Privacy Policy

1. Introduction

DesignIdea.ai ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered industrial design visualization service (the "Service").

This policy is compliant with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Data We Collect

3.1 Information You Provide

• Account Information: Name, email address, and password (hashed) when you create an account. If you sign up via Google OAuth, we receive your name, email address, and profile picture from Google.
• User Content: Sketches, images, prompts, and other content you upload or create using our Service.
• Communications: Information you provide when contacting our support team.
• Payment Information: Processed securely through Stripe; we do not store full payment card details. We store your Stripe customer ID to manage your subscription and purchases.

3.2 Automatically Collected Information

• Usage Data: Information about how you interact with our Service, including features used, credit transactions (feature type, amount, timestamp), and project access timestamps.
• Technical Data: Browser type, operating system, and IP address as processed by our hosting infrastructure.
• Authentication Cookies: See Section 9 for details.

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

• Contract Performance (Art. 6(1)(b)): Processing necessary to provide our Service to you, including account management, credit transactions, and AI generation processing.
• Legitimate Interests (Art. 6(1)(f)): To improve our Service, ensure security, and prevent fraud.
• Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for optional communications.
• Legal Obligation (Art. 6(1)(c)): To comply with applicable laws and regulations, including tax and accounting obligations.

5. How We Use Your Data

• To provide, maintain, and improve our AI-powered design visualization Service.
• To process your uploaded content through third-party AI APIs for image generation.
• To process payments, manage your subscription, and track credit balances.
• To communicate with you about your account, updates, and support requests.
• To detect, prevent, and address technical issues and security threats.
• To comply with legal obligations and enforce our Terms of Use.

6. Third-Party AI Processing

Important Notice: Our Service utilizes third-party artificial intelligence APIs to generate design visualizations. When you upload content or submit prompts:

• Your uploaded images and text prompts are transmitted to third-party AI service providers for processing.
• These providers include: Replicate, Fal.ai, Kie.ai, WaveSpeed (for image generation), Anthropic (Claude) and Google (Gemini) (for prompt refinement).
• Each provider has their own privacy policy and data handling practices.
• We select providers that maintain appropriate security standards, but we cannot guarantee their data handling practices.
• Processed data may be temporarily stored by these providers according to their retention policies.
• We may change, add, or remove AI providers at any time to improve the Service.

By using our Service, you acknowledge and consent to this third-party processing. We recommend reviewing the privacy policies of our AI providers.

7. Data Processors and Sharing

We use the following categories of data processors:

• Supabase (Supabase Inc., USA): Authentication, database, and file storage. Hosts your account data, project data, and uploaded content.
• Vercel (Vercel Inc., USA): Application hosting and content delivery. Processes your requests to our Service.
• Stripe (Stripe Inc., USA): Payment processing. Handles all payment transactions; we do not store your full payment card details.
• AI Providers (see Section 6): Process your content for AI image generation and prompt refinement.

We may also share your data:

• Legal Requirements: When required by law, court order, or governmental authority.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.
• With Your Consent: When you explicitly authorize us to share your data.

We do not sell your personal data to third parties.

8. International Data Transfers

Your data is transferred to and processed in the United States by our infrastructure providers (Supabase, Vercel, Stripe) and AI service providers. We ensure appropriate safeguards are in place, including:

• EU-U.S. Data Privacy Framework certification where applicable.
• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Adequacy decisions by the European Commission.

9. Cookies and Tracking Technologies

We use only essential cookies required for the Service to function:

• Authentication Cookies: Session cookies managed by Supabase to keep you logged in. These are strictly necessary for the Service to operate and do not require consent.

We do not use analytics cookies, advertising cookies, or any third-party tracking technologies. You can manage cookies through your browser settings, but disabling essential cookies will prevent you from using the Service.

10. Your Rights Under GDPR

As an EU/EEA resident, you have the following rights:

• Right of Access (Art. 15): Request a copy of your personal data.
• Right to Rectification (Art. 16): Request correction of inaccurate data.
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten").
• Right to Restrict Processing (Art. 18): Request limitation of data processing.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests.
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: File a complaint with your local supervisory authority (see Section 15).

To exercise these rights, contact us at: privacy@designidea.ai

11. Data Retention

We retain your personal data for as long as necessary to:

• Provide our Service and maintain your account.
• Comply with legal obligations (e.g., tax and accounting records: up to 10 years as required by German law).
• Resolve disputes and enforce our agreements.

User-generated content is retained until you delete it or close your account. Upon account deletion, we remove your data within 30 days, except where retention is required by law.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL).
• Row-Level Security (RLS) policies ensuring users can only access their own data.
• Rate limiting and input validation on all API endpoints.
• Access controls and authentication mechanisms.
• Secure webhook signature verification for third-party integrations.

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

13. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through our Service. Your continued use of the Service after such modifications constitutes acceptance of the updated policy.

15. Contact Us

For questions, concerns, or to exercise your rights, contact us:

Competent Supervisory Authority: