Privacy Policy

We collect only what we need to deliver the service and run the business. That includes:

• Account and contact information: email, name, shipping and billing addresses as applicable.
• Project information: photos, measurements, written intake responses, design preferences, and anything you send us for the purpose of designing your plan.
• Payment information: handled by Stripe. We do not store credit card numbers on our servers.
• Usage and analytics: aggregate, privacy-friendly analytics via Plausible. We do not use cookies to track you across other sites.
• Support correspondence: emails and revision-form submissions you send us.

• To design your plan and deliver it to you.
• To communicate about your project, revisions, and follow-up Q&A.
• To process payments and issue receipts.
• To improve our service and quality processes, using aggregated or de-identified data.
• To comply with legal obligations.

We share information with service providers who help us deliver the service, and only to the extent necessary. Our providers include:

• Stripe, for payment processing.
• Supabase, for database and secure file storage.
• Resend, for transactional email delivery.
• Automated design-generation processing services, which help us structure the first draft of every plan. Your project information is sent to these services solely for the purpose of producing your plan and is not used to train third-party models.
• Railway, for application hosting.

We do not sell your information. We do not share it with advertisers. We will disclose information if required by valid legal process.

Photos you submit during intake are used to design your plan. We will never use your photos or project details in marketing, blog posts, portfolio pages, or social media without your explicit written consent. Read the Photo & Portfolio License for the full terms.

• Photos and PDFs are stored in private Supabase Storage buckets.
• Our databases use row-level security. Access requires authenticated sessions.
• All traffic to and from our servers is encrypted in transit (HTTPS).
• We follow the principle of least-privilege access for internal users and contractors.

• Project data: retained while your project is active and for up to seven years after delivery for tax, accounting, and reference purposes.
• Payment records: retained as required by law.
• Photos: retained with your project record. You can request deletion at any time (see "Your rights" below).
• Marketing emails: retained while you’re subscribed. Unsubscribe any time.

You can request access to your information, correction of inaccurate information, deletion of your photos and project data, and a copy of your data in a portable format. Email [email protected] and we will respond within 30 days.