Privacy Policy
Last updated: June 16, 2025
Privacy Policy
This Privacy Policy explains how RoomForge ("RoomForge", "we", "us", "our") collects, uses, discloses, and protects your personal data when you access or use the RoomForge website, applications, and related services (collectively, the "Service"). It also outlines your rights under the European Union General Data Protection Regulation (GDPR) and other applicable data‑protection laws.
1. Data Controller
RoomForge is operated by a sole proprietorship (Einzelunternehmen) registered in Germany.
Controller: Bengin Cetindere
Address: Cecilienstr. 26, 53721 Siegburg
Contact Us
2. Scope
This Policy applies to all visitors, registered users, and purchasers of the Service. By using RoomForge, you acknowledge that you have read and understood this Policy.
3. Personal Data We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account Data | Name, email address | Create and manage your account (Art. 6 (1)(b) GDPR) |
| Uploaded Content | Photos of rooms, text prompts, project metadata | Provide core AI‑generation functionality (Art. 6 (1)(b)) |
| Generated Content | AI‑created images and design text | Display, store, and let you download results (Art. 6 (1)(b)) |
| Payment Data | Order ID, amount, currency, tokenized card details (processed by Paddle) | Process transactions, prevent fraud (Art. 6 (1)(b) & (f)) |
| Usage Data | IP address, device type, browser, pages visited, actions taken | Service security, analytics, improvements (Art. 6 (1)(f)) |
| Cookie & Tracking Data | Session cookies, PostHog analytics cookies | Remember preferences, measure engagement (Art. 6 (1)(a) or (f)) |
We do not intentionally collect sensitive personal data. Please avoid uploading images that contain people or sensitive information.
4. How We Use Your Data
- Provide the Service — operate and maintain RoomForge features.
- Process Transactions — fulfil purchases and manage access rights.
- Improve & Secure — monitor performance, detect abuse or fraud, develop new features.
- Communicate — send technical, transactional, or support emails.
- Comply with Law — meet legal obligations, resolve disputes, enforce Terms of Service.
We do not sell or rent personal data.
5. Legal Bases (Art. 6 GDPR)
- Contractual Necessity: When processing is required to deliver the Service you request.
- Legitimate Interests: To secure, improve, and market our Service (balanced against your rights).
- Consent: For optional analytics cookies or marketing communications. You may withdraw consent at any time.
- Legal Obligation: For tax, accounting, or regulatory requirements.
6. Automated Processing & AI
RoomForge uses machine‑learning models to transform your uploaded images into redesigned visuals and generate style advice. This processing is automated but does not produce legal or similarly significant effects within the meaning of Art. 22 GDPR.
7. Data Retention
- Projects & Uploads: Stored while your project/folder exists. Deleted within 30 days after you delete the project or permanently delete your account.
- Account Data: Retained until you delete your account or as required by law.
- Payments: Records kept for up to 10 years to comply with tax regulations.
- Analytics Cookies: Retention period is defined in our Cookie Banner at the time of consent.
8. Sharing & Disclosure
We share personal data only with service providers acting as processors under GDPR-compliant agreements, including:
| Provider | Purpose | Location & Safeguards |
|---|---|---|
| Paddle | Payment processing | UK / EU; SCCs & DPA |
| Cloudflare | Security, CDN, performance | Global; Data Localization Suite & SCCs |
| PostHog | Product analytics | EU hosting option; SCCs |
We may also disclose data if required by law, to protect rights and safety, or with your explicit consent.
9. International Transfers
If personal data is transferred outside the European Economic Area (EEA), we rely on the European Commission’s Standard Contractual Clauses or an adequacy decision to protect your information.
10. Your Rights
Subject to limitations under GDPR, you have the right to:
- Access — obtain confirmation and a copy of your personal data.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion (“right to be forgotten”).
- Restriction — limit processing under certain conditions.
- Data Portability — receive data in a structured, machine‑readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw Consent — at any time, without affecting prior processing.
To exercise any right, contact us at privacy@roomforge.ai.
11. Security Measures
We implement industry‑standard technical and organizational measures, including TLS encryption, access controls, and regular security audits, to protect data from unauthorized access, alteration, or disclosure.
12. Cookies & Tracking Technologies
We use:
- Essential Cookies — required for site functionality (cannot be disabled).
- Analytics Cookies (PostHog) — only set with your prior consent.
You can manage cookie preferences via our Cookie Banner. Clear your cache for showing it again.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be posted on our website with the “Last updated” date. Material changes will be announced via email or in‑app notice where possible.
For additional terms governing your use of RoomForge, please see our Terms of Service.