Privacy Policy
Last updated: 25 June 2026
This page is maintained by Doflash Ltd to explain how Home in Memory collects, uses, and protects personal data. It is editable app-owner content, not an independent certification.
1. Who we are
Doflash Ltd ("we") operates Home in Memory, a private family memory space where an admin invites members into a 3D replica of their home and members pin memories onto its walls. Contact: studio@doflash.com.
2. What we collect
Admin account: email address, hashed password, or Google sign-in identifier. Member (visitor) at the passcode gate: first name, closeness to the family, email (collected only on the first visit), and IP address (used to recognize returning visitors and prevent duplicates). Memory pins: title (up to 25 characters), the location of the pin on the wall, and the uploaded image, file, or link. Help requests: the message you submit, your name, and your email. Technical: standard server logs (IP, user agent, timestamps) used for security and debugging.
3. How we use it
To operate the family space, authenticate admins, gate member access, display memories, reply to support requests, and prevent abuse.
4. Legal bases (GDPR)
Performance of a contract (providing the space), legitimate interests (security, abuse prevention, recognizing returning members), and consent where required by law.
5. Subprocessors
Lovable Cloud (hosting, authentication, database, storage); Google Drive (storage of memory files in the admin's Google account); Matterport (3D home viewer embed); Resend (delivery of support emails to studio@doflash.com).
6. Sharing
Memories and member names are visible to other members of the same space and to that space's admin. We do not sell personal data.
7. International transfers
Our subprocessors may process data outside the EU/UK/Israel. Such transfers rely on Standard Contractual Clauses or equivalent safeguards.
8. Retention
All member data — name, email, IP address, uploaded memories, and pin metadata — is deleted when the space is closed. Admin account data is retained while the account remains active.
9. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict, port, or object to processing of your data, to withdraw consent, and to lodge a complaint with a supervisory authority. Under Israel's Privacy Protection Law (5741-1981, sections 13–14) you have the right to inspect and correct your data. To exercise any of these rights, email studio@doflash.com.
10. Cookies
After passing the passcode gate we set a single first-party cookie that stores your member access token. We do not use third-party advertising or analytics cookies.
11. Security
Row-Level Security on the database, hashed admin passwords, scoped cookies, and TLS in transit. This is a description of enabled controls, not a certification.
12. Children
The service is not directed to children under 16. Admins are responsible for who they invite into their space.
13. Changes
We may update this policy from time to time. The "Last updated" date above reflects the current version.
14. Contact
Doflash Ltd — studio@doflash.com.