HomeKeeperPlus

Maintain Your Home

PricingSign inGet started

Security & Data Protection

Last updated: May 22, 2026

Your home data matters. Here's how we protect it.

You're trusting HomeKeepPlus with details about your home — appliance records, maintenance history, vendor contacts, inspection reports, and documents. We take that responsibility seriously. This page explains, in plain English, how your data is protected and where our limits are.

Private by Default

Every document, photo, appliance record, vendor, and task in HomeKeepPlus is tied to your account and your account only.

Our database enforces row-level security — before any data is returned, the database itself verifies that it belongs to the signed-in user. Other users, including other HomeKeepPlus customers, cannot access your records. There is no backdoor, no shared query, and no admin dashboard that bypasses this check.

Uploaded files are stored in a private storage bucket, namespaced to your user ID. The storage layer enforces the same ownership verification. There are no public links to any of your files.

What to Store Here — and What Not To

Store freely: Appliance manuals, warranty documents, insurance policies, inspection reports, permits, maintenance receipts, contractor invoices, paint colors, photos of your home, and the everyday records that are easy to lose and painful to recreate.

Do not store: Deeds, titles, wills, passports, Social Security numbers, birth certificates, bank account numbers, or any document that would cause serious harm if exposed in a data breach.

For irreplaceable legal and financial documents, we recommend keeping the originals in a home safe or bank safety deposit box. Use HomeKeepPlus to record where each document is stored — the safe location, box number, and who else in your household knows how to access it. That way your family can find what they need in an emergency without any single online service holding the original.

Encryption

  • At rest: All documents and database content are encrypted with AES-256 on disk.
  • In transit: Every request between your browser and our servers uses TLS 1.2 or higher.
  • Passwords: Hashed with bcrypt. We never see, store, or log your plaintext password.
  • Breach check: When you set or change a password, it is checked against the Have I Been Pwned database. Passwords known to have been exposed in other breaches are rejected.

Shared Links Expire

When you open or download a document in the app, we generate a short-lived signed URL that expires within minutes. There are no permanent public URLs to your files.

If you send a contractor request, that share link is scoped to the specific request, can be revoked at any time, and does not expose any other data in your account.

Infrastructure

HomeKeepPlus is hosted on Supabase and AWS, both SOC 2 Type II certified and ISO 27001 compliant. Data is processed and stored in the United States. Backups are encrypted with the same standards and stored in the same hardened environment.

Your Account, Your Control

  • Change your password at any time from your account settings.
  • Sign out of all devices with a single click.
  • Request account deletion at any time. Your data is permanently removed within 30 days, with a grace period to cancel if you change your mind.
  • Export your data on request. Your data belongs to you.

Honest Limits

Trust requires honesty about what we are — and what we are not.

  • We are not zero-knowledge. Your documents are encrypted on our servers, but we hold the encryption keys. A small number of authorized engineers can technically access stored data for specific purposes: recovering lost files, investigating abuse, or responding to a valid legal request. We do not browse customer data, and all access is logged and audited.
  • We are not a regulated data service. HomeKeepPlus is built for home maintenance records. We are not HIPAA-compliant, PCI-certified, or a bank-regulated service. Do not store protected health information, payment card numbers, or regulated financial data in HomeKeepPlus.
  • You are responsible for your password. If you lose it, we can help you reset it through email verification, but we cannot recover your original password.
  • No service is breach-proof. We follow industry best practices and use enterprise-grade infrastructure, but no honest company will tell you a breach is impossible. That is why we recommend keeping sensitive originals offline (see "What to Store Here" above).

Reporting a Vulnerability

Found a security issue? Email security@homekeepplus.com. We respond within two business days and we do not pursue researchers who act in good faith.

Questions

For privacy or data questions, reach us at privacy@homekeepplus.com.