 by security guards. We mentioned these in the data sharing section above. This is by far the best way to secure your data.

Back to simple terms, if you think about where your information is stored on the web at present. It’s a bit all over the place. Insurance certificates and other important documents are often left rattling around in an email inbox or you might keep them on your hard drive. But both of these are teeming with spam emails and potential phishing scams or viruses. When you store information in your property profile. Only you can access it. It is encrypted. And it is bundled together and easy to manage. Our platform is very secure and as new technologies evolve, so will we. We will always have the security of your information at the forefront of everything we do.

But what about GDPR, everyone’s talking about GDPR?!

Our platform conforms with GDPR so you have nothing to worry about. Did you know that some companies have now stopped operating in the EU because of these Data Laws?? What does that tell you about the industry? We work very differently. Your property profile does contain data, and we work tirelessly to ensure that data is secure and also yours, not sold to the highest bidder.

Are you really any different to other companies?

Yes, we really believe so. For too long we watched different ‘user-centric’ businesses launch and end up being no different to the ones that came before. We strive to be different and hope you will join us in making the property market work better for all of us.

Authentication – for user authentication JWT (Json Web Token) is used. https://jwt.io/introduction/# , JWT’s main strength is handling user authentication in a stateless, and therefore scalable, way, while keeping everything secure with up-to-date cryptography standards.

Secured Encrypted Communication – on top of all communication between our app.homible.com and backend service TLS is used, Transport Layer Security is a protocol that provides privacy and data integrity between two communicating applications. https://en.wikipedia.org/wiki/Transport_Layer_Security

Access Control – further improving security, only the user will have access to his personal data. Users cannot retrieve other users data as everything is validated on the backend of our website to check that user request has sufficient rights to access requested resources.

Validation – every request to our backend is validated so no invalid structured data can be inserted to our system.

REST API – API will be done by REST api standards: https://en.wikipedia.org/wiki/Representational_state_transfer

Storing Documents – each document that is stored is encrypted and only private/public key combination can decrypt it.

Storing Sync Passwords: every password is encrypted before storing it to our DB, so no one can use it without decryption