Privacy Policy

Last updated: April 19, 2026

This Privacy Policy describes what information Envisio (“we”, “us”) collects when you use our AI-powered interior redesign service, how we use it, and the choices you have.

1. Information We Collect

We collect only the data we need to operate Envisio.

• Account information: your email address, name, and an account identifier, collected through our authentication provider (Clerk). If you sign in with a social provider, we receive the profile fields that provider shares with you.
• Uploaded images: the photos of rooms you upload for redesign.
• Prompts and chat messages: the text you send to our in-app design chat, and any style selections you make.
• Generated images: the AI-generated output images attached to your account.
• Billing information: when you buy tokens or subscribe to a plan, Paddle processes the payment and shares with us the minimum we need to grant you access (email, plan, transaction ID, subscription status). We do not receive or store your full card details.
• Usage information: generation history, token balance, and basic server logs (e.g. request timestamps, error traces). We may use anonymised aggregate analytics to improve the product.

2. How We Use Your Information

• to authenticate you and keep your account secure;
• to generate redesigns — this requires transmitting your upload and prompt to our AI provider on your behalf;
• to operate the in-app chat that helps you write better prompts (which uses a third-party LLM, see below);
• to meter and bill for tokens;
• to prevent abuse, fraud, and violations of our Terms;
• to notify you about material product or policy changes.

We do not sell your personal information. We do not use your images, prompts, or generations to train our own AI models.

3. Third-Party Processors

Envisio uses specialised providers to run different parts of the service. Each one only receives the data it needs.

• Clerk — authentication and account management.
• Vercel Blob — storage of your uploaded and generated images.
• Neon — Postgres database hosting for account, history, and billing metadata.
• Replicate— runs the AI model that produces redesigns. Your source image URL and prompt are sent to Replicate for each generation. Please see Replicate’s privacy policy for how they process inputs.
• Anthropic (Claude) — processes prompt-assistance chat messages and, optionally, looks at the source photo to write a better generation prompt.
• Paddle — merchant of record for all payments, including tax handling, invoices, and refunds.

4. Sharing & Disclosure

We do not share your personal data with anyone except the processors listed above, unless we are legally required to (for example, in response to a valid court order) or if a transfer is necessary in the context of a merger, acquisition, or sale of assets.

5. Data Retention

We keep your account data and generated content for as long as your account is active. When you delete a generation, we delete the underlying blob file and database row. When you delete your account (email us to request this) we remove your personal data within 30 days, except for records we must retain for legal or accounting reasons (typically up to 7 years for billing records).

6. Security

We use HTTPS everywhere, signed webhooks for payment events, and row-level ownership checks on every data access. No service on the internet is perfectly secure; we work to keep your data safe but cannot guarantee absolute security.

7. Your Rights

Depending on where you live, you may have the right to:

• access a copy of the personal data we hold about you;
• correct inaccurate information;
• delete your account and associated content (some records may be retained for legal reasons);
• object to or restrict certain processing;
• data portability;
• withdraw consent at any time where we rely on it.

To exercise these rights, email support@envisio.app. We respond within 30 days.

8. Children

Envisio is not intended for users under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us and we will remove it.

9. International Transfers

Our service and processors may operate in different countries than the one you live in. By using Envisio, you consent to your data being transferred to and processed in those countries, each of which may have different data protection rules than your own.

10. Cookies

We use the cookies strictly necessary to operate the service: an authentication cookie set by Clerk so you stay logged in, and a Paddle session cookie during checkout. We do not currently use advertising or tracking cookies.

11. Changes to This Policy

We may update this Privacy Policy over time. Material changes will be communicated by email or in the app before they take effect.

12. Contact

Privacy questions? Email support@envisio.app.