Privacy Policy

Last updated: May 10, 2026

This Privacy Policy describes what information Envisio (“we”, “us”) collects when you use our AI-powered interior redesign service, how we use it, and the choices you have.

1. Information We Collect

We collect only the data we need to operate Envisio.

• Account information: your email address, name, and an account identifier, collected through our authentication provider (Clerk). If you sign in with a social provider, we receive the profile fields that provider shares with you.
• Uploaded images: the photos of rooms you upload for redesign.
• Prompts and chat messages: the text you send to our in-app design chat, and any style selections you make.
• Generated images: the AI-generated output images attached to your account.
• Billing information: when you buy tokens or subscribe to a plan, our payment provider processes the payment and shares with us the minimum we need to grant you access (email, plan, transaction ID, subscription status). We do not receive or store your full card details.
• Usage information: generation history, token balance, and basic server logs (e.g. request timestamps, error traces).
• Product analytics (with your consent): if you accept analytics cookies, we use PostHog to record product events (e.g. page views, generations requested, features used) linked to your account so we can understand and improve the product. If you decline, no analytics cookies are set. We also record a small number of operational events server-side (e.g. failed generations, rate-limit hits) to run the service reliably.

2. How We Use Your Information

• to authenticate you and keep your account secure;
• to generate redesigns — this requires transmitting your upload and prompt to our AI provider on your behalf;
• to operate the in-app chat that helps you write better prompts (which uses a third-party LLM, see below);
• to meter and bill for tokens;
• to prevent abuse, fraud, and violations of our Terms;
• to notify you about material product or policy changes.

We do not sell your personal information. We do not use your images, prompts, or generations to train our own AI models.

3. Third-Party Processors

Envisio uses a small number of specialised providers to run different parts of the service. Each one only receives the data it needs to perform its specific task. Our AI sub-processors are described separately in section 4.

• Clerk — authentication and account management.
• Vercel — application hosting, content delivery, and storage of uploaded photos and saved redesigns (Vercel Blob).
• Neon — Postgres database hosting for account, history, and billing metadata.
• Resend — transactional email delivery (account, billing, and support correspondence).
• PostHog — product analytics, only after you accept analytics cookies (see section 11).
• Sentry — error monitoring, so we can detect and fix failures. Error reports may include your IP address, browser metadata, and the state of the request that failed.
• Merchant of Record (payments) — processes payments, calculates and remits sales tax / VAT, and handles billing and refunds.

For a complete, current list — including data location and retention windows — see our Sub-processors page.

4. Third-Party AI Processing

When you upload a photo and request a redesign, your data may be processed by the following AI providers — each receives only the input it needs to perform its task, and none use your data to train their foundation models:

• Anthropic (Claude API, paid tier, United States) — generates the style prompt that guides the image model. Receives text only (your style selection and room metadata); no images are sent. Inputs and outputs are auto-deleted after 7 days. In rare cases where content is flagged by Anthropic’s abuse-detection systems, flagged material may be retained for up to 2 years for safety review.
• Google (Gemini API, paid tier, United States) — runs the model that produces the redesign and performs room-type classification from your uploaded photo. Receives the source photo and generation prompt, with no account identifiers attached. Logs are retained for a limited period solely to detect abuse and policy violations, and are not used for model training.

Envisio retains your source upload for 30 days from upload for support and abuse-prevention purposes, after which it is permanently deleted. Saved redesigns remain available in your account until you delete them or close your account.

For a complete list of sub-processors and their data-handling policies, see our Sub-processors page.

5. Sharing & Disclosure

We do not share your personal data with anyone except the processors listed above, unless we are legally required to (for example, in response to a valid court order) or if a transfer is necessary in the context of a merger, acquisition, or sale of assets.

6. Data Retention

Source uploads (the room photos you submit for redesign) are retained for up to 30 days from upload, after which we automatically delete the underlying blob file. You can also delete an upload sooner from your dashboard, in which case the file and its database row are removed immediately.

Generated images remain on your account until you delete them or close your account. When you delete a generation, we delete the underlying blob file and database row.

Account data (email, plan, history metadata) is kept for as long as your account is active. When you delete your account (email us to request this) we remove your personal data within 30 days, except for records we must retain for legal or accounting reasons — typically up to 7 years for billing records.

7. Security

We use HTTPS everywhere, signed webhooks for payment events, and row-level ownership checks on every data access. No service on the internet is perfectly secure; we work to keep your data safe but cannot guarantee absolute security.

8. Your Rights

Depending on where you live, you may have the right to:

• access a copy of the personal data we hold about you;
• correct inaccurate information;
• delete your account and associated content (some records may be retained for legal reasons);
• object to or restrict certain processing;
• data portability;
• withdraw consent at any time where we rely on it.

To exercise these rights, email support@envisio.design. We respond within 30 days.

9. Children

Envisio is not intended for users under 16 (or the minimum age in your jurisdiction, if higher). We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us and we will remove it.

10. International Transfers

Our service and processors may operate in different countries than the one you live in. By using Envisio, you consent to your data being transferred to and processed in those countries, each of which may have different data protection rules than your own.

11. Cookies

We use two categories of cookies and similar storage:

• Strictly necessary— an authentication cookie set by Clerk so you stay logged in, plus local preferences (theme, currency, and your cookie choice itself). These are required for the service to work and don’t need consent.
• Analytics (optional, opt-in) — PostHog cookies that let us recognise returning visitors and link product events to your account. These are only set after you accept them via the cookie banner. If you decline or make no choice, PostHog stays cookieless and captures nothing.

We do not use advertising cookies. Our performance monitoring (Vercel Speed Insights) and error monitoring (Sentry) do not set tracking cookies.

You can change your analytics choice at any time — withdrawing consent is as easy as giving it:

12. Changes to This Policy

We may update this Privacy Policy over time. Material changes will be communicated by email or in the app before they take effect.

13. Contact

Privacy questions? Email support@envisio.design.