Legal

Privacy Policy

Last updated: June 3, 2026

This policy explains what data Instaroom AI collects, how we use it, and the choices you have. In short: we use your room photos only to create your designs, and we never sell your images or personal data.

1About Instaroom AI

Instaroom AI is an AI-powered interior-design and room-redesign app for homeowners, renters, stagers, and design enthusiasts. This policy describes how we handle your information.

2Who this applies to

This policy applies to everyone who uses the Service. The Service is not intended for children.

3Information we collect

• Account information — an account identifier and authentication details used to keep your designs and subscription tied to you.
• Content you provide — the room photos you upload or capture and the choices/prompts you make when generating a design.
• Usage & device data — app interactions, approximate diagnostics, and device/technical information.
• Subscription information — your plan status and related purchase events (we do not receive your full card details).
• Support communications — messages you send us.

4Device permissions

The app may request access to your camera (to photograph a room), your photo library (to choose and save images), and notifications (to tell you when a design is ready). You can change these in your device settings at any time.

5How we use your information

We use data to: create and manage your account; process your photos to generate designs; deliver and manage subscriptions; understand usage and improve the app; provide support; detect and prevent fraud or abuse; and meet legal obligations. We do not sell your uploaded images, generated images, or personal data.

6AI processing

Generating a design sends the relevant image and prompt to third-party AI infrastructure (such as Google Gemini, accessed via OpenRouter) for processing. This transmission happens only upon your affirmative action — when you tap to generate.

7What we don't do

We do not use your photos for facial recognition, biometric profiling, identity tracking, or surveillance of any kind.

8Legal bases (GDPR)

Where the GDPR applies, we rely on: performance of our contract with you (to provide the Service); our legitimate interests (to secure and improve the Service); your consent (where required, e.g. certain permissions); and legal obligations.

9Analytics

We use PostHog to understand how the app is used so we can improve it. This includes product-analytics events and basic diagnostics.

10Who we share data with

We share limited data with service providers who help us run the app, including: Google Gemini / OpenRouter (AI image processing), PostHog (analytics), Convex (backend/database), Better Auth (authentication), RevenueCat (subscription management), and the Apple App Store (billing). We may also disclose data where required by law.

11International data transfers

Some providers process data outside your country. Where required, we rely on appropriate safeguards for such transfers.

12Data retention

We retain your content and account data while your account is active. Analytics and diagnostic logs are retained for a limited period (around 30 days). When you delete your account, we delete associated data subject to limited legal and security retention.

13Deleting your data

You can delete your account and associated data from within the app's Settings, or by emailing us. Note that subscriptions are cancelled separately through your app store.

14Your rights

Depending on your location, you may have rights to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to lodge a complaint with a supervisory authority. To exercise these, contact us at the email below.

15Security

We apply reasonable technical and organizational measures to protect your data. No method of transmission or storage is completely secure, but we work to safeguard your information.

16Third-party services

The Service integrates third-party services that have their own privacy practices. We encourage you to review their policies; we are not responsible for their handling of data.

17Children's privacy

The Service is not directed to children, and we do not knowingly collect data from them. If you believe a child has provided us data, contact us and we will remove it.

18Changes to this policy

We may update this policy from time to time. Material changes will be communicated through reasonable channels, and the "Last updated" date above will change.