DefectRPrivacy & Data

Privacy & security

DefectR is built for new-build homeowners walking their plot at completion. Your defect list is sensitive — it can affect a warranty claim, a sale, or a deposit. We treat it that way.

Last updated: 1 May 2026

What we collect — and why

  • Your name, email, and Google profile picture — to identify your account when you sign in.
  • Property details, defect notes, photos, and floorplans — to power the snag-list and report features. We never read or browse them; only you and anyone you explicitly share with do.
  • Stripe payment-receipt metadata (session ID, amount, currency, status, the property the unlock was for) — needed for refund rights, accounting, and dispute resolution. We never see or store your card number, CVV, or expiry. Stripe handles every card field directly.
  • Login session info (browser, IP, time) — for security and to let you sign out from "everywhere" if needed.
  • An audit log of account-level actions (account export, deletion, sign-out-everywhere). Required for incident response and dispute resolution.

What we don't do

  • We don't sell or share your data to advertisers or data brokers.
  • We don't train AI on your photos. The Gemini snag-analysis API is called per-defect, with your prompt only, and the response is cached against that single defect.
  • We don't track you across the web. No third-party trackers, no fingerprinting.
  • We don't store your card number. Stripe Checkout handles everything; we only see "paid / pending / failed".
  • We don't read your magic-link emails or scrape your inbox.

Your rights — and how to use them

Under UK GDPR you have rights over your data. We've baked the three most important ones directly into the app — no email, no waiting, no support ticket. Open your account page and use them whenever you want.

Sign out everywhere

Invalidates every active session on every device — useful if you suspect your Google account was compromised.

Instant

Export your data

Download a full JSON copy of everything we hold against your account. GDPR Article 20.

GDPR Art. 20

Delete your account

Erase your account and every property, defect, and payment record. Cannot be undone. GDPR Article 17.

GDPR Art. 17

Where your data is stored

  • Database — Mongo, hosted on Emergent. Defect records, account info, and audit logs.
  • Object storage — Photos and floorplans, encrypted in transit, served only via authenticated proxy URLs.
  • Email — Magic links and digest emails sent via Resend. We never read responses.
  • Payments — Stripe (PCI-DSS Level 1). We see no card data.
  • AI analysis — Defect title + notes + photo (when present) sent per-request to Google Gemini. Result is cached against the specific defect; never used for training.

Security at a glance

  • HTTPS everywhere. HSTS, strict CSP, X-Frame-Options=DENY, no third-party scripts.
  • Session cookies are httpOnly + Secure + SameSite=Lax.
  • Magic-link tokens are single-use, 15-minute TTL, ~256-bit entropy.
  • Rate limits on share, AI, file proxy, and login endpoints to slow abuse.
  • Image uploads validated by magic bytes — HTML / SVG disguised as "image/jpeg" is rejected.
  • Dependencies scanned weekly via Dependabot; SAST run on every commit via Semgrep.

Questions or concerns?

Email support@defectr.co.uk — we aim to respond within 2 working days. For data-protection requests specifically, please use "DPR" as the subject prefix so your email is routed correctly.