Privacy Policy

Name: Sesame
Author: Sesame

Effective date: 24 March 2026

1. Introduction

Sesame ("we", "us", "our") provides a digital property passport that helps homeowners organise, understand, and manage everything about where they live. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application and website.

By using Sesame you agree to the practices described in this policy. If you do not agree, please do not use the service.

2. Information we collect

Account information

When you create an account we collect the information provided by your chosen sign-in method. This includes your name and email address when you sign in with Apple or Google, or the email address and password you provide when you register directly. You may optionally add a phone number and a profile photo.

Property data

When you add a property we store the details you provide: address, city, postal code, country, GPS coordinates, property type, and physical characteristics such as size, number of rooms, floors, construction year, and energy rating. We also store ownership details including purchase price, purchase date, cadastral reference, and land registry number.

Financial records

Sesame allows you to record mortgages, insurance policies, property valuations, and utility bills. This data includes loan amounts, interest rates, monthly payments, lender names, insurance providers, policy numbers, coverage amounts, premiums, deductibles, and utility consumption readings. Financial records are stored with strict user-level access controls. They are visible only to you, even when you share a property with other people.

Documents and files

You may upload documents such as receipts, invoices, certificates, manuals, and photos. Files are compressed to a maximum of 500 KB and stored in encrypted cloud storage. Each document has a visibility scope you control: "property" (visible to all members of the property) or "private" (visible only to you).

Document scanning

When you scan a receipt or invoice, text recognition is performed entirely on your device using Apple Vision. No images or extracted text are sent to an external OCR service. The extracted data (vendor name, date, total amount, currency, and line items) is associated with your property record.

Usage data

We collect basic usage data including page views, feature interactions, and device information to maintain and improve the service. This analytics data is collected using PostHog, which we run as a first-party service — meaning all events are routed through our own domain and infrastructure, not through a third-party domain. We do not use third-party analytics platforms such as Google Analytics, Amplitude, Mixpanel, or Firebase Analytics.

3. How we use your information

Providing the service

Your information is used to operate Sesame: managing property records, organising documents, tracking finances, scheduling maintenance, and enabling collaboration with people you invite.

AI-powered features

Sesame includes an AI concierge that can answer questions about your property. When you start a conversation, relevant context (including your property details, mortgage data, insurance policies, project information, and supplier records) is sent to the Anthropic Claude API for processing. This data is transmitted server-side through our backend and is not stored by Anthropic beyond the duration of the request.

When you use the utility bill analysis feature, the bill image is sent to the Claude API to extract consumption data and compare it against regional benchmarks. The analysis result is returned to you but is not permanently stored on our servers.

Property enrichment

When you add a property, Sesame may query government property registries to automatically populate available data such as building dimensions, construction year, energy ratings, and tax valuations. These queries are made server-side using your property address. We currently integrate with registries in 23 European countries including Denmark (BBR, DAWA, EMOData), the Netherlands (Kadaster BAG), Spain (Catastro), the United Kingdom (Land Registry), and others.

Service improvement

Aggregated, non-identifiable usage patterns may be used to improve the app experience, fix issues, and guide product development.

4. Third-party services

We share data with the following third-party services only as necessary to provide the functionality described above:

Anthropic (Claude API): Powers the AI concierge and utility bill analysis. Property context and conversation history are sent server-side for processing. Anthropic does not retain this data beyond the request.
Supabase: Provides our backend database (PostgreSQL), file storage, and authentication infrastructure. All data is hosted on Supabase cloud with Row-Level Security enforced on every table.
Google Maps: Used to display property locations. Your property address and GPS coordinates are shared with Google's mapping service.
Apple and Google: If you sign in with Apple or Google, your name and email address are shared through their respective OAuth flows.
Government property registries: Address-based queries are sent to national registries across 23 countries to retrieve publicly available building data. These queries are processed server-side through Supabase Edge Functions. API credentials for registries are stored securely on our servers and are never exposed to the client application.
PostHog (first-party analytics): Powers website product analytics. Events are proxied through our own domain so that no data is sent directly from your browser to a third-party PostHog endpoint. PostHog receives anonymised usage events (page views and feature interactions) routed via our infrastructure. PostHog does not receive your name, email address, or any financial or property data.

5. Data storage and security

Database security: All data is stored in PostgreSQL with Row-Level Security (RLS) enabled on every table. This means the database itself enforces that you can only access data you are authorised to see.
User-private isolation: Financial data such as mortgages and insurance policies is isolated at the database level by your user ID. No other user, including property co-owners, can access this data.
Document visibility: Documents marked as "private" are enforced at the database level. Only the person who uploaded the document can view it, regardless of who else has access to the property.
Encryption in transit: All connections between the app, our backend, and third-party services use TLS encryption.
Authentication tokens: Session tokens are stored in the iOS Keychain, not in cookies or local storage.
Server-side credentials: API keys for government registries and AI services are stored in server environment variables and are never included in the client application.

6. Data sharing and visibility

We do not sell your personal information. We do not share your data for advertising purposes.

When you invite someone to a property, you assign them a role that determines what they can see and do:

Owner: Full access to property data, can manage members and transfer ownership.
Tenant: Can view property data and add documents.
Guest: Read-only access to property-scoped data.

Documents you mark as "private" (such as invoices and receipts) remain visible only to you, regardless of who else has access to the property. Financial records (mortgages, insurance) are always private to the user who created them.

7. Your rights

Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights:

Access: You can view all of your data directly within the app at any time.
Rectification: You can edit your property details, documents, and financial records at any time.
Data export: You can download a full property passport in a structured format aligned with the EU Digital Building Logbook framework (JSON). Exported data includes property identification, building structure, energy performance, maintenance schedules, and ownership history. User IDs are anonymised in exports. Financial data is included only for active property owners.
Deletion: You can delete your account from within the app. When you delete your account: your profile photo is removed, you are removed from all shared properties, your profile information (name, email, phone) is permanently erased, your authentication record is deleted, and any private documents are removed. An anonymised record is retained only for referential integrity.
Portability: The export format is structured and machine-readable (JSON), aligned with the European Commission's Digital Building Logbook schema.
Restriction and objection: You may contact us to restrict or object to specific processing activities.

8. Cookies and tracking

The Sesame mobile app does not use cookies. Authentication is handled through secure tokens stored in the iOS Keychain.

The Sesame website uses PostHog for product analytics. We operate PostHog as a first-party tool: all tracking events are sent to our own domain rather than directly to a third-party endpoint. This means your browsing activity on sesame.build is not shared with PostHog's infrastructure under a third-party origin and is not commingled with data from other companies' products.

PostHog sets a persistent cookie to distinguish unique visitors and a session cookie to group events within a single visit. No data collected is used for advertising or shared with advertising networks. We do not use social media pixels, cross-site trackers, or any other third-party analytics platforms.

9. Children's privacy

Sesame is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. International data transfers

Your data is stored on Supabase cloud infrastructure. When you add a property, address-based queries may be sent to government registries in the relevant country. AI processing requests are sent to Anthropic's servers. All transfers are protected by TLS encryption and are limited to the data necessary to provide the requested functionality.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page and add a detailed entry to the changelog below. We encourage you to review this page periodically.

12. Contact

For privacy-related questions, data requests, or concerns, contact us at hello@sesame.build.

Policy changelog

We believe in transparency. Below is a record of every change made to this policy.

24 March 2026 Current

Added PostHog first-party analytics disclosure to the Usage data section, third-party services list, and cookies and tracking section
Clarified that PostHog events are proxied through our own domain (first-party), not sent directly to a third-party endpoint
Described the two PostHog cookies (persistent visitor ID and session cookie) and their purpose

7 March 2026

Complete rewrite, expanded from 7 sections to 12 with detailed data practice descriptions
Added third-party services section covering Anthropic Claude, Google Maps, Supabase, and government registries
Added AI data processing disclosure for chat concierge and utility bill analysis
Added document scanning details covering on-device OCR via Apple Vision, no cloud processing
Added GDPR rights section with specific export and deletion procedures
Added property enrichment disclosure covering 23 European registries
Added data sharing roles (Owner, Tenant, Guest) and document visibility scopes
Added cookies and tracking section
Added children's privacy and international data transfers sections
Added this policy changelog

February 2026

Initial privacy policy published

Get early access to Sesame

You're an excellent fit for early access.

You're a great fit for early access.

We see you, and we're working on it.

Apologies, but we're not ready for you yet.

You've joined the map.

We've already got you.