Decofy Privacy Policy
Last updated: June 9, 2025
1. Introduction
Thank you for choosing Decofy, an AI-powered interior-design platform owned and operated by SERENDIPITY ONE INC ("we," "our," "us"). Protecting your privacy is fundamental to our mission. This Privacy Policy explains what information we collect, how we use and share it, the choices you have, and the safeguards we employ.
2. Scope & Product Overview
This Policy applies to every interface listed below (collectively the "Service"). Unless a future channel provides its own privacy notice, it is covered by this document.
- decofy.ai (main website)
- Design studio interface
- User dashboard
- iOS app (coming soon)
- Android app (coming soon)
- Progressive web app
3. Information We Collect
Sensitive-data disclaimer — We do not process sensitive personal information (e.g., racial or ethnic origin, religious beliefs, sexual orientation) for the purpose of inferring characteristics about you.
| Category | Examples | Collection Method |
|---|---|---|
| Account Information | Email, name, profile photo | Registration, social login |
| Design Content | Room photos, design preferences, chat history | User uploads, interactions |
| Usage Data | Page views, feature usage, session duration | Automatic collection |
| Device Information | IP address, browser type, device ID | Automatic collection |
Permissions on Mobile Apps
We request OS-level permissions only when you invoke the related feature and you may revoke them at any time:
- Camera / Photo Library – capture or select a room photo.
- Microphone – optional voice notes saved to chat.
- Push Notifications – notify you when a render or product list is ready.
- Network State – pause uploads on cellular if you enable "Wi-Fi only".
4. How We Use Information
We process data to:
- Provide the Service – generate design previews, retrieve product images, maintain chat context, fulfil purchases, and deliver support.
- Improve & Personalise – train and tune models (only with opt-in), recommend products, and perform A/B tests.
- Communicate – send transactional e-mails, service announcements, and marketing messages (opt-out at any time).
- Ensure Security & Integrity – detect fraud, abuse, or violations of our Terms, and protect users.
- Comply With Law – satisfy legal obligations and respond to lawful requests.
Legal bases under GDPR/UK GDPR: contract performance, legitimate interests, consent, legal obligation.
5. AI Content, Training & Service Providers
On-Demand Generation
Your images and prompts are processed solely to create the requested output and maintain conversation context.
Model Improvement
We do not use your images or personal data to train public models unless you explicitly opt-in ("Help improve Decofy").
Human Review
A security-cleared team may inspect the minimum data set required for debugging or quality assessment, under encryption and audit.
AI Service Providers
To deliver advanced AI features we share your input and generated output only as necessary with the following vendors under strict data-processing terms:
| Provider | Service | Data Shared |
|---|---|---|
| OpenAI | Image generation, text processing | Prompts, images (temporary) |
| Anthropic | Design recommendations | Text prompts only |
| Google Cloud | Image analysis, storage | Images, metadata |
Your personal information, including any facial-keypoint data, is never used by these providers to train their general models.
Google API Services – Limited Use
Our use of data obtained from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements.
6. How We Share Information
| Recipient | Purpose | Legal Basis |
|---|---|---|
| Service Providers | Cloud hosting, payment processing, analytics | Legitimate interest |
| Business Partners | Product recommendations, affiliate sales | Consent |
| Legal Authorities | Compliance with legal obligations | Legal obligation |
| Corporate Transactions | Merger, acquisition, asset sale | Legitimate interest |
We never sell personal information.
7. Cookies & Tracking Technologies
We employ cookies, web beacons, and similar tech. Essential cookies are required for authentication; analytics and advertising cookies load only after you give consent via our Cookie banner.
Do Not Track
At present we do not respond to browser-based Do-Not-Track signals because a standard has yet to be adopted.
8. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Until account deletion | Service provision |
| Design Content | 3 years or until deletion | Service history, support |
| Usage Analytics | 2 years | Service improvement |
| Financial Records | 7 years | Legal compliance |
User-Controlled Deletion
Use Settings to delete any item immediately or to opt-out of model-training corpora. Propagates within 24 h (live) and 30 days (archives).
9. Your Rights & Choices
Depending on your region you may access, correct, delete, port, or restrict processing of your data. Submit any request via [email protected] or in-app Data Controls.
Residents of California, Colorado, Connecticut, Utah, Virginia and other U.S. states can exercise additional rights described in our U.S. State Privacy Addendum.
10. Security & Incident Response
We employ TLS in transit, AES-256 at rest, zero-trust segmentation, regular penetration tests, RBAC, and a bug-bounty program.
If a breach likely to result in harm occurs, we will notify regulators and affected users within 72 hours or sooner where required.
11. International Transfers
Data may be processed in Canada, the United States, and the European Union. Transfers rely on adequacy decisions, Standard Contractual Clauses, and encryption in transit and at rest.
12. Children's Privacy
You must be at least 13 years old (or the age of digital consent in your country, whichever is higher) to create a Decofy account. Users under 18 need parental permission.
13. Third-Party Links
We are not responsible for third-party privacy practices. Review their policies before submitting data.
14. Changes to This Policy
We may update this Policy; material changes will be announced at least 7 days in advance.
15. Contact Us
SERENDIPITY ONE INC
24829 SE 22nd Ct, Sammamish, WA 98075, USA
E-mail: [email protected]
We typically respond within 7 days.
16. Supplemental Notice for California & Other U.S. Residents
We do not sell or share personal information for cross-context behavioural advertising. Exercise rights or submit a Do Not Sell/Share request via decofy.ai/ccpa-request or the in-app toggle.