Privacy Policy

We collect three categories of information.

1.1 Information you give us directly

• Account info: name, email address, phone number, company name (for ProPartners), and password (stored only as a salted hash by our authentication provider).
• Project data: project codes, addresses, order details, delivery windows, messages you send to your rep, notes, damage reports, and any photos you upload.
• Feedback you submit via the in-app feedback form.

1.2 Information collected automatically

• Device and session: device type, operating system, browser, app version, IP address, and approximate region.
• Usage: the screens you view, actions you take (e.g. uploading a photo, filing a damage report), and the timestamps of those actions, so we can debug issues and improve the product.
• Push notification tokens issued by Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM), if you grant notification permission. See §5.
• Cookies and local storage: we use cookies to keep you signed in and to remember your preferences. We do not use advertising or cross-site tracking cookies.

1.3 Information from third parties

When a TrulyHome team member creates a project on your behalf, we receive your name, contact details, and project information from them so we can set up your account.

We use information only for these purposes:

• To create your account, sign you in, and verify your identity.
• To deliver the core Service: showing project status, tracking shipments, processing damage reports, routing messages to your rep, and storing the photos and documents associated with your project.
• To send push notifications, emails, and in-app messages about your projects.
• To respond to your feedback, questions, and support requests.
• To detect and prevent fraud, abuse, and security incidents, and to enforce our terms.
• To improve and debug the Service. Aggregated and de-identified usage statistics may be used to understand which features are working.
• To comply with legal obligations (tax, accounting, lawful requests from public authorities).

We do not use your information to build advertising profiles, sell it to data brokers, or train third-party generative AI models on your private project content.

Inside TrulyHome, access is restricted by role (customer, ProPartner, TrulyHome team, Elyon production, admin). Our database enforces row-level security so people only see the projects they are assigned to.

3.1 Project participants

Your project details — including photos and messages — are visible to the people working on the same project: your assigned TrulyHome rep, the ProPartner managing the install, and the Elyon production team building the cabinets. Admins may access your data when investigating an incident or supporting your account.

3.2 Service providers

We use vendors who process information on our behalf under contracts that limit them to providing the Service. Today these include:

• Supabase — authentication, primary database, file storage. Hosts the project data, photos, and messages you create.
• Vercel — application hosting and content delivery.
• Resend — transactional email delivery (sign-in links, project updates).
• Apple Push Notification service / Google Firebase Cloud Messaging — delivery of push notifications to your device.
• Cloudflare Stream — hosting and playback of tutorial videos.
• OpenAI / OpenRouter — powers the in-app AI assistant. See §6.
• Sentry — application error tracking (uses de-identified stack traces).
• Trello — mirror destination for the in-app feedback form, so we can triage what you tell us.

3.3 Legal and safety

We may disclose information when required by law, to respond to lawful requests from public authorities, to protect our rights and property, to enforce our terms, or to prevent harm.

3.4 Business transfers

If TrulyHome is involved in a merger, acquisition, or sale of assets, information may be transferred. We will give you notice (by email or in-app) before your data becomes subject to a different privacy policy.

The TrulyHome mobile app uses your device’s camera and photo library only when you actively choose to attach a photo — for example, when filing a damage report or documenting a delivery.

• Photos you select are uploaded to our Supabase Storage bucket and attached to the specific project as damage evidence or delivery confirmation media.
• We do not scan your photo library, read EXIF location data without your action, or upload photos in the background.
• You can revoke camera or photo permissions in your device settings at any time.
• Deleting a photo from a project also removes it from our storage.

With your permission, we send push notifications about project events that need your attention: production milestones, shipment status changes, damage report responses, and new messages from your rep.

• When you grant permission, the operating system issues a device token to the app. We store that token, tied to your account, so we can deliver notifications to your device.
• You can disable notifications in your device settings; we honor the OS-level decision.
• We do not use push notifications for marketing or third-party promotions.
• If you sign out or uninstall the app, we delete the associated push token within 30 days.

The in-app AI assistant helps you find information about your project, your cabinets, and installation guides. When you send a question:

• Your question and a relevant project context snippet are sent to our AI provider (OpenAI or OpenRouter, depending on the deployed configuration) to generate a response.
• Per our agreement with these providers, your inputs are not used to train their public foundation models.
• We do not send your full project history, payment details, or other users’ information to the AI provider — only the snippet needed to answer the question.
• Don’t put information into the AI assistant that you wouldn’t want stored in our logs.

Your data is stored in our hosted Supabase project. We retain information for as long as your account is active and as needed to provide the Service.

• Project records are retained for the lifetime of the project and for a reasonable warranty period afterwards.
• Damage report photos are retained until the related claim is resolved, plus 24 months for audit purposes.
• Activity logs (who did what, when) are retained for 24 months.
• Backups may persist for up to 35 days after deletion before being permanently overwritten.

You can request earlier deletion at any time (see §9).

We take security seriously. We protect your data with:

• HTTPS / TLS encryption in transit for every request to the Service.
• Encryption at rest for stored files and database records, provided by our hosting vendors.
• Row-level security (RLS) policies in the database that restrict access by user role and project assignment.
• Hashed (never plaintext) passwords, and time-limited session tokens.
• Audit logging of administrative actions, so we can investigate anomalies.

No system is perfectly secure. If you believe your account has been compromised, email privacy@trulyhomecabinets.com right away.

You have the following rights with respect to your data:

• Access: ask for a copy of the information we hold about you.
• Correction: update or correct inaccurate information in your profile and project records.
• Deletion: ask us to delete your account and the associated personal data, subject to legal retention obligations.
• Portability: request a machine-readable export of your project data.
• Withdraw consent: revoke camera, photo, or notification permissions in your device settings.
• Object / restrict: ask us to stop or limit certain uses of your data.

To exercise any of these rights, email privacy@trulyhomecabinets.com. We’ll respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

Account deletion shortcut: open the mobile app or the web app, go to Profile, and use the “Delete my account” option. The request is processed within 30 days and confirmation is sent to your email.

The Service is intended for use by adults (18+) who are managing a kitchen or cabinet project. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at privacy@trulyhomecabinets.com and we will delete it.

Our hosting vendors operate data centers in multiple regions. When you use the Service, your information may be processed in regions outside your country of residence. Where required, we use standard contractual clauses or equivalent safeguards to protect cross-border transfers.

We may update this policy from time to time. When we make material changes, we will notify you by email or via an in-app banner and update the “Last updated” date at the top. Continued use of the Service after the change becomes effective constitutes acceptance.

If you have questions about this policy or how we handle your data, write to us at: