Privacy Policy

Last updated: June 2026

Introduction

Room Reveal ("we," "us," or "our") operates the roomreveal.com website and associated services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. We are committed to protecting your privacy and handling your data transparently.

Information We Collect

We collect the following types of information:

Account Information

  • Name and email address (provided during account creation)
  • Password (securely hashed -- we never store plaintext passwords)

Payment Information

  • Payment details are processed by Stripe and never stored on our servers
  • We retain only your Stripe customer ID and subscription status

Uploaded Content

  • Room photos you upload for AI transformation
  • AI-generated images produced from your uploads

Usage Data

  • Pages visited, features used, and interaction patterns
  • Device type, browser type, and operating system
  • IP address and approximate geographic location
  • Referring URLs and session duration

How We Use Your Information

  • To provide and maintain our AI room transformation service
  • To process your payments and manage your subscription
  • To store and display your uploaded images and transformation results
  • To send transactional emails (receipts, account updates, password resets)
  • To improve our service and develop new features
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

Third-Party Services

We use the following third-party services to operate Room Reveal:

Supabase

We use Supabase for user authentication and database storage. Your account information and uploaded images are stored in Supabase's infrastructure. Supabase processes data in accordance with their privacy policy.

Stripe

We use Stripe to process payments. When you make a purchase or subscribe, your payment information is sent directly to Stripe and is subject to Stripe's privacy policy. We do not store your credit card number or full payment details.

Replicate

We use Replicate's API to process AI image transformations. When you submit a room photo for transformation, the image is sent to Replicate for processing. Replicate processes these images in accordance with their privacy policy and does not retain your images after processing is complete.

Google Analytics (Optional)

We may use Google Analytics to understand how visitors interact with our site. If enabled, Google Analytics collects anonymized usage data through cookies. You can opt out of Google Analytics by installing the Google Analytics opt-out browser extension or by declining analytics cookies.

Image Storage and Processing

When you upload a room photo, it is stored in Supabase Storage, which is linked to your account. The image is then sent to the Replicate API for AI processing. The resulting transformed images are also stored in Supabase Storage and associated with your account.

You retain ownership of all images you upload and all transformed images generated from your uploads. We do not use your images for any purpose other than providing the transformation service to you, unless you have given explicit consent.

Cookies

We use cookies that are essential for the operation of our service:

  • Authentication cookies: Supabase session tokens that keep you logged in. These are strictly necessary and cannot be disabled without losing access to your account.
  • Analytics cookies: If Google Analytics is enabled, it sets cookies to measure site usage. These are optional and you may decline them.

For more details, please see our Cookie Policy.

Data Sharing

We do not sell, rent, or trade your personal information to third parties. We share your information only with the third-party service providers listed above, and only to the extent necessary to operate our service.

We may disclose your information if required by law, regulation, or legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS/SSL), encrypted storage, secure authentication practices, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Data Retention

We retain your account information and uploaded images for as long as your account is active. If you delete your account, we will delete your personal data and uploaded images within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and all associated data.
  • Portability: Request a copy of your data in a portable format.
  • Objection: Object to the processing of your data for certain purposes.
  • Withdraw consent: Where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at the email address below.

GDPR (European Economic Area)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases: performance of a contract (to provide our service), legitimate interests (to improve and secure our service), and consent (for optional analytics). You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.

CCPA (California Residents)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of your personal information. We do not sell personal information. To make a request under the CCPA, please contact us at the email address below. We will verify your identity before processing your request.

Children's Privacy

Our service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will also notify you via email. Your continued use of the service after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

[email protected]