Roomframe AI (“we”, “our”, “the app”) is an AI interior redesign service operated by Burhan Boz (individual developer), reachable at support@roomframeai.com.
This policy explains what personal data we collect, why, and how we protect it.
| Category | Examples | Why |
|---|---|---|
| Account | Email, display name, password hash | Authentication, subscription management |
| Social sign-in | Apple ID token, Google OAuth ID | Account creation via Sign in with Apple / Google |
| Room photos | Images you upload for redesign | Input to the AI generation pipeline |
| Reference photos | Style-reference images (Style Transfer) | Optional input for dual-image redesign |
| Generation preferences | Room type, design style, custom prompt, palette | Steering the AI output |
| Output ratings | Thumbs up / down on generated images | Quality improvement signal |
| Category | Examples | Why |
|---|---|---|
| Usage | Features used, job counts, errors | Product analytics, bug diagnosis |
| Device | iOS version, app version, device model | Compatibility, crash reports |
| Network | IP address at request time | Rate limiting, fraud prevention |
| Payment | Apple receipt transaction IDs (never card numbers) | Subscription activation, refund handling |
We share the minimum necessary data with these providers so the app works. Each has its own privacy policy.
| Provider | What they see | Purpose |
|---|---|---|
| AWS S3 (EU — Frankfurt) | Your uploaded photos + AI outputs (encrypted at rest) | Image storage |
| Replicate (United States) | Time-limited links to your photos during generation only | AI model execution |
| Apple App Store / RevenueCat | Subscription receipts and purchase events | Payment processing and subscription state |
| AWS SES | Your email address | Transactional emails (password reset, notices) |
Replicate processes your photo only for the duration of the generation (typically under a minute) and does not retain it after the prediction completes. Our presigned links expire after 1 hour.
Where data leaves the EU/EEA/UK (e.g. during AI generation), it happens under appropriate safeguards such as Standard Contractual Clauses with our providers.
| Data | Retention |
|---|---|
| Account profile | Until you delete your account (Profile → Delete account) |
| Room photos + AI outputs | Until you delete the job, or 2 years of inactivity |
| Payment / subscription records | 7 years (tax and audit requirement) |
| Rate-limit logs | 30 days |
| Webhook events (processed) | 90 days |
| Crash logs | 1 year |
Deleting your account starts a 14-day grace window during which you can restore it by logging back in. After 14 days your data is permanently purged from our primary stores; backups rotate out shortly after.
Depending on where you live, you have the right to:
To exercise any of these, email support@roomframeai.com. We respond within 30 days. EU/UK residents can also complain to their data protection authority.
The app is not intended for users under 16. We do not knowingly collect data from children. If we learn a child created an account, we delete it.
No system is perfect. If a breach occurs that affects you, we will notify you within 72 hours of discovery.
We post updates here and change the “Last updated” date above. Material changes trigger an in-app notification.