Privacy Policy

Introduction

Room Prompt ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered interior design application.

Information We Collect

1. Account Information

When you create an account via Google OAuth, we collect:

• Name: Your display name from your Google account
• Email address: Your primary email address
• Profile picture: Your Google profile image (optional)
• Google account ID: Used to authenticate your account

2. Session Information

To maintain your login session and improve security, we collect:

• IP address: Your device's IP address
• User agent: Browser and device information
• Session tokens: Secure tokens to maintain your logged-in state

3. Payment Information

When you purchase credits, we collect:

• Transaction details: Order ID, amount, currency, and product purchased
• Payment status: Whether payments are pending, paid, or refunded

Note: We use Polar for payment processing. Your credit card information is securely processed by Polar and is never stored on our servers. See Polar's privacy policy for details on how they handle payment data.

4. Usage Information

To provide and improve our service, we collect:

• Credit balance: Your current credit balance and transaction history
• Room images: Photos you upload for AI design generation
• AI-generated images: Design variations created by our AI
• Design prompts: Text descriptions you provide for room transformations
• Conversation history: Your design iteration conversations and titles

5. OAuth Tokens

We securely store OAuth tokens to maintain your connection with Google:

• Access tokens: For authenticating API requests
• Refresh tokens: For maintaining long-term access
• Token expiration data: To refresh tokens automatically

How We Use Your Information

We use the collected information for the following purposes:

• Account creation and authentication: To create and manage your account using Google OAuth
• Service delivery: To provide AI-powered interior design services
• Image processing: To send your room images to Google Gemini AI via OpenRouter for design generation
• Credit management: To track your credit balance and spending
• Payment processing: To process credit purchases via Polar
• Conversation history: To enable iterative design improvements and conversation resumption
• Service improvement: To analyze usage patterns and improve our AI models
• Security: To detect and prevent fraud, abuse, and security incidents
• Communication: To send service-related notifications (e.g., credit purchases, account updates)

Data Storage and Security

Storage Infrastructure

• Database: PostgreSQL with secure encryption
• Images: Stored securely on Vercel Blob Storage
• Authentication: Better Auth with secure session management
• Hosting: Deployed on Vercel with enterprise-grade security

Security Measures

• HTTPS encryption for all data transmission
• Secure OAuth 2.0 authentication via Google
• Database access controls and encryption at rest
• Regular security audits and updates
• Session token rotation and expiration

For detailed security practices, see our Security page.

Data Sharing and Third Parties

We share your data with the following third-party services to provide our service:

Google OAuth

Used for authentication. We receive your name, email, and profile picture. See Google's Privacy Policy.

OpenRouter / Google Gemini AI

Your room images and prompts are sent to Google Gemini 2.5 Flash Image via OpenRouter for AI design generation. OpenRouter acts as a gateway and does not store your images. See OpenRouter's Privacy Policy and Google AI Terms.

Polar

Handles payment processing for credit purchases. Your payment information is securely processed by Polar. See Polar's Privacy Policy.

Vercel

Hosts our application and stores images via Blob Storage. See Vercel's Privacy Policy.

We do not sell your personal information to third parties.

Data Retention

• Account data: Retained for as long as your account is active
• Session data: Automatically expires after 30 days of inactivity
• Images and conversations: Retained until you delete them or close your account
• Transaction records: Retained for 7 years for legal and accounting purposes

Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete data
• Deletion: Request deletion of your account and associated data
• Portability: Request your data in a machine-readable format
• Objection: Object to certain data processing activities
• Withdrawal of consent: Revoke your consent at any time

To exercise any of these rights, please contact us at privacy@roomprompt.app.

Free Credits

New users receive 3 free credits upon signup. These credits are automatically added to your account and can be used immediately for AI design generation.

Cookies and Tracking

We use cookies to:

• Maintain your logged-in session
• Remember your theme preference (light/dark mode)
• Ensure security and prevent fraud

We do not use third-party advertising or analytics cookies.

Children's Privacy

Room Prompt is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@roomprompt.app
• Website: roomprompt.app