5Huis.nl

Privacy Policy

Last updated: June 2026

5Huis is a product operated by KoshSam (“KoshSam”, “we”, “us”), a company registered in the Netherlands under KVK number 95911774. 5Huis is the platform at www.5huis.nl that connects users in the Netherlands who want to swap, rent or sell their homes. This Privacy Policy explains what personal data we collect, why, and the rights you have under the EU General Data Protection Regulation (GDPR) and the Dutch Telecommunications Act.

1. Data controller

The data controller is KoshSam (KVK 95911774, The Netherlands), operating the 5Huis platform. Contact: support@5huis.nl · DPO: privacy@5huis.nl.

2. What we collect

  • Account: email, name, avatar, language preference, optional phone.
  • Listings: photos, videos, descriptions, price, address (visibility configurable).
  • Matching preferences: desired cities, types, price range.
  • Activity: interests, matches, messages, notifications.
  • Technical: IP, user agent, session cookies, log timestamps.
  • Subscription: Mollie customer ID, status, amount (no card data is stored by us).

3. Why we process (legal basis)

  • To run the service and matching engine — necessary for the contract (GDPR art. 6(1)(b)).
  • To send transactional emails (matches, mutual interest) — legitimate interest.
  • Optional marketing emails — only with your explicit consent.
  • To comply with Dutch tax / KYC obligations for paid subscriptions.

4. Sharing

We use the following sub-processors strictly for service delivery — all are bound by EU-compliant Data Processing Agreements. We never sell your data.

  • Supabase — hosting, authentication, database, file storage (EU region, Frankfurt/Ireland).
  • Mollie — iDEAL & card payment processing (EU). We never store full card numbers.
  • Expo Push — relays push notifications to iOS/Android devices (US, opt-in only after permission grant).
  • Sentry — crash reporting & performance monitoring (EU region). Stack traces and device/OS metadata only; no message content.
  • PostHog — product analytics & feature flags (EU region, eu.i.posthog.com). Anonymised event names and counts; identifiable only when you’re signed in.
  • Emergent — application deployment infrastructure.

5. Retention

Account data is kept while your account exists. After deletion we anonymise messages within 30 days and remove uploads from storage. Billing data is kept 7 years per Dutch tax law.

6. Your GDPR rights

You have the right to access, correct, delete, export and restrict processing of your data, and to withdraw consent. Use the data request page or email support@5huis.nl. You may also complain to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

7. Security

All data is stored in the EU (Supabase Frankfurt/Ireland). Connections are TLS-encrypted. Passwords are hashed by Supabase Auth (bcrypt). Database row-level security (RLS) restricts access to your own records.

8. Cookies

See our Cookie Policy.

9. Changes

Material changes will be announced via in-app notification and email.