Homespace

Last Updated: March 24, 2026

Privacy Policy

This Privacy Policy describes how Manxz, Inc. ("Homespace," "we," "us," or "our") collects, uses, discloses, and protects information when you use Homespace, including our website at homespace.co, our web application, our mobile applications, and related services (collectively, the "Service"). Some parts of this policy apply only to specific features, such as public invoice or estimate pages, the mobile app, optional weather and location features, or mobile push notifications.

Homespace is a field service management platform for service businesses such as electricians, plumbers, HVAC technicians, and lawn care providers. By using the Service, you agree to the collection and use of information as described in this policy.

1. Definitions

  • "Service Provider" or "User" means the trades professional or business that creates an account on Homespace to manage its operations.
  • "End Customer" means a Service Provider's customer whose information is stored, sent, or processed through the Service.
  • "Organization" means a Service Provider's business account within Homespace, which may include multiple team members such as owners, administrators, and technicians.

2. Information We Collect

2.1 Information you provide directly

  • Account and profile information. This may include your first and last name, email address, phone number, password or authentication credentials, role, profile photo or avatar, and email or phone verification status.
  • Organization and business information. This may include business name, business address, business phone number, business email address, logo, company size, industry or trade type, Employer Identification Number (EIN), license number, insurance information, timezone, and Stripe account or onboarding status.
  • Customer, scheduling, and operational data. Service Providers may create or upload End Customer names, company names, email addresses, phone numbers, service addresses, jobs, scheduling details, notes, estimates, invoices, recurring service agreements, price book entries, payment links, activity history, notification history, and team invitations.
  • Photos and files. If you upload a business logo, profile photo, or job photos, we store those files and related metadata. In the mobile app, job photos may also be queued locally on your device until upload completes.
  • Payment and billing metadata. We store payment amounts, payment dates, payment status, invoice and payment link associations, Stripe transaction identifiers, connected account identifiers, subscription tier, trial and subscription status, and related billing metadata. We do not store full payment card numbers or bank account numbers on our servers.
  • Communications and feedback. We store the contents of transactional emails, verification requests, phone verification activity, and any feedback you submit through the Service.

2.2 Information collected automatically

  • Device, browser, and app information. We may collect browser type, operating system, device type, app version, language, and similar technical information.
  • Usage, performance, and log data. We may collect IP address, timestamps, referring URLs, page paths or screen paths, feature usage, request metadata, performance metrics, and application errors. We use Vercel for hosting, logs, Analytics, and Speed Insights, and we use Sentry for error tracking, performance monitoring, and sampled session replay or interaction data in connection with sampled sessions and errors.
  • Public page access data. If you open a public estimate, invoice, payment link, or recurring-service approval page, we may log the request, URL, tokenized access parameters, IP address, and related metadata needed to serve the page, prevent abuse, or troubleshoot issues.

2.3 Mobile app and on-device data

  • Push notification data. If you allow push notifications, we store a mobile push token associated with your user account and may process notification delivery and interaction data.
  • On-device storage. The mobile app stores certain data locally for functionality and offline access, including authenticated session data in secure storage, app preferences, recent searches, prompt state, locally queued uploads, and a local PowerSync SQLite database containing synchronized business data needed for offline use.
  • Biometric unlock preferences. If you enable Face ID, Touch ID, or fingerprint login, Homespace stores a local preference indicating that biometric unlock is enabled. Your biometric template remains managed by your device and operating system and is not collected or stored by Homespace.
  • Device permissions. Depending on the features you use, the mobile app may request access to your camera, photo library, notifications, Bluetooth, local network, and location while the app is in use. For example, location may be used in connection with Tap to Pay or other mobile workflow features, and Bluetooth or local network access may be used to connect to supported payment hardware.

2.4 Information from third parties and integrations

  • Google OAuth. If you sign in with Google, we may receive your name, email address, and profile image URL from Google.
  • Google Maps Platform. If you use address autocomplete, place lookup, or geocoding features, address queries, selected place details, and related data may be sent to Google. We may store the formatted address and related latitude/longitude coordinates returned for customer, organization, or job records.
  • Stripe. If you connect Stripe, receive payments, use Tap to Pay, or subscribe to Homespace, Stripe may provide us with connected account identifiers, transaction metadata, customer billing metadata, and status information needed to operate those features.
  • Optional location-based weather features. If you use features that request weather for your current location, your browser may request permission to access your location, and location queries may be sent to providers such as Open-Meteo and Nominatim/OpenStreetMap.

3. How We Use Your Information

  • To provide, operate, and maintain the Service, including account creation, authentication, organization setup, customer management, estimates, invoicing, scheduling, recurring services, mobile sync, and payments.
  • To send transactional communications such as verification codes, estimate and invoice emails, receipts, payment notifications, invitations, reminders, and mobile push notifications.
  • To process End Customer payments, support connected Stripe accounts, and bill Service Providers for Homespace subscriptions and related services.
  • To provide address autocomplete, geocoding, routing or map handoff features, optional location-aware weather features, and mobile device functionality such as photo capture or offline sync.
  • To monitor usage, improve performance, diagnose errors, investigate abuse, enforce rate limits, prevent fraud or spam, and protect the security and integrity of the Service.
  • To respond to support requests, handle feedback, administer the platform, and comply with legal obligations.

We do not sell personal information. We do not use your personal information for cross-context behavioral advertising.

4. Payment Information

Homespace uses Stripe and Stripe Connect to support online payments, connected accounts, subscription billing, and certain in-person payment features such as Tap to Pay.

  • When an End Customer pays an invoice or payment link, payment information is processed by Stripe. We do not store full credit card numbers, debit card numbers, or bank account numbers on our servers.
  • We do store payment and billing metadata such as amounts, dates, status, transaction identifiers, fees, invoice associations, connected account identifiers, and Homespace subscription or trial information.
  • If a Service Provider connects Stripe or uses Tap to Pay, Stripe may process additional operational data needed for connected account onboarding, payment terminal access, or payment session setup.
  • Stripe's handling of payment data is governed by Stripe's own privacy policy, available at stripe.com/privacy.

5. How We Share Your Information

5.1 Service providers and infrastructure partners

  • Supabase. Database hosting, authentication, and file storage. Supabase may process account records, organization and customer data, documents, files, photos, and push tokens.
  • Stripe. Payment processing, connected accounts, subscription billing, and in-person payment features. Stripe may process payment data, payer contact details, billing metadata, connected account details, and transaction status information.
  • Resend. Transactional email delivery. Resend processes recipient email addresses and email content for estimates, invoices, receipts, payment links, notifications, and verification codes.
  • Twilio. SMS-based phone verification. Twilio processes phone numbers and verification code delivery data.
  • Google. Google may process sign-in data, address autocomplete queries, place details, and geocoding requests when those features are used.
  • Vercel. Hosting, request logs, Analytics, and Speed Insights. Vercel may process IP addresses, request metadata, page or route URLs, and performance data.
  • Sentry. Error tracking, performance monitoring, and sampled session replay. Sentry may process technical context, error data, request metadata, and sampled user interaction data associated with sessions or errors.
  • Upstash. Rate limiting and temporary operational buffering of Stripe webhook events. Buffered webhook records may include transaction metadata such as customer name or email, amounts, descriptions, connected account identifiers, status data, and raw webhook payloads for a limited retention period.
  • Cloudflare Turnstile. Bot and abuse prevention on authentication-related flows.
  • Slack. If you submit in-app feedback, the feedback message and related account or organization context may be sent to our Slack workspace for support handling.
  • PowerSync. Mobile sync infrastructure used to support offline access in the mobile app. PowerSync processes synchronized application data needed for that functionality.
  • Expo and mobile push providers. If you enable mobile push notifications, push tokens and notification payloads may be processed by Expo and the underlying Apple or Google notification services.
  • Open-Meteo and Nominatim/OpenStreetMap. If you use optional weather or geolocation-based features, those providers may receive location-related queries.

5.2 Public pages and recipient visibility

Homespace supports public estimate, invoice, payment, and recurring-service approval pages. When a Service Provider sends one of these documents or links to an End Customer, information associated with the document may be visible to the recipient without requiring a Homespace login.

  • This may include business name, business logo, business address, document details, customer-facing line items, totals, notes, status, and similar transaction context needed to view or pay the document.
  • Access to certain public recurring-service approval flows may rely on unique URLs and tokens included in the link.

5.3 Sharing within an Organization and with Homespace personnel

  • Team members within the same Organization may be able to view shared business data according to their role and permissions.
  • Authorized Homespace personnel may access account, billing, support, security, and operational data when reasonably necessary to provide the Service, investigate abuse, troubleshoot issues, recover from failed webhooks or integrations, or comply with law.

5.4 Legal requests and business transfers

  • We may disclose information if required to do so by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect rights, property, safety, or investigate fraud or abuse.
  • If Homespace is involved in a merger, financing, acquisition, bankruptcy, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to applicable law.

6. Data Roles and Responsibilities for End Customer Data

Service Providers decide what End Customer data to enter into Homespace and how that data is used in their business. In that context, the Service Provider is generally responsible for its End Customer data, and Homespace processes that data on the Service Provider's behalf as part of providing the Service.

  • Service Providers are responsible for making sure they have an appropriate legal basis to collect, store, and use End Customer information.
  • If you are an End Customer and want to access, correct, or delete your information, you should contact the relevant Service Provider first.
  • If you cannot reach the Service Provider, you may contact us at hello@homespace.co and we will make reasonable efforts to assist or direct your request appropriately.

7. Data Security

We use a combination of technical, administrative, and provider controls designed to protect information. These measures include encrypted transport over HTTPS/TLS, authentication controls, role-based access, row-level security for authenticated application data where applicable, signed Stripe webhook verification, rate limiting, bot protection, logging, and monitoring.

Some operational flows, such as internal administration, public document access, webhook handling, and mobile sync, use server-side credentials or internal tooling rather than the end user's session directly. We limit those flows through backend logic, access restrictions, tokens or identifiers, and internal personnel controls.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Data Retention and Deletion

  • We retain information for as long as reasonably necessary to provide the Service, maintain your account, support offline sync and operational recovery, comply with legal obligations, resolve disputes, enforce our agreements, and prevent fraud or abuse.
  • If you request deletion or close your account, we will delete or de-identify information from active systems within a reasonable timeframe, except where retention is needed for legitimate business purposes, legal or tax obligations, security, fraud prevention, dispute resolution, backups that expire on a delayed schedule, or third-party records we do not control.
  • Third-party providers such as Stripe, Resend, Twilio, Expo, and infrastructure vendors may retain their own logs and records under their own policies.
  • To request account or data deletion, contact us at hello@homespace.co.

9. Cookies, Local Storage, and Similar Technologies

Homespace uses necessary and functional technologies to keep the Service working. These may include cookies, local storage, secure mobile storage, and local mobile databases.

  • On the web, we use cookies and similar storage for authentication, session management, and functional preferences such as UI state.
  • We may use browser storage to cache limited app state or feature data, such as weather or interface preferences.
  • On mobile, we use secure device storage for authenticated sessions, local preference storage for prompts and recent searches, and a local offline database and upload queue to support offline access and background sync behavior.
  • We do not use advertising cookies, third-party ad pixels, or cross-site behavioral advertising trackers.

10. Your Privacy Rights

Depending on where you live, you may have rights to request access to, correction of, deletion of, or a copy of certain personal information we hold about you, subject to verification and legal exceptions.

10.1 California residents

If you are a California resident, you may have rights under the CCPA and CPRA, including the right to know, delete, correct, and not be discriminated against for exercising your rights. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

Categories of personal information we may collect include:

  • Identifiers, such as name, email address, phone number, IP address, device identifiers, push tokens, and account identifiers.
  • Customer records and commercial information, such as addresses, estimates, invoices, jobs, recurring services, payment history, billing records, and subscription information.
  • Internet or other electronic network activity, such as usage logs, browser or app information, request metadata, analytics, performance data, and notification interaction data.
  • Geolocation-related information, such as business addresses, service addresses, geocoded coordinates, and device location information when you enable relevant features.
  • Visual or similar information, such as profile photos, business logos, job photos, and sampled replay or screen interaction data collected for diagnostics.
  • Professional or employment-related information, such as business name, trade type, role, license number, insurance information, and company size.

To exercise applicable rights, contact us at hello@homespace.co. We may need to verify your identity before fulfilling a request.

10.2 Other U.S. state privacy laws

Residents of other U.S. states may have similar rights under applicable law. To make a request, contact us at hello@homespace.co.

11. Children's Privacy

Homespace is not directed to children under 18, and we do not knowingly collect personal information from children under 18. If you believe a child has provided personal information through the Service, contact us at hello@homespace.co and we will investigate and take appropriate action.

12. International Data Transfers

Homespace is operated from the United States, and information may be stored and processed in the United States or other countries where our service providers operate. If you use the Service from outside the United States, your information may be transferred to countries with different data protection laws than those in your jurisdiction.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date above and may provide additional notice through the Service or by email when appropriate. Your continued use of the Service after the effective date of an updated policy means the updated policy will apply going forward.

14. Contact Us

If you have questions about this Privacy Policy or want to make a privacy-related request, contact us at:

Manxz, Inc.

131 Continental Dr. Suite 305

Newark, DE 19713

Email: hello@homespace.co