Privacy Policy

Last updated: 27 April 2026

We try to ask for as little as possible, hold it for as little time as possible, and tell you plainly what happens to it.

What we collect

• The photo of your home you upload. Stored in our backend (Convex) and sent to our generation, upscaling, and print partners as part of producing your portrait.
• Your email and shipping address. Needed to send you the proof, ship the print, and keep a record of the sale.
• Order metadata — the size, frame, paper, currency, amount paid, and timestamps for the order lifecycle.
• Payment data is handled entirely by Stripe. We never see or store your card details. Stripe holds them under their own privacy policy.

How long we keep your photo

Customer photos are sensitive — they show where you live. We keep them only as long as we need them to deliver and stand behind your order:

• Reference photo and digital proof: kept for 30 days after we ship your portrait, so we can re-issue or reprint if anything goes wrong. After 30 days, the image files are permanently deleted from our storage.
• Print-ready (upscaled) file: kept for 14 days after you approve the proof, then deleted.
• Abandoned uploads (orders that never reached payment) are deleted after 14 days.

Order metadata (size, address, amount paid, supplier order id) is retained for the period required to satisfy our tax and bookkeeping obligations — typically 6–10 years depending on jurisdiction.

Who we share data with

• Stripe — payments.
• OpenRouter / Google Gemini — image generation. Your photo is sent over HTTPS and is not used by them to train models, per their commercial terms.
• Replicate — print-resolution upscaling.
• Gelato — print and shipping. Receives the print file and your shipping address.
• Resend — transactional email delivery. Receives your email address and the email body.
• Convex — our backend platform. Holds your data in the United States.

We do not sell your data. We do not use it for advertising. We do not share it for any purpose other than delivering your order.

Your rights

Under GDPR and equivalent laws, you have the right to:

• Access the personal data we hold about you
• Have it corrected if it's wrong
• Have it erased before our normal retention window expires (provided we don't have a legal obligation to keep it)
• Object to processing, or ask for it to be restricted
• Take your data with you (data portability)
• Lodge a complaint with your local data protection authority

To exercise any of these rights, email privacy@example.com.

Cookies

We use a single first-party preference cookie / localStorage entry to remember your chosen currency and language. We do not use third-party advertising cookies. Stripe sets its own cookies on its checkout page.

Contact

Questions? privacy@example.com. Data controller: [LEGAL ENTITY NAME], [REGISTERED ADDRESS].