Back to home

Privacy

Privacy notice

Last updated 2 May 2026

We are Hüwa OÜ, a private limited company registered in Estonia (registry code 16323068, Rüütli 38, Pärnu, Estonia). We operate d2home and are the data controller for personal data processed through it. You can reach us at info@huwa.ee.

This notice explains what personal data we handle, why, and the rights you have under the EU General Data Protection Regulation (GDPR).

Who we collect data about

Hosts — people who sign in to manage one or more properties.

Guests — people who open a stay link a host has sent them.

What we collect, and why

From hosts

  • Email address and (optional) name. Used to create your account, sign you in, and contact you about the service. Legal basis: contract.
  • Seam API key, if you provide one. Used only to read lock state and issue access codes for your stays. Stored encrypted at rest. Legal basis: contract.
  • Property details you enter — address, door codes, WiFi credentials, notes for guests, language preference. Used to render the guest pages you generate. Legal basis: contract.
  • A session cookie set when you sign in, so you stay signed in. Strictly necessary; no consent banner is required for it.

From guests

  • Whatever the host has put on your stay page — typically a first name, the property address, and the stay window. We don't ask you to register an account.
  • Lock actions you take (unlock, lock) and the technical data needed to perform them. An audit record is also kept by Seam, our lock-integration provider. Legal basis: legitimate interest in providing reliable access and being able to investigate disputes.
  • Standard server logs (IP address, user-agent, request URL) for security and troubleshooting, kept for up to 30 days. Legal basis: legitimate interest in keeping the service safe.

What we don't do

  • No advertising trackers, no third-party analytics scripts.
  • No selling of personal data, ever.
  • No profiling and no automated decision-making.

Subprocessors

We use a small number of vendors to run the service. Each is bound by a written data-processing agreement.

  • Seam Inc. (USA) — door-lock integration. Receives lock identifiers and access-code requests. Data transferred under EU Standard Contractual Clauses.
  • Amazon Web Services (AWS SES) — used to deliver sign-in emails.
  • Hosting — d2home runs on infrastructure inside the EU.

A current subprocessor list is available on request from info@huwa.ee.

How long we keep things

  • Account data: while your account is active, plus 12 months after closure, then deleted.
  • Stay data (codes, notes): while the stay is upcoming or active, plus 90 days for support and dispute resolution.
  • Lock-action audit records: retained by Seam under their own retention policy.
  • Server logs: 30 days.
  • Billing records: 7 years (Estonian accounting law).

Your rights

Under the GDPR you can ask us to:

  • Show you the personal data we hold about you.
  • Correct anything that is wrong.
  • Delete your account and personal data, subject to the retention rules above.
  • Export your data in a machine-readable format.
  • Object to or restrict certain processing.

Email info@huwa.ee from the address tied to your account. We respond within 30 days.

If you think we have mishandled your data, you can complain to the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, www.aki.ee).

Children

d2home is not intended for anyone under 16. We do not knowingly collect data about minors.

Changes

If we change this notice we will update the date above and, for material changes, email account holders at least 14 days in advance.