Heimer
Back to home

Privacy Policy

Last updated: 2026-06-01

This Privacy Policy explains what Heimer collects, how we use it, and the rights you have over your data. It applies to the Heimer website and web application at heimerapp.com, the Heimer mobile apps for iPhone and Android, the Heimer API, and any related services (together, the "Service"). Heimer is operated by Väder AB, a company registered in Sweden ("Heimer," "we," "us," or "our"). Väder AB is the data controller for the personal data described in this policy.

We are based in the EU and we process personal data in line with the EU General Data Protection Regulation (GDPR) and applicable Swedish law. If you have any questions, email us at [email protected].

  1. 01

    Who we are

    Heimer is a property analysis tool for home buyers. You paste the link to a property listing, and Heimer extracts the key facts, scores the property, and generates an analysis covering risks, positives, and next steps, so you can decide whether a home is worth pursuing. Heimer is operated by Väder AB, a Swedish limited company with its registered office in Stockholm, Sweden.

    For the purposes of GDPR, Väder AB is the data controller for your personal data.

  2. 02

    Information you give us

    You provide us with information directly when you use Heimer:

    • Account. Your email address and an optional display name. Used to sign you in, to save your property portfolio to your account, and to contact you about the Service.
    • Sign-in identifiers. If you sign in with Apple or with Google, the provider returns a stable identifier and, if you allow it, your name and email. We store only what we need to keep you signed in.
    • Listings you submit. The property listing URLs you paste for analysis, and the property data we extract from them (price, fees, area, year built, condition notes, association finances, and similar fields).
    • Your notes and ratings. The verdicts you give a property, your written notes, and the room-by-room inspection checklists and observations you record.
    • Photos. Photos you upload for a property from your camera or photo library. Stored with our infrastructure provider and served through a CDN.
    • Preferences and household. Your budget, buying preferences, household details, and any shared portfolio you set up with a partner.
    • Chat messages. Questions you ask the in-app assistant about a property, and the conversation history we keep so the assistant has context.
    • Support messages. Email you send to [email protected] and any attached context.
  3. 03

    Information we collect automatically

    When you use Heimer we automatically collect some technical and usage information:

    • Product analytics (PostHog). We use PostHog (EU-hosted, eu.i.posthog.com) to log product events such as pages viewed, analyses run, properties saved, and subscription events. When you are signed in, these events are linked to your account ID and subscription tier so we can understand how the product is used. We do not send your private notes, your photo content, or your assistant conversations to PostHog. We do not use advertising SDKs, data brokers, or cross-app advertising trackers.
    • Technical logs. IP address, user agent, request path, response code, and timestamps, used for security, rate limiting, abuse prevention, and debugging. Logs are kept for a limited rolling window.
    • Device and app diagnostics (Sentry). Crash reports, performance traces, and anonymous diagnostics used to fix bugs. When you are signed in, errors are tagged with your account ID and subscription tier so we can investigate user-specific issues. Free-text payloads (notes, messages) are scrubbed before being sent.
    • Subscription status (RevenueCat). Whether you have an active subscription, which plan, and when it renews or expires. Managed through our subscription provider and the platform or checkout used for purchase.
  4. 04

    How property analysis works

    Heimer is an AI-assisted tool, and we want you to understand exactly what happens when you run an analysis.

    • When you submit a listing URL, our server fetches the public listing page. For pages that need a full browser to render, we use a third-party rendering service (Browserless) to load the page and return its content.
    • We send the relevant text and image references from the listing to Anthropic's Claude API to extract structured property facts and to generate the score, the written analysis, and the suggested broker questions.
    • The analysis is produced by an AI model and is intended as one input into your own decision, not as professional advice. See our Terms of Service for the limits of what the analysis is.
    • The extracted data, score, and analysis are stored against your account so you can revisit them and build your portfolio.
    • We do not use your data, your notes, or your listings to train artificial intelligence or machine learning models, and our AI processors are contractually prohibited from training on the content we send them.
  5. 05

    What we do not collect

    We do not run advertising trackers, fingerprinting scripts, session replay tools, or behavioural advertising SDKs. We do not track your location in the background. We do not read your contacts, your calendar, or your microphone. We do not sell your data, and we do not share your data with data brokers. We do not use your content to train artificial intelligence or machine learning models, and we do not grant that right to any of our processors.

  6. 06

    How we use your information

    We use the information we collect to:

    • provide, maintain, and improve the Service, including extraction, scoring, analysis, your portfolio, inspections, and the assistant;
    • authenticate you and keep your account secure;
    • save your analyses, notes, ratings, and preferences to your account;
    • send you transactional email (account verification, password resets, and your optional weekly summary), and respond to support requests;
    • detect, prevent, and investigate fraud, abuse, and security incidents;
    • comply with legal obligations, such as tax and accounting laws.
  7. 07

    Legal bases (GDPR)

    We process your personal data on the following legal bases:

    • Performance of a contract. To provide the Service you asked us to provide, including running analyses, saving your portfolio, and operating the assistant.
    • Legitimate interests. To secure the Service, prevent abuse, bill for paid plans, improve features, respond to support, and run product analytics. You can object to legitimate-interests processing under GDPR Article 21.
    • Consent. For device permissions such as photos or camera on iOS and Android, and for any processing where we ask you to opt in explicitly (for example, marketing emails). You can withdraw consent at any time from the app settings or your device settings.
    • Legal obligation. To comply with tax, accounting, and other mandatory legal requirements.
  8. 08

    Property listing data and third-party sources

    The property data Heimer analyses comes from public listing pages that you choose to submit (for example, listings on Hemnet, Booli, Rightmove, Finn, Zillow, or an estate agent's own site). Heimer processes this data on your behalf to produce your analysis. The underlying listing content, including listing photos, belongs to the original publishers and is subject to their own terms.

    Listings can contain errors, and AI extraction can misread or miss information. We indicate when data is missing or uncertain, and you can correct extracted fields yourself. The analysis reflects the data available at the time you run it and may not stay current.

  9. 09

    Categories of processors

    We rely on a small number of trusted sub-processors to run the Service. Each of them is bound by a data processing agreement or equivalent terms that restrict how they can use your data.

    • Infrastructure and hosting (Cloudflare, Neon). API runtime, website, database, object storage, CDN, queues, rate limiting, security, and transactional email delivery.
    • Page rendering (Browserless). Headless browser rendering used to load listing pages that require JavaScript before extraction.
    • AI analysis (Anthropic). Extraction, scoring input, written analysis, broker questions, and the in-app assistant, via the Claude API. Contractually prohibited from training on the content we send.
    • Platform services (Apple, Google, Expo). Apple and Google sign-in, app stores, payments, push notifications, and mobile app runtime and update infrastructure.
    • Payments and subscriptions (Stripe, RevenueCat). Web checkout and one-time purchases (Stripe); mobile subscription state, receipts, and purchase history (RevenueCat). Paired with the Apple App Store and Google Play for mobile billing.
    • Product analytics (PostHog EU). Usage analytics linked to your account ID and subscription tier as described in Section 03.
    • Diagnostics (Sentry). Crash reports and error diagnostics with PII scrubbing applied to free-text payloads.

    We may change sub-processors from time to time. Material changes will be reflected here. If you need an up-to-date vendor list for a procurement process, email [email protected].

  10. 10

    International data transfers

    Some of the processors described above are based in, or transfer data to, countries outside the European Economic Area, including the United States. Where personal data is transferred outside the EU/EEA, we rely on appropriate safeguards, in most cases the European Commission's Standard Contractual Clauses, supplemented by additional technical and organisational measures such as encryption in transit and at rest, or on an adequacy decision by the European Commission. You can request a copy of the transfer safeguards by contacting [email protected].

  11. 11

    Cookies, local storage, and similar technologies

    Heimer uses local storage and small token files on your device to operate the Service. We do not use third-party advertising cookies or cross-site trackers.

    • Session and authentication storage. On the web app, we store access and refresh tokens in your browser so you stay signed in across page reloads. In the mobile app, the same tokens are stored in platform secure storage (iOS Keychain / Android Keystore).
    • Preference and cache storage. We store small amounts of data on your device, such as your selected language, theme, and a cached copy of recent responses, so the app loads quickly. Most of this is in device storage on mobile and local storage on web.
    • Analytics storage. PostHog stores a small anonymous identifier so events from the same browser or install can be grouped. We do not use any persistent advertising identifier.

    You can clear local storage and cookies at any time from your browser settings or by deleting the app. Doing so will sign you out and remove cached data; your account on our servers is not affected.

  12. 12

    Security

    We take the confidentiality and integrity of your data seriously. Technical and organisational measures include:

    • encryption in transit (HTTPS/TLS) for all application and API traffic;
    • encryption at rest for secrets and credentials;
    • short-lived access tokens and rotating refresh tokens;
    • scoped database roles and the principle of least privilege for internal tooling;
    • access controls, audit logs, and regular dependency updates.

    No system is perfectly secure. If you discover a vulnerability, please report it to [email protected] and we will respond as quickly as we can.

  13. 13

    Data retention

    We retain personal data for as long as your account is active and for a limited period afterwards, so you can recover data you deleted by mistake and so we can meet our legal obligations. Specifically:

    • Account, properties, analyses, notes, inspections, and photos are retained while your account is open. On deletion, content is removed from the live database and object storage within a reasonable period; encrypted backups are rotated out on a rolling schedule.
    • Product analytics are retained for a limited period with your account linked, after which the link to your account is removed and only anonymous aggregate data is kept.
    • Technical and security logs are retained for a short rolling window (typically up to 30 days) for debugging and abuse prevention.
    • Billing records are retained for as long as required by Swedish tax and accounting law (normally seven years after the end of the financial year).
  14. 14

    Your rights

    Under GDPR and comparable laws in other jurisdictions, you have the right to:

    • access the personal data we hold about you;
    • request correction of inaccurate data;
    • request deletion of your personal data (the "right to be forgotten");
    • request restriction of processing, or object to processing based on legitimate interests;
    • request data portability in a common, machine-readable format;
    • withdraw consent for processing based on consent, at any time;
    • lodge a complaint with your local data protection authority. In Sweden, that is Integritetsskyddsmyndigheten (IMY).

    You can export your data at any time from the app settings, which downloads a machine-readable copy of your account, properties, analyses, inspections, notes, and conversations. To exercise any other right, email [email protected] from the address on your account. We will respond within 30 days as required by GDPR.

  15. 15

    Account and data deletion

    You can delete your account at any time from the app settings. Step-by-step instructions are at heimerapp.com/privacy/data-deletion.

    When you delete your account, we permanently remove your personal data:

    • your email address, display name, and linked Apple or Google identifiers are deleted from our database;
    • your saved properties, analyses, notes, verdicts, inspections, preferences, and assistant conversations are deleted;
    • your uploaded photos are deleted from our object storage.

    You are signed out on every device and active sessions are revoked. Deletion is immediate and cannot be undone, so export your data first if you want to keep a copy.

    Subscriptions are billed by Apple or Google, not by Heimer. Deleting your Heimer account does not cancel any active App Store or Google Play subscription. To cancel a subscription, manage it in your Apple ID subscriptions or your Google Play subscriptions. Web subscriptions can be cancelled from the customer portal linked in your account.

    Backups and legal obligations. Encrypted database backups are rotated on a rolling schedule and remaining copies are overwritten within that cycle. Billing records that we are legally required to retain under Swedish accounting law are kept for the period required by law.

  16. 16

    Mobile app and device permissions

    The Heimer mobile apps for iOS and Android request the following permissions, and only use them for the stated purpose:

    • Camera. Used to take photos of a property from inside the app when you choose to add one.
    • Photo Library (read). Used to import photos you select from your library when you attach them to a property. Only the specific photos you pick are imported; Heimer never reads your library in the background.
    • Push notifications. Used to let you know when an analysis is ready or to send your optional weekly summary. You can turn these off in your device settings.

    Heimer does not use the iOS App Tracking Transparency (ATT) framework for cross-app tracking, and does not include any advertising SDKs.

  17. 17

    Children

    Heimer is intended for adults making property decisions and is not directed at children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact [email protected] so we can remove it.

  18. 18

    Changes to this policy

    We may update this Privacy Policy from time to time. Material changes will be communicated by email or by a notice in the Service, and by updating the date at the top of this page. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

  19. 19

    Contact

    If you have any questions about this policy or about how Heimer handles your data, contact us at [email protected] or by post at:

    Väder AB
    Stockholm, Sweden