Privacy Policy

Hoekk · Last updated: April 2026

This privacy policy explains how Hoekk (“we”, “us”, “our”) collects, uses, and protects your personal data when you use the Hoekk mobile application and website (together, the “Service”). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and Dutch data protection law.

1. Data controller

The data controller responsible for your personal data is:

Hoekk
Sole proprietor, The Netherlands
Website: www.hoekk.com
Email: support@hoekk.com

2. What data we collect

2.1 Account data

When you create an account, we collect:

Full name and email address
Password (stored as a one-way hash — we never store your actual password)
Apple Sign In identifier (if you sign in with Apple)

2.2 Profile and preferences

To personalise your experience and generate effective inquiry emails, we collect information you voluntarily provide:

Search preferences: cities, neighbourhoods, price range, number of bedrooms, minimum surface area, property type
Tenant profile: age, nationality, employment type, gross monthly income, job title, employer name, move-in date, household type
Personal details: personal pitch, language preference, viewing availability, LinkedIn URL
Additional details: whether you are a student, university, whether you have pets or smoke, whether you have the 30% ruling

2.3 Gmail OAuth data

If you connect your Gmail account, we store:

Gmail OAuth access token and refresh token
Your Gmail email address

We use these tokens solely to send inquiry emails on your behalf and to check for replies from rental agents. See Section 5 for details.

2.4 Usage data

When you use the Service, we collect:

Listing interactions: which listings you skip, save, or express interest in
Email data: the subject and body of AI-generated inquiry emails, sending status, thread identifiers, agent reply snippets, and timestamps
API usage: token counts for AI email generation (used for internal cost tracking)

3. How we use your data

Purpose	Data used	Legal basis (GDPR Art. 6)
Provide the Service — show listings, record your actions	Account data, preferences, usage data	Performance of contract
Generate personalised inquiry emails using AI	Profile data, listing details	Performance of contract
Send inquiry emails from your Gmail	Gmail OAuth tokens	Consent (you explicitly connect Gmail)
Check for agent replies to sent emails	Gmail OAuth tokens, thread IDs	Consent (you explicitly connect Gmail)
Enforce usage limits (free tier: 3 emails/week)	Account data, email counts	Performance of contract
Authenticate your identity	Email, password hash, Apple ID	Performance of contract

We do not use your data for advertising, profiling, or automated decision-making that produces legal effects.

4. Data sharing and third parties

We share your data with the following third-party processors, solely for the purposes described:

Anthropic (Claude API) — Your tenant profile and listing details are sent to Anthropic’s API to generate personalised inquiry emails. Anthropic processes this data in the United States. Anthropic does not retain prompt data beyond the API request under their commercial terms.
Google (Gmail API) — Your OAuth tokens are used to send emails via the Gmail API and read thread replies. Google processes data under their standard terms. We use only the gmail.send and gmail.readonly scopes.
Apple — If you sign in with Apple, Apple provides us with an identity token to verify your account. We store only the Apple user identifier.
Railway — Our database is hosted on Railway using EU-based servers. Railway acts as a data processor.

We do not sell, rent, or share your personal data with advertisers or any other third parties.

5. Gmail API — limited use disclosure

Hoekk’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

We only request the gmail.send and gmail.readonly scopes.
We use gmail.send to send inquiry emails to rental agents on your behalf when you swipe right on a listing.
We use gmail.readonly to check whether rental agents have replied to emails we sent. We only read threads that we initiated — we never read, scan, or index any other messages in your inbox.
We do not use Gmail data for advertising, market research, or any purpose other than providing the Service.
We do not allow humans to read your email content unless you explicitly request support assistance, it is required for security purposes, or it is required by law.
You can disconnect Gmail at any time from within the app, which immediately deletes your stored OAuth tokens.

6. International data transfers

Your data is stored in the European Union (Railway EU servers). When we send data to Anthropic for email generation, it is transferred to the United States. This transfer is covered by Anthropic’s Data Processing Agreement, which incorporates Standard Contractual Clauses (SCCs) approved by the European Commission.

Google processes data globally under their own GDPR-compliant data processing terms.

7. Data retention

Account data and profile: retained for as long as your account exists. Deleted when you delete your account.
Gmail OAuth tokens: deleted immediately when you disconnect Gmail or delete your account.
Listing interaction data: retained for as long as your account exists.
Sent email records: retained for as long as your account exists so you can view your email history and replies.

8. Data security

We take appropriate technical and organisational measures to protect your data:

All data is transmitted over HTTPS/TLS
Passwords are hashed using bcrypt (one-way, salted)
Database access is restricted to the application
Admin endpoints are protected with authentication
Gmail OAuth tokens are stored in the database and transmitted only to Google’s API over encrypted connections

9. Your rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15) — request a copy of your personal data
Right to rectification (Art. 16) — correct inaccurate data via your profile settings or by contacting us
Right to erasure (Art. 17) — delete your account and all associated data
Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
Right to restrict processing (Art. 18) — request that we limit how we use your data
Right to object (Art. 21) — object to processing based on legitimate interest
Right to withdraw consent (Art. 7) — withdraw your Gmail consent at any time by disconnecting Gmail in the app. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at support@hoekk.com. We will respond within 30 days.

10. Cookies and tracking

Hoekk is primarily a mobile application. Our landing page at www.hoekk.com does not use cookies, analytics trackers, or any third-party tracking scripts. We do not use cookies in any part of the Service.

11. Age requirement

Hoekk is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, please contact us and we will promptly delete the account.

12. Changes to this policy

We may update this privacy policy from time to time. If we make material changes, we will notify users through the app or via email. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Supervisory authority

If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens
Website: autoriteitpersoonsgegevens.nl
Phone: +31 (0)70 888 8500

Contact

For any questions about this privacy policy or your data, contact us at support@hoekk.com.