Privacy Policy

1. Data Controller

Room Reveal (contact: [email protected]). By using our service, you agree to this Privacy Policy.

2. Data We Collect

• Account data: email, name, avatar (when using Google OAuth)
• Payment data: billing details processed by Stripe (we never store card numbers)
• Generated content: room photos you upload, AI-generated ideas, images, and videos
• Usage data: credit consumption, generation history
• Technical data: IP address, browser type, session cookies

3. Legal Basis for Processing

• Contract performance: to provide the Room Reveal service
• Legitimate interest: security, fraud prevention, service improvement
• Consent: marketing communications, non-essential cookies

4. Third-Party Processors

• Supabase (EU) — database and file storage
• Stripe (USA/EU) — payment processing
• Google AI — AI generation (Gemini, Imagen, Veo). Prompts and images are not used to train Google models.
• Brevo — transactional email
• Vercel — hosting and CDN

5. Data Retention

• Account data: until account deletion + 30 days
• Generated content: 12 months, then automatically deleted
• Payment records: 7 years (legal requirement)
• Logs: 90 days

6. Your Rights (GDPR)

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request erasure ("right to be forgotten")
• Data portability
• Object to processing
• Withdraw consent at any time

Exercise these rights by emailing [email protected]. We respond within 30 days.

7. Cookies

See our Cookie Policy for details.