Clear, human-readable information about every type of data we collect, why we collect it, and the controls you have — fully compliant with GDPR.
A complete breakdown of every category of personal data Roomatos processes.
Core information tied to your Roomatos account.
Details you provide so we can match you with compatible roommates.
If you choose to verify your phone number via SMS.
Private direct messages and group chat messages between matched users.
Data generated when you connect with other users.
If you use the Roommate Agreement feature.
Payment and rent-tracking information.
Data related to house groups and living arrangements.
Progress through training modules and earned badges.
Your notification preferences and app settings.
Anonymous or pseudonymous metrics to improve the product.
Limited signals to prevent abuse and maintain platform integrity.
Under GDPR, every processing activity must be tied to a lawful basis.
We follow the principle of data minimisation — data is kept only as long as necessary for its purpose.
| Data type | Retention period |
|---|---|
| Account & profile | While active — deleted 14 days after account deletion request |
| Messages & media | Up to 24 months after last activity, or when you delete the thread |
| Agreements & signatures | Duration of the agreement + 6 years (legal retention) |
| Phone verification data | While active — purged on account deletion |
| Financial / Stripe IDs | While subscription is active + as required by tax law |
| Rent tracker data | While active — deleted with account |
| Training progress & badges | While active — deleted with account |
| Reviews (given & received) | While active — anonymised on account deletion |
| Analytics (aggregated) | 12–24 months in aggregate, non-identifiable form |
| Safety / abuse logs | As required by law or to resolve disputes |
| Agreement audit logs | Same as agreement retention (legal) |
Under GDPR and Greek data protection law, you have the following rights. Use our self-service tools or contact us directly.
We use trusted sub-processors to deliver our service. Your data may be shared with:
Your data is primarily stored in EU-oriented regions. Where sub-processors operate outside the EU/EEA, we ensure adequate safeguards are in place (Standard Contractual Clauses or adequacy decisions).
Roomatos is not intended for users under the age of 18. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us immediately.
Control how we use cookies and local storage on your device.
No — never. We do not sell, rent, or trade your personal data to any third party. Your data is used exclusively to provide and improve the Roomatos service.
Primarily in EU-oriented data centres via Supabase and Vercel. Specific sub-processors may have infrastructure in other regions, always with adequate GDPR safeguards.
No. Even if you verify your phone, other users can only see that your phone is verified — never the actual number.
Your profile, preferences, messages, and personal data are permanently deleted after a 14-day grace period. Some data may be retained longer if required by law (e.g. agreement audit logs).
No. Your private messages are never used for AI model training, advertising, or any purpose other than delivering them to the intended recipient.
Email us at support@roomatos.gr with as much detail as possible. We aim to respond within 48 hours.
Roomatos (operated by its founding team in Greece). For formal GDPR inquiries, contact support@roomatos.gr.