Your data, in plain English.

• Account data: email, name (if provided), your Firebase UID. Used to sign you in and attribute work to you.
• Uploaded photos: the room / façade images you upload to redesign. Stored privately in our S3 bucket. Only you can see originals.
• Generated images: the AI variations we produce from your uploads. Stored publicly so share links work — but the URL is unguessable.
• Preferences and taste events: which variations you save, dismiss, or refine. Used to personalize future renders for you.
• Payment data: handled entirely by Stripe; we store Stripe customer / subscription IDs, never card numbers.
• Operational logs: IP address (truncated), user-agent (truncated), request paths. Kept 30 days for abuse prevention.

• Run the product: sign-in, generation, share links, billing.
• Personalize the AI: your saved / dismissed variations tune future designs for you.
• Prevent abuse: anti-fraud signals (disposable-email detection, per-IP rate limiting) protect the free tier.
• Improve the product: aggregate, de-identified metrics about critic pass rates and generation cost.

We do not use your uploaded photos to train third-party AI models. Google Gemini is called per-request with your image and receives it only for that call — Google's API is configured to not retain data for model training.

• Google (Gemini): the image generation + analysis models.
• Stripe: payment processing.
• Firebase (Google): authentication.
• AWS: hosting, database, storage.
• Resend: transactional email (when enabled).

We do not sell your data. We do not share it with advertisers.

• Export: download a copy of your data at Account → Export.
• Delete: delete your account at Account. Cascades across DB + storage.
• Correct: email privacy@hausey.ai.
• EU / UK residents have GDPR rights; California residents have CCPA rights. Contact us to exercise them.

• Originals: kept while your account is active; deleted within 90 days of account deletion.
• Generated variations: same as originals.
• Taste events (saves / dismisses): kept while your account is active.
• Audit logs: 90 days.

Production uses httpOnly session cookies, signed S3 URLs for private content, log-redaction for secrets + PII, rate limiting, a cost gateway with per-user caps, and a kill-switch env var for emergency shutdown. We are not SOC-2 certified yet; if your organization requires it, reach out.

Hausey is not intended for users under 16. If you believe a child has signed up, email us and we'll remove the account.

We'll email you (at the address on your account) before any material change takes effect. The current version is always at /privacy.