top of page

Privacy policy

Last Updated: 14 November 2025

 

This Privacy Policy explains how InteriorGPT.ai (“InteriorGPT,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data when you visit our websites, create an account, or use our AI tools and related services (the “Services”). We are a company registered in England & Wales (Company No. 16031114).
For privacy enquiries, contact hello@interiorgpt.ai

 

1) Who is responsible for your data?

For purposes of the UK GDPR and (where applicable) EU GDPR, the data controller is the company registered under Company No. 16031114 trading as InteriorGPT.
Our contact for privacy matters is hello@interiorgpt.ai

 

2) What we collect

We collect the following categories of data, depending on how you interact with us:

Account & Identity Data – name, email, password (hashed), user ID, organization, plan tier.
Payment & Billing Data – transaction details, billing address, VAT/tax info. Payments are handled by third-party processors (e.g., Stripe); we do not store full card numbers.
Content & Files – prompts, text, images, seeds, parameters, and other materials you upload or generate through the Services.
Usage & Technical Data – device/browser info, IP address, timestamps, log files, feature usage, diagnostics, and approximate IP-based location.
Support & Comms – communications you send us (email, forms, chat), feedback, metadata.
Marketing Preferences – opt-in/opt-out choices for newsletters and product updates.
Cookies & Similar Tech – identifiers used for functionality, analytics, and (where permitted) marketing.

 

3) How we use your data (purposes & legal bases)

We process personal data for the purposes below, under the corresponding legal bases:

Provide the Services – manage accounts, authenticate users, deliver features, render outputs, support requests. (Performance of a contract)
Operate, secure, improve – monitor performance, debug, prevent abuse, enhance safety and quality of AI outputs. (Legitimate interests / legal obligation)
Billing & tax compliance – payments, invoicing, fraud prevention, legal/tax obligations. (Contract / legal obligation)
Communications – service notices, critical updates, security alerts. (Legitimate interests / legal obligation)
Marketing (optional) – newsletters, product updates, offers. (Consent or legitimate interests under soft opt-in)
Research & analytics – aggregated/de-identified usage patterns for improvement. (Legitimate interests)
Model/feature improvement – aggregated, de-identified usage info to improve Services. Identifiable content uses require consent, which may be withdrawn.

 

4) Content visibility & discoverability

Some areas of the Service are designed for inspiration and public discovery. Items generated or submitted in those areas may appear there and may have dedicated detail pages containing descriptive elements (e.g., prompt fragments, tags, timestamps, or a displayed name/handle where applicable).

Once widely surfaced, copies may persist in external caches or archives beyond our control.

Tip: Do not upload confidential or personal data if you intend to keep it private. Where private/unlisted modes exist, select them before submitting content.

 

5) Cookies

We use:

Essential cookies – authentication, security, core features

Functional cookies – save settings and preferences

Analytics cookies – service improvement and usage metrics

Advertising cookies (if enabled) – outreach measurement and personalization

You may manage cookies through browser settings and consent tools. Some features may not function correctly if certain cookies are blocked.

 

6) Sharing your data

We do not sell personal data. We share it only as described:

Service providers / processors – hosting, CDN, storage, analytics, email, support, payment processing, fraud prevention.
Business operations – accountants, auditors, insurers, legal advisers.
Compliance & safety – legal compliance, requests from authorities, enforcement of terms, protection of rights and security.
Corporate transactions – mergers, acquisitions, financings, or asset sales under equivalent protective terms.

 

7) International transfers

Your data may be processed outside the UK/EEA. Where international transfers occur, we use lawful safeguards such as UK/EU Standard Contractual Clauses.

 

8) Retention

We keep data only as long as necessary for the purposes described, including legal and accounting requirements. Typical retention periods:

Account/subscription records: lifetime of account + up to 6 years

Payment/transaction data: up to 6 years

Support communications: usually 24 months

Logs/diagnostics: typically 12 months

Renders/uploads/generations: usually kept for a limited window (e.g., 7 days) unless saved or published

Actual retention may vary based on legal duties, disputes, or product-specific settings shown at the point of use.

 

9) Your rights

Subject to applicable law, you may:

Access your personal data

Correct inaccuracies

Request deletion (“right to be forgotten”)

Restrict processing

Object to processing based on legitimate interests

Opt out of marketing

Request portability of your data

Withdraw consent (where used)

To exercise rights, email hello@interiorgpt.ai
.
We may ask for verification and will respond within legal timeframes.

Users in the UK/EEA may also contact their supervisory authority (e.g., the UK ICO).

 

10) Security

We implement measures appropriate to risk (encryption in transit, access controls, monitoring, backups, least-privilege principles). No system is fully secure. You must protect account credentials and report suspected misuse.

 

11) Children

The Services are not intended for individuals under 16 (or the minimum digital consent age in your region). We do not knowingly collect data from such individuals. Contact us if you believe this has occurred.

 

12) Marketing preferences

We send marketing communication only with your consent or where allowed by soft opt-in rules. You may unsubscribe at any time.
Service and security messages are mandatory and cannot be opted out.

 

13) Automated decisions

We do not use solely automated decision-making that produces legal or similarly significant effects. AI outputs are generated based on user inputs; you remain responsible for reviewing and using them appropriately.

 

14) Third-party links

Our Services may contain links to third-party websites. Their data practices are governed by their own privacy policies.

 

15) Changes to this Policy

We may revise this Policy from time to time. The “Last Updated” date indicates the latest version. Significant updates may be communicated. Continued use of the Services after changes means acceptance.

 

16) Contact

Questions or requests about this Policy or your data?

Email: hello@interiorgpt.ai

Company: phototool ai ltd
Company No.: 16031114 (Registered in England & Wales)

 

Thank you for using InteriorGPT. We are committed to protecting your privacy while providing powerful AI tools for design professionals.

bottom of page