Privacy Policy

Last Updated: 1 June 2026

This Privacy Policy describes how Flatpulse collects, uses, stores, and protects your personal data when you register and use our platform. This Policy forms an integral part of the Terms of Use.

By registering and using Flatpulse, you acknowledge that you have read, understood, and agree to the terms of this Policy.

1. Data Controller

The data controller for the processing of your personal data is the company under the name FLATPULSE IKE, having its registered seat at Plapouta 4-6, Tripoli, with General Commercial Registry (GEMI) No. 191282314000 and Tax Identification Number (TIN): 803172468 ("Flatpulse" or "we").

For any question or request relating to the processing of your personal data, you can contact us at: info@flatpulse.gr

2. Information we collect

When you register and use the platform, we collect the following categories of personal data:

a) Account and identity data

  • Full name
  • Date of birth
  • Gender
  • Email address
  • Phone number

b) Profile data

  • Profile photo
  • Social media links (Facebook, Instagram)
  • Professional status
  • Language preference
  • Record of acceptance of our Privacy Policy, Terms of Use, and Cookie Policy

c) Listing data

When you post a listing, we collect:

  • Location information (address text, structured location data including locality, administrative area, country, postal code, Google Places IDs, and geographic coordinates)
  • Budget and whether bills are included
  • Description (up to 2,000 characters)
  • Available-from date
  • Photographs of the room (stored in our file storage infrastructure)

d) Communications data

  • Messages exchanged via Flatpulse Chat: content, sender and recipient identifiers, timestamps, edit history, and message status
  • Contact details voluntarily shared between users (email address, phone number, Facebook and Instagram links, and any accompanying message text), stored upon your request

e) Identity verification data

If you choose the optional identity verification service, Flatpulse receives from the third-party verification provider (Didit) the outcome of the verification and a match result for your name, gender, and date of birth against your declared profile information. Flatpulse does not collect or store your identity document images or biometric data. See Section 5 for full details.

f) Payment and billing data

When you purchase a premium service or additional feature, we collect your email address and any invoicing information required under applicable tax law (name, address, TIN where applicable). Payment card data is not collected or stored by Flatpulse; it is processed exclusively by our payment services provider (Stripe). See Section 6 for full details.

g) Usage and technical data

  • IP address
  • Device and browser information
  • Page views and interactions on the platform, collected anonymously by our hosting and analytics providers
  • Listing visit records (which listings were viewed and, if you are logged in, your user identifier)
  • Security signals collected by Google reCAPTCHA to distinguish human users from automated systems

h) Push notification subscription data

If you consent to receive push notifications, we store your push subscription endpoint, encryption keys, and user-agent string.

i) Reports data

If you submit a report about another user or piece of content, we store the reason, any details you provide, the identifiers of the reported content or user, and your user identifier.

This data is provided either directly by you (e.g. when creating a profile or posting a listing) or is collected automatically as part of the platform's operation.

3. Legal bases for processing

We process your personal data on the following legal bases:

  • Consent (Article 6(1)(a) GDPR): for the creation and publication of your profile and listing; for sending promotional communications; for optional identity verification; for push notifications. You may withdraw your consent at any time (see Section 11).
  • Performance of a contract (Article 6(1)(b) GDPR): for data necessary to provide the services you have requested, including managing your account, enabling communication between users, and processing purchases.
  • Legal obligation (Article 6(1)(c) GDPR): for issuing and transmitting tax documents as required by applicable law, and for complying with requests from competent authorities.
  • Legitimate interests (Article 6(1)(f) GDPR): for platform security, fraud prevention, content moderation, and protection of our legal rights, where such interests are not overridden by your rights and interests.

4. How we use your data

Your personal data is used for the following purposes:

  • To create and publish your profile and listing as part of the roommate-finding service.
  • To enable communication between users via Flatpulse Chat and the contact-sharing feature.
  • To process purchases of premium services and to issue the applicable tax documents.
  • To conduct optional identity verification through our third-party provider (see Section 5).
  • To send transactional communications (account notifications, purchase confirmations, contract documents).
  • To send updates, notifications about new features, and promotional communications, where you have consented to receive them.
  • To display advertising relevant to users. Where advertising is personalised on the basis of your preferences, it is clearly marked as such (see Section 7).
  • To ensure the security and proper operation of the platform, prevent fraud and abuse, and moderate content.
  • To comply with our legal and regulatory obligations.
  • To improve the platform through analysis of anonymous or aggregated usage data.

The data that appears publicly on the platform is only that which you choose to share. We do not sell or rent your personal data to third parties for their own commercial purposes.

5. Identity verification (Didit)

Flatpulse offers an optional identity verification service through a third-party provider, Didit (https://didit.me/). This service is entirely optional and is activated only upon your explicit choice.

When you initiate verification, you are redirected to Didit's online environment, where the verification process takes place entirely under Didit's control. Didit collects your identity document photograph (e.g. ID card, passport, or driving licence for EU users; passport for non-EU users) and a facial photograph (selfie) for biometric matching purposes.

Flatpulse does not collect, store, or have the ability to export your identity document or biometric data. Flatpulse may access these only through Didit's read-only administrative environment, and exclusively for the limited purposes of: (a) comparing your declared profile information (name, date of birth, gender) against the verification outcome, and (b) confirming the result of the verification carried out by Didit. Once verification is complete, Flatpulse stores only a record of the verification outcome and the individual field match statuses (name matched, gender matched, date of birth matched) in its database. Where the process is successful, your account receives the "Verified User" indication.

The collection and processing of your identity and biometric data during verification is governed exclusively by Didit's own terms (https://didit.me/terms/business/) and privacy policy (https://didit.me/terms/privacy-policy/).

The "Verified User" indication does not constitute a guarantee by Flatpulse as to your identity, reliability, or suitability.

6. Payments and invoicing

Payments for premium services or additional features are processed by our third-party payment services provider, Stripe (https://stripe.com). When you make a payment, you are redirected to Stripe's secure checkout environment. Flatpulse does not collect, store, or process your payment card or bank account details. Stripe operates as an independent controller of payment data and is subject to its own terms and privacy policy (https://stripe.com/en-gr/legal/consumer).

For each transaction, Flatpulse issues the applicable tax document in accordance with Greek tax law. Your invoicing data (name, email, and where applicable TIN and address) is transmitted to our electronic invoicing partner, which submits the relevant information to the Independent Authority for Public Revenue (AADE) and sends the document to your registered email address. Documents are delivered via our transactional email provider, Resend (https://resend.com). You are responsible for providing accurate and complete invoicing information.

7. Advertising and third-party provider services

The platform may display advertisements or information relating to the services of independent third-party providers (such as, indicatively, insurance companies, transport companies, and cleaning services). Some advertisements are displayed generally to all users, while others may be personalised on the basis of your preferences in accordance with this Policy. Personalised advertisements are clearly marked as such.

If you express interest in a third-party provider's service, you may be asked to provide contact details which, following your express consent, are transmitted to that provider exclusively for the purpose of communicating with you regarding your specific request. Flatpulse is not a party to any agreement concluded between you and a third-party provider and bears no liability for such agreements.

8. Third-party processors and recipients

For the operation of the platform, Flatpulse uses the following third-party service providers, who may process personal data on our behalf or as independent controllers:

Provider Purpose Privacy information
Supabase Database, file storage, and user authentication https://supabase.com/privacy
Vercel Platform hosting, anonymous traffic analytics (Vercel Analytics), and performance monitoring (Speed Insights) https://vercel.com/legal/privacy-policy
Didit Optional identity verification https://didit.me/terms/privacy-policy/
Google reCAPTCHA Protection against automated access and bot activity https://policies.google.com/privacy
Google Places / Maps API Location autocomplete and geocoding for listing addresses https://policies.google.com/privacy
Google Translate API Optional on-demand translation of listing descriptions https://policies.google.com/privacy
Stripe Payment processing https://stripe.com/en-gr/legal/consumer
Resend Transactional email delivery (purchase confirmations, contract documents) https://resend.com/legal/privacy-policy
Web Push services Delivery of push notifications to users who have opted in (processed by the user's browser or OS vendor) Varies by browser/OS vendor

We do not sell your personal data to any of the above providers or to any other third party.

9. Cookies, local storage and similar technologies

The platform uses browser local storage and similar client-side storage mechanisms for the following functional purposes:

  • Authentication session: your login session tokens are stored in local storage to keep you signed in across page loads.
  • Language preference: your chosen display language is saved locally so it is remembered on future visits.
  • User preferences: certain in-app settings (such as contact field pre-fill choices and your light/dark theme preference) are stored locally on your device.

In addition, Google reCAPTCHA v3 runs on the platform and transmits signals (including IP address, browser characteristics, and interaction patterns) to Google's servers. This processing is governed by Google's privacy policy (https://policies.google.com/privacy).

Vercel Analytics and Speed Insights collect anonymous and aggregated data about page views and performance metrics. No personally identifiable information is associated with this data.

We do not use third-party advertising cookies or behavioural tracking cookies.

10. Data retention

Your personal data is retained for the period necessary for the purposes described in this Policy, and in any event:

  • Profile and listing data: retained while your account is active and deleted following account deletion, subject to any mandatory legal retention obligations.
  • Chat messages: retained while your account is active and for up to 12 months after account deletion for legal, security, or operational reasons.
  • Tax documents and transaction records: retained for the period required by applicable Greek and EU tax law (generally 5 years).
  • Verification outcome records: retained while your account is active. Biometric and identity document data is not held by Flatpulse.
  • Usage and technical data: retained in anonymised or aggregated form for analytics purposes.

You may request deletion of your data at any time by emailing info@flatpulse.gr; however, some data may be retained where required by law or to protect the legitimate rights of others.

11. Your rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access: to obtain a copy of the personal data we hold about you.
  • Right to rectification: to correct inaccurate or incomplete information.
  • Right to erasure ("right to be forgotten"): to request the deletion of your personal data.
  • Right to restriction of processing: to request that we limit the processing of your data in certain circumstances.
  • Right to data portability: to receive your data in a structured, commonly used, machine-readable format.
  • Right to object: to object to processing based on our legitimate interests or to direct marketing.
  • Right to withdraw consent: where processing is based on your consent, to withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of the above rights, please contact us at info@flatpulse.gr.

12. Data security

Flatpulse applies appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, loss, or destruction, including encrypted data transmission (HTTPS/TLS), access controls, and the secure infrastructure provided by our hosting and database providers.

No method of data transmission or storage can be considered completely secure. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, in accordance with Article 34 of the GDPR.

13. International data transfers

Some of the third-party providers listed in Section 8 (including Stripe, Google, Vercel, and Didit) are based in or may process data in countries outside the European Economic Area (EEA), including the United States. Where such transfers occur, we ensure that they are subject to appropriate safeguards in accordance with Chapter V of the GDPR, such as the Standard Contractual Clauses adopted by the European Commission or other recognised transfer mechanisms. For details of the safeguards applicable to each provider, please refer to their respective privacy policies linked in Section 8.

14. Content moderation and access to communications

Flatpulse does not routinely monitor or access the content of private conversations between users. The platform has access to specific conversations only by exception and to the extent strictly necessary for the following purposes: (a) investigating and handling user reports or complaints, (b) preventing and addressing fraud, malicious use, or violations of the Terms of Use or applicable law, (c) maintaining the security and proper operation of the platform, and (d) complying with legal obligations and requests of competent authorities.

Content moderation may be based in part on automated detection systems, under the supervision and final control of qualified Flatpulse personnel, particularly before any decision to remove content or suspend/delete a user account.

15. Minors

The platform is intended exclusively for adults (18 years of age or older). We do not knowingly collect personal data from minors. If it is established that a user is under 18, their account will be suspended or deleted and their personal data removed in accordance with our Terms of Use.

16. Unsubscribing and account deletion

You may unsubscribe from Flatpulse marketing communications at any time by clicking the "Unsubscribe" link in our emails or by contacting us at info@flatpulse.gr.

You may request the deletion of your account at any time through the platform's settings or by emailing info@flatpulse.gr. Following deletion, your data will be handled in accordance with the retention periods set out in Section 10.

17. Updates to this privacy policy

This Policy may be updated periodically to reflect changes to our services or applicable legislation. In the event of significant changes, you will be notified via email or through an in-platform notification, in accordance with our Terms of Use.

18. Complaints

If you believe that your rights under the GDPR are being violated, you have the right to file a complaint with the competent supervisory authority:

Hellenic Data Protection Authority (HDPA) Website: https://www.dpa.gr Email: contact@dpa.gr Address: 1–3 Kifissias Ave., 115 23 Athens, Greece

19. Contact

For any question, request, or exercise of your rights regarding your personal data, you can contact us at:

FLATPULSE IKE Plapouta 4-6, Tripoli info@flatpulse.gr