Privacy Policy

Kvarter ("we", "us") operates kvarter.io, a property intelligence platform for Denmark. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR).

We collect only the minimum data necessary to provide our service:

• Account data — email address, optional display name, and a hashed password when you register. We never store your password in plain text.
• Saved address — the Danish property address you choose to associate with your account (address label, postal code, city, municipality code).

We do not collect analytics, use tracking pixels, or install third-party marketing cookies.

Property profiles displayed on Kvarter are sourced from official Danish government registries (Datafordeler, DAWA, DST StatBank, Uddannelsesstatistik, CVR) and OpenStreetMap. This data is publicly available and not personal data under GDPR. Property owner names are obtained from the public EJF (Ejerfortegnelsen) register.

• To authenticate you and manage your account.
• To associate a saved property address with your profile for quick access.
• To respond to support or feedback requests.

Legal basis: contract performance (Art. 6(1)(b) GDPR) for account management, and legitimate interest (Art. 6(1)(f)) for service improvement.

We use the following external services to deliver the platform. None receive your personal data (email, name):

• Supabase (EU region) — authentication and database hosting. Supabase processes your email and hashed password for authentication only.
• Vercel — hosting and edge delivery. Vercel may process IP addresses in access logs per their privacy policy.
• Danish government APIs (Datafordeler, DAWA, DST StatBank) — property and demographic data. Only address coordinates and municipality codes are sent to these APIs; no user identity is transmitted.
• OpenStreetMap / Overpass API — nearby places. Only geographic coordinates are sent.
• OSRM — walking distance calculation. Only geographic coordinates are sent.

We use only strictly necessary cookies for authentication session management (Supabase auth tokens). We do not use analytics, advertising, or tracking cookies. Because these cookies are essential for the service to function, no consent banner is required under GDPR/ePrivacy Directive.

Your account data is retained for as long as your account is active. Cached property data (nearby places, demographics) is refreshed periodically and does not contain personal data. If you delete your account, your personal data is removed within 30 days.

You have the right to:

• Access your personal data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Erase your data / "right to be forgotten" (Art. 17)
• Data portability — receive your data in a structured format (Art. 20)
• Object to processing based on legitimate interest (Art. 21)

To exercise any of these rights, contact us at privacy@kvarter.io. We will respond within 30 days.

We protect your data with encryption in transit (TLS), Row Level Security on our database, rate-limited APIs, and security headers (CSP, HSTS, X-Frame-Options). Passwords are hashed and never stored in plain text.

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. The "last updated" date at the top reflects the most recent revision.