Privacy Policy
Last updated: March 15, 2026
1. Introduction
EasyInterior ("we", "our", "us"), operated by EasyInterior Co., respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and safeguard your information when you use our AI-powered interior design platform at easyinterior.co (the "Service").
By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
2. Merchant of Record
Our order process is conducted by our online reseller Paddle.com Market Limited ("Paddle"). Paddle is the Merchant of Record for all our orders. This means:
- Paddle processes all payments as the Merchant of Record — when you make a purchase, you enter into a purchase agreement with Paddle, not directly with EasyInterior.
- Paddle calculates and remits applicable sales tax/VAT.
- Paddle issues invoices and handles payment disputes.
- Paddle provides customer service for all billing inquiries and handles refunds.
See Paddle's Checkout Buyer Terms for more details on your purchase agreement.
3. Information We Collect
3.1 Information You Provide
- Account Information: Email address, full name, and password when you register. If you sign in with Google OAuth, we receive your name, email, and profile picture from Google.
- Uploaded Photos: Images you upload for AI processing (room photos, floor plans, garden images).
- Preferences: Style selections, color palettes, room types, and design options you choose for generations.
3.2 Information Collected Automatically
- Usage Data: Pages visited, features used, generation history, timestamps, and platform interactions.
- Device Information: Browser type, operating system, screen resolution, and IP address.
- Cookies and Tracking: See our Cookie Policy for details.
3.3 Payment Information
Payment information (credit card numbers, billing addresses) is collected and processed directly by Paddle. We do not store or have access to your full credit card details. We only receive:
- Confirmation of successful payment
- Transaction ID and amount
- Subscription status and plan type
- Paddle customer ID
4. Data Shared with Paddle
When you make a purchase, we share the following data with Paddle to process your transaction:
- Email address — for receipts, invoices, and transaction communication
- Name — for invoicing and account identification
- Billing address — for tax calculation and compliance
- Payment method — processed directly by Paddle (we never see full card details)
Paddle processes this data in accordance with:
- PCI DSS Level 1 compliance
- GDPR requirements
- Paddle's Privacy Policy
- Paddle's Data Processing Addendum (implementing GDPR Article 28 requirements)
5. Lawful Basis for Processing (GDPR)
We process your personal data under the following legal bases as defined by GDPR Article 6:
| Processing Activity | Lawful Basis |
|---|---|
| Account creation and management | Contract performance |
| AI generation processing | Contract performance |
| Payment processing (via Paddle) | Contract performance |
| Service notifications | Legitimate interest |
| Analytics and product improvement | Legitimate interest |
| Marketing emails | Consent (opt-in) |
| Cookies (non-essential) | Consent |
| Legal obligations (tax records) | Legal obligation |
6. How We Use Your Data
- Providing and operating our AI design services
- Processing your photo uploads and delivering AI-generated results
- Managing your account, subscriptions, and credit balance
- Sending service-related notifications (generation complete, credits low, etc.)
- Improving our platform through aggregated, anonymized analytics
- Detecting and preventing fraud and abuse
- Complying with legal obligations
7. Photo Data & AI Training
We do not use your uploaded photos to train AI models. Your images are processed in real-time through third-party AI providers solely to generate your requested designs. Specifically:
- Photos are sent to our AI providers (Kie.ai, fal.ai) only for the purpose of generating your requested design.
- AI providers process images in real-time and do not retain them for training purposes.
- You can delete your photos and generation history at any time from your account settings.
- We do not sell, share, or license your uploaded images to any third party.
8. Data Retention
We retain your data for the minimum period necessary to provide our services:
| Data Type | Retention Period |
|---|---|
| Account data (profile, email) | Until account deletion |
| Generated images (Free plan) | 30 days from creation |
| Generated images (Basic plan) | 30 days from creation |
| Generated images (Pro plan) | Unlimited (until account deletion) |
| Uploaded source photos | 30 days from upload (all plans) |
| Usage analytics | 24 months (anonymized) |
| Payment records | Retained by Paddle per legal requirements (typically 7 years) |
| Inactive free accounts | Deleted after 12 months of inactivity |
After account deletion, all personal data is removed within 30 days. Some anonymized, aggregated data may be retained for analytics.
9. Third-Party Services
We share data with the following third-party services as necessary to operate our platform:
| Service | Purpose | Data Shared |
|---|---|---|
| Paddle | Payment processing (Merchant of Record) | Email, name, billing address |
| Supabase | Authentication, database, storage | Account data, uploaded files |
| Kie.ai, fal.ai | AI image/video generation | Uploaded photos (real-time processing only) |
| Vercel | Hosting and edge delivery | IP address, request logs |
| Google (OAuth) | Social sign-in | Authentication tokens (if you choose Google login) |
| Google Analytics | Usage analytics | Anonymized usage data (with consent) |
We do not sell your personal data to any third party. We only share data as described above, and only to the extent necessary for the stated purpose.
10. Your Rights
Under GDPR, CCPA, and other applicable data protection laws, you have the following rights:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Get a copy of all personal data we hold about you | Account Settings → Export Data, or email us |
| Rectification | Correct inaccurate or incomplete personal data | Account Settings → Profile |
| Erasure | Delete your account and all associated data | Account Settings → Delete Account, or email us |
| Portability | Receive your data in a machine-readable format | Account Settings → Export Data |
| Restriction | Limit how we process your data | Email us at support@easyinterior.co |
| Objection | Object to processing based on legitimate interest | Email us at support@easyinterior.co |
| Withdraw Consent | Remove consent for optional processing (e.g., cookies, marketing) | Cookie Settings banner or email us |
We will respond to all data rights requests within 30 days. For billing-related data held by Paddle, you can contact Paddle Support directly, or contact us and we will coordinate with Paddle on your behalf.
11. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You can request details about the personal information we collect, use, and disclose.
- Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
- We Do Not Sell Personal Information: We do not sell your personal data as defined under the CCPA.
To exercise your CCPA rights, email us at support@easyinterior.co.
12. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- EU-U.S. Data Privacy Framework, where applicable
- Adequacy decisions by the European Commission
Paddle's Data Processing Addendum includes Standard Contractual Clauses for international transfers.
13. Data Security
We implement industry-standard security measures to protect your data:
- All data transmitted via HTTPS/TLS encryption
- Database encryption at rest
- Row Level Security (RLS) policies on all database tables
- Secure authentication via Supabase Auth with bcrypt password hashing
- Payment data protected by Paddle's PCI DSS Level 1 compliance
- Regular security reviews and dependency audits
While we take reasonable precautions, no method of transmission over the Internet is 100% secure. If you discover a security vulnerability, please report it to security@easyinterior.co.
14. Children's Privacy
Our Service is not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child under 16, please contact us immediately at support@easyinterior.co, and we will promptly delete the information.
15. Cookies
We use cookies and similar tracking technologies for essential functionality and, with your consent, for analytics. For full details, see our Cookie Policy.
16. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:
- Posting the updated policy on this page with a new "Last updated" date
- Sending an email notification to registered users
- Displaying a banner on our website
Your continued use of the Service after any changes constitutes acceptance of the updated policy.
17. Contact
For privacy-related questions or to exercise your data rights:
- Email: support@easyinterior.co
- Billing inquiries: Paddle Support
If you are in the EU and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local Data Protection Authority (DPA).