Privacy policy

Privacy policy

HomeBenefit OS helps employees prepare for housing decisions through education, calculators, local program discovery, and expert sessions. This policy explains what information is used to run that experience and how employer reporting stays aggregate-only.

Information we collect

We collect information needed to operate the product, secure access, and personalize educational guidance. Depending on how the service is used, that may include account and invite details, organization membership, onboarding responses, readiness outputs, calculator scenarios, content progress, session registrations, and product feedback.

The service is designed around ranges and categories where practical rather than exact financial values. The goal is to help employees plan without turning the product into a lead marketplace or a place for unnecessary personal disclosure.

How information is used

  • - authenticate users and attach them to the right organization
  • - personalize readiness guidance, calculators, and content
  • - support session registration and optional reminders
  • - generate aggregate employer reporting
  • - maintain security, auditing, and operational quality
  • - understand product usage through privacy-conscious analytics

Employer reporting boundaries

Employer admins do not receive employee-level housing profiles, exact calculator inputs, raw session questions, or raw feedback text. Employer-facing views are limited to aggregate metrics, derived themes, and other reporting that is designed to avoid exposing individual participation.

Detailed reporting may be withheld for small cohorts so that early pilot activity does not make individual behavior easier to infer.

Analytics, cookies, and service providers

The product may use cookies, local storage, and privacy-conscious analytics to maintain sessions, support demo mode, save in-progress states, and understand product usage. Analytics events are designed to avoid exact income, savings, debt, credit, or raw freeform note fields.

Depending on deployment, the application may rely on service providers such as Neon for Postgres, Better Auth for authentication and session handling, Resend for email delivery, and analytics tooling such as PostHog when configured by the environment.

Retention, security, and contact

Information is retained for as long as it is needed to operate the service, support employer programs, meet audit and security needs, and resolve legitimate operational issues. Specific retention may vary by deployment and employer arrangement.

We use application access controls, row-level security, and environment-based configuration to reduce unnecessary exposure. No system can guarantee absolute security, so users should avoid submitting information that is not needed for the educational benefit workflow.

Questions about privacy or data handling can be sent through the site contact path. Where applicable law provides access, correction, or deletion rights, requests should include enough context for us to evaluate and route them appropriately.