Privacy Policy

Effective date: 21 April 2026 · Last updated: 4 July 2026

1. Who We Are

Roomframe AI (“we”, “our”, “the app”) is an AI interior redesign service operated by Burhan Boz (individual developer), reachable at support@roomframeai.com.

This policy explains what personal data we collect, why, and how we protect it.

2. What We Collect

2.1 You give us directly

CategoryExamplesWhy
AccountEmail, display name, password hashAuthentication, subscription management
Social sign-inApple ID token, Google OAuth IDAccount creation via Sign in with Apple / Google
Room photosImages you upload for redesignInput to the AI generation pipeline
Reference photosStyle-reference images (Style Transfer)Optional input for dual-image redesign
Generation preferencesRoom type, design style, custom prompt, paletteSteering the AI output
Output ratingsThumbs up / down on generated imagesQuality improvement signal

2.2 Automatically

CategoryExamplesWhy
UsageFeatures used, job counts, errorsProduct analytics, bug diagnosis
DeviceiOS version, app version, device modelCompatibility, crash reports
NetworkIP address at request timeRate limiting, fraud prevention
PaymentApple receipt transaction IDs (never card numbers)Subscription activation, refund handling

2.3 We do not collect

3. How We Use Your Data

  1. Provide the service — uploading your room photo, routing to AI models, returning the redesigned output.
  2. Manage your subscription — validating Apple receipts, crediting your wallet, processing plan changes.
  3. Improve model quality — aggregated, anonymised rating and duration data helps us decide which AI models stay active.
  4. Security & abuse prevention — rate limiting by user/IP, detecting brute-force login attempts.
  5. Communicate with you — password resets, important service notices, optional product emails (you can opt out).
We do not sell your data to advertisers or data brokers. We do not train third-party AI models on your photos.

4. Third-Party Services We Use

We share the minimum necessary data with these providers so the app works. Each has its own privacy policy.

ProviderWhat they seePurpose
AWS S3 (EU — Frankfurt)Your uploaded photos + AI outputs (encrypted at rest)Image storage
Replicate (United States)Time-limited links to your photos during generation onlyAI model execution
Apple App Store / RevenueCatSubscription receipts and purchase eventsPayment processing and subscription state
AWS SESYour email addressTransactional emails (password reset, notices)

Replicate processes your photo only for the duration of the generation (typically under a minute) and does not retain it after the prediction completes. Our presigned links expire after 1 hour.

5. Where Your Data Lives

Where data leaves the EU/EEA/UK (e.g. during AI generation), it happens under appropriate safeguards such as Standard Contractual Clauses with our providers.

6. How Long We Keep It

DataRetention
Account profileUntil you delete your account (Profile → Delete account)
Room photos + AI outputsUntil you delete the job, or 2 years of inactivity
Payment / subscription records7 years (tax and audit requirement)
Rate-limit logs30 days
Webhook events (processed)90 days
Crash logs1 year

Deleting your account starts a 14-day grace window during which you can restore it by logging back in. After 14 days your data is permanently purged from our primary stores; backups rotate out shortly after.

7. Your Rights

Depending on where you live, you have the right to:

To exercise any of these, email support@roomframeai.com. We respond within 30 days. EU/UK residents can also complain to their data protection authority.

8. Children

The app is not intended for users under 16. We do not knowingly collect data from children. If we learn a child created an account, we delete it.

9. Security

No system is perfect. If a breach occurs that affects you, we will notify you within 72 hours of discovery.

10. Changes

We post updates here and change the “Last updated” date above. Material changes trigger an in-app notification.

11. Contact