Re-Design Privacy Policy

1.1 This Policy applies to the Re-Design website, web application, and related services we operate at re-design.app. It does not apply to third-party websites, apps, or services that we do not control, even when linked from the Service.

1.2 The Service is offered from the United States. By using it, you understand that your information will be processed in the United States and in any country where our third-party processors operate. See Section 11 (International users).

We collect information in three ways: (a) information you provide directly, (b) information generated by your use of the Service, and (c) limited information received from third-party providers acting on our behalf.

We do not buy personal data from data brokers and we do not collect special categories of data (such as health, biometric, or government-ID data) intentionally. Do not upload User Photos that contain such content.

We use the information described in Section 2 for the following purposes:

• Provide the Service. Generate concepts and renderings from your User Photos and prompts; store your gallery and history; sign you in; route requests to AI providers; deliver generated images; and process payments and credits.
• Operate, secure, and improve the Service. Diagnose errors, prevent abuse and fraud, monitor performance, evaluate model and prompt quality, refine safety controls, and develop new features.
• Personalize your experience. Remember preferences, surface relevant prior designs, and tailor product flows.
• Communicate with you. Send transactional messages (account, billing, security, generation status, service notices) and, where you have opted in or where permitted by law, occasional product updates. You can opt out of non-essential messages at any time.
• Train and tune our own or licensed models, in aggregated or de-identified form, where legally permitted. This is consistent with the license you grant in our Terms of Service Section 3.3. We do not sell your User Photos or Generated Output and we do not pass them to third-party AI providers for the providers' own model training.
• Comply with law and enforce our agreements. Respond to lawful requests, enforce the Terms of Service, protect rights and safety, and resolve disputes.

Legal bases (for users in jurisdictions that require them, such as the EEA and UK): performance of a contract (Service delivery, account, billing); legitimate interests (security, abuse prevention, product improvement, analytics, model evaluation in aggregated/de-identified form); consent (where required, for example for certain cookies or marketing email); and legal obligation (tax, accounting, lawful requests).

4.1 What we do with User Photos. User Photos are uploaded to our object storage (Cloudflare R2, bucket `redesign-user`) and routed through our AI provider stack to produce Generated Output. We store your User Photos so that you can re-render, refine, and revisit your designs in your gallery.

4.2 What we do with Generated Output. Generated images, named concepts, and associated metadata are stored in our object storage and our application database (Convex) so that we can deliver them to you, support your gallery and history, and allow you to share or download them.

4.3 AI provider handling. User Photos and prompts are transmitted to AI image-generation providers (currently routed via Vercel AI Gateway, including OpenAI's image-generation models) only to fulfill your generation request. We do not authorize our AI providers to use your User Photos or prompts to train their own models, to the extent the provider's data-processing terms allow us to set that posture. Some providers may retain inputs and outputs briefly for safety and abuse monitoring under their own terms.

4.4 Faces, addresses, and bystanders. If a User Photo includes another identifiable person, an address, or other identifying detail, you are responsible for having the right to upload it (Terms Section 3.6). We do not knowingly use bystander faces for model training.

4.5 Public publication. We will not publicly publish, advertise, or attribute individual User Photos or Generated Output to you by name without your consent, except (a) within your own gallery interface, (b) in shareable links you generate, or (c) where required by law or to enforce our Terms (Terms Section 3.4).

5.1 We use cookies and similar technologies (such as `localStorage` and session tokens) to keep you signed in, remember preferences, secure the Service, and measure aggregate usage. Authentication cookies are set by Clerk on our behalf.

5.2 We use Vercel Analytics, which is designed to provide aggregate traffic and performance information without using cross-site tracking cookies.

5.3 You can control cookies through your browser settings. Disabling essential cookies (including authentication cookies) will break sign-in and prevent core Service functionality.

5.4 We do not currently respond to browser "Do Not Track" signals. Where required, we will honor Global Privacy Control (GPC) signals as an opt-out of sale or sharing of personal information (we do not sell or share personal information as those terms are defined under California law).

We share information only as described below.

7.1 We retain information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention practices include:

• Account data. Retained while your account is active. Deleted within a reasonable period after account deletion, subject to backup and legal-hold exceptions.
• User Photos and Generated Output. Retained while saved in your gallery. When you delete a saved design, the associated User Photo and Generated Output are removed from active Service surfaces within a reasonable period; backup and audit copies may persist for a limited time consistent with our retention practices and legal obligations (Terms Section 3.5).
• Generation jobs and logs. Retained for a limited operations and security window, typically measured in days to a small number of months.
• Billing and tax records. Retained for the period required by applicable tax, accounting, and consumer-protection law.
• Aggregate or de-identified data. May be retained indefinitely.

7.2 We will refine and publish specific retention windows as the Service matures.

8.1 Access, correction, deletion, portability. Depending on where you live, you may have the right to request access to, correction of, deletion of, or a portable copy of your personal information, and to object to or restrict certain processing. To exercise these rights, email contact@buildadataadvantage.com. We will verify your identity using account-linked information before responding.

8.2 Account deletion. You can request account deletion by emailing contact@buildadataadvantage.com. We will delete your account, User Photos, Generated Output, and associated metadata from active Service surfaces within a reasonable period, subject to backup and legal-hold exceptions.

8.3 Marketing emails. You can opt out of non-essential marketing email at any time using the unsubscribe link in the email or by emailing us. We will continue to send transactional and service-related messages.

8.4 California residents. California residents have rights under the California Consumer Privacy Act (as amended), including the rights to know, delete, correct, and opt out of sale/sharing. We do not sell or share personal information as those terms are defined under California law. You may exercise California-specific rights at contact@buildadataadvantage.com. We do not discriminate against you for exercising any privacy right.

8.5 EEA, UK, and Swiss residents. You have rights under the GDPR and UK GDPR, including access, rectification, erasure, restriction, objection, and data portability, and the right to lodge a complaint with your local supervisory authority. The legal bases for our processing are summarized in Section 3.

8.6 Authorized agents. You may use an authorized agent to submit a request on your behalf where permitted by law. We may require written authorization and identity verification.

The Service is not intended for and is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us at contact@buildadataadvantage.com and we will delete the information consistent with applicable law. Users who are minors under the age of majority where they live may only use the Service with the involvement of a parent or legal guardian (Terms Section 1.1).

10.1 We use reasonable administrative, technical, and organizational measures to protect information, including encryption in transit (TLS), access controls to our application database (Convex) and object storage (Cloudflare R2), hashing of credentials at our authentication provider, and security monitoring at our hosting provider (Vercel).

10.2 No system is completely secure. You are responsible for the security of your account credentials and for any third-party device or network you use to access the Service. Notify us promptly at contact@buildadataadvantage.com if you suspect unauthorized access to your account.

11.1 We operate the Service from the United States. Our processors (including Vercel, Cloudflare, Clerk, Convex, and our AI providers) may process data in the United States and in other countries where they operate infrastructure.

11.2 Where required, we rely on appropriate transfer mechanisms (such as the Standard Contractual Clauses) with our processors. If you are located in the EEA, UK, or Switzerland and have questions about international transfers, contact contact@buildadataadvantage.com.

The Service may link to third-party websites, services, or content (for example, payment, support, or social channels). We are not responsible for the privacy practices or content of third parties. Review their policies before providing them with information.

We may update this Policy from time to time. The "Last Updated" date at the top of this page reflects the most recent revision. Material changes will be communicated through the Service or by email where appropriate. Continued use of the Service after a change takes effect constitutes acceptance of the updated Policy.

Questions, requests, or complaints about this Policy or our handling of your information:

This Policy is the privacy notice referenced in the Re-Design Terms of Service (Section 6.3 and Section 14.2).