Privacy Policy
Last updated:
1. Introduction
Welcome to Roominary ("we," "us," or "our"). Roominary is an AI-powered interior design and home improvement platform that helps you visualize, plan, and transform your living spaces.
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services (collectively, the "Services"). It also describes your rights under applicable data protection laws, including the EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA").
Data Controller:
Kotak Tech, Inc. (operating as Roominary)
Email: roominary@kotak.tech
By using our Services, you acknowledge that you have read and understood this Privacy Policy.
2. Information We Collect
2.1 Information You Provide
Account Information — When you create an account, we collect: email address, password (stored in hashed/encrypted form), display name (if provided), and OAuth provider tokens if you sign in via Google.
Images and Design Content — To provide our core AI interior design service, we collect: room photographs and images you upload, design preferences you specify (room type, style, colors, etc.), and saved collections, projects, and notes.
Payment Information — Payment processing is handled entirely by Stripe, Inc. We do not store your payment card details. We receive and store: subscription status and plan tier, Stripe customer ID, billing name and address, and transaction history.
2.2 Information Collected Automatically
Usage Data — We collect information about how you interact with our Services.
Technical Data — IP address (retained for 90 days), browser type and version, operating system, referring URLs, and device identifiers.
Analytics:
- Vercel Analytics and Speed Insights: Collects aggregated, anonymous performance metrics. No cookies. No PII. Classified as strictly necessary.
- Google Analytics 4 (GA4): With your consent, collects behavioral data. Uses cookies. Requires explicit consent under GDPR.
3. How We Use Your Information
| Purpose | Legal Basis (GDPR) | Data Used |
|---|---|---|
| Provide and operate the Services | Contract (Art. 6(1)(b)) | Account info, images, design preferences |
| Process payments and manage subscriptions | Contract (Art. 6(1)(b)) | Billing information |
| Send transactional emails | Contract (Art. 6(1)(b)) | Email address |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) | Billing records, consent records |
| Monitor service performance | Legitimate interests (Art. 6(1)(f)) | Server logs, Vercel Analytics |
| Prevent fraud and protect security | Legitimate interests (Art. 6(1)(f)) | IP address, usage patterns |
| Analytics to improve the Services | Consent (Art. 6(1)(a)) | GA4 data (when consent is given) |
| Marketing communications | Consent (Art. 6(1)(a)) | Email (when consent is given) |
CCPA Note: We do not "sell" or "share" your personal information as defined under the CCPA.
4. AI Processing of Your Images
When you upload images to Roominary, those images are processed by Google LLC's Gemini AI service. By uploading images, you acknowledge that:
- Your images are transmitted to Google's Gemini API for AI processing
- Google processes these images pursuant to their API Terms of Service and Privacy Policy
- We have entered into a Data Processing Agreement with Google as required by GDPR
- Images may incidentally contain personal data
We encourage you not to upload images containing sensitive personal information about third parties.
6. International Data Transfers
Roominary is headquartered in the United States. We rely on EU Standard Contractual Clauses (SCCs) for transfers.
7. Data Retention
| Data Category | Retention Period |
|---|---|
| Account information | Until deletion + 30-day grace period |
| Uploaded images and generated designs | Until deleted by user, or account deletion + 30 days |
| Payment/billing records | 7 years (legal/tax obligation) |
| Server access logs, IP addresses | 90 days |
| Consent records | Account lifetime + 7 years |
| Support communications | 2 years after resolution |
| Deleted account data | Hard purge within 30 days of deletion request |
8. Your Rights
8.1 GDPR Rights (EEA, UK, Switzerland)
- Right of Access (Art. 15)
- Right to Rectification (Art. 16)
- Right to Erasure (Art. 17)
- Right to Restrict Processing (Art. 18)
- Right to Data Portability (Art. 20)
- Right to Object (Art. 21)
- Right to Withdraw Consent (Art. 7(3))
- Right to Complain to a data protection authority
To exercise your rights: use account settings or email roominary@kotak.tech. We respond within 30 days.
8.2 CCPA Rights (California Residents)
- Right to Know
- Right to Delete
- Right to Opt-Out (we do not sell personal information)
- Right to Non-Discrimination
- Right to Correct
10. Security
We implement industry-standard security measures including encrypted transmission (TLS/HTTPS), encrypted credential storage, access controls, and regular security reviews.
11. Children's Privacy
Our Services are not directed to children under 16 (or 13 in the United States).
12. Changes to This Policy
We may update this policy periodically. For material changes, we will update the "Last Updated" date and notify active users.
13. Contact Us
Privacy and Data Rights Inquiries: roominary@kotak.tech
General Contact: Kotak Tech, Inc. (operating as Roominary)