Design Babai

Privacy Policy

Last updated: April 10, 2026

1. Introduction

Design Babai ("Design Babai", "we", "us", or "our"), operated by [Your Company Name], provides an AI-powered interior design platform that enables users to import spaces, iterate with an AI interior designer, and export polished design directions.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service"). It applies to all users worldwide, including users in the European Economic Area (EEA), the United Kingdom, California (USA), India, and other jurisdictions with data protection legislation.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect the following through our authentication provider (Clerk):

  • Email address
  • Full name
  • Profile photo/avatar (if provided)

2.2 Project and Design Data

  • Project names, descriptions, and status
  • Room layouts, spatial coordinates, and floor plan data
  • Space definitions (room names, types, and metadata)
  • Design parameters, material selections, and style preferences

2.3 Uploaded Content

  • Room photographs and reference images
  • Floor plan drawings and PDF documents
  • Voice transcripts (if provided as chat attachments)

2.4 AI Interaction Data

  • Chat messages, including design prompts you send and AI-generated responses
  • Image transformation parameters and generation settings
  • AI-generated design images stored in your project

2.5 Billing Information

  • Credit balance and transaction history
  • Payment transaction identifiers (order IDs and payment IDs from Razorpay)
  • Purchase amounts and applicable taxes (GST)

We do not store your credit card numbers, bank account details, or other sensitive payment credentials. These are handled directly by our payment processor, Razorpay.

2.6 Technical Information

Our hosting infrastructure may automatically collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Referring URLs and pages visited
  • Timestamps of access

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service — To create and manage your account, store your projects, and deliver AI-assisted interior design features.
  • AI Processing — To send your photos and design prompts to AI models for image analysis, room detection, and design generation.
  • Process Payments — To facilitate credit purchases, maintain your credit ledger, and process transactions through Razorpay.
  • Communicate — To send service-related notifications, respond to inquiries, and provide customer support.
  • Improve the Service — To analyze usage patterns, diagnose technical issues, and develop new features.
  • Legal Compliance — To comply with applicable laws, regulations, and legal processes.

4. AI-Specific Data Processing

Our Service uses artificial intelligence to analyse room photos and generate interior design suggestions. When you use AI features:

  • Your uploaded photos and text prompts are sent to the Google Gemini API for image analysis and design generation.
  • AI-generated designs and outputs are stored within your project in our database.
  • We do not use your content (photos, prompts, or designs) to train our own AI models or any third-party AI models.
  • Google's processing of data sent to the Gemini API is governed by Google's Privacy Policy.

5. Third-Party Service Providers

We share data with the following third-party service providers, each of which processes data in accordance with their own privacy policies:

  • Clerk — Authentication and identity management. Processes your email, name, and session data. Clerk Privacy Policy
  • Supabase — Database hosting and file storage. Stores all project data and uploaded files with encryption at rest. Supabase Privacy Policy
  • Google (Gemini API) — AI image analysis and design generation. Receives photos and prompts for processing. Google Privacy Policy
  • Razorpay — Payment processing. Handles credit card details and payment transactions directly. Razorpay Privacy Policy
  • Vercel — Hosting, deployment, and AI gateway routing. May collect technical data (IP, request logs). Vercel Privacy Policy

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

6. Data Storage and Security

  • Your data is stored in Supabase (PostgreSQL database and object storage) with Row Level Security (RLS) ensuring that only authenticated, authorized users can access their own data.
  • All data is encrypted in transit using TLS/SSL.
  • Data at rest is encrypted by our infrastructure providers.
  • Access to your account is protected by Clerk's authentication system using secure JWT tokens.

While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

7. Data Retention

  • Account data is retained for as long as your account is active. You may request deletion at any time.
  • Project data (layouts, spaces, images, chat history) is deleted when you delete a project. Deletion cascades to all associated data.
  • Credit transaction records are retained indefinitely for financial auditing and compliance purposes.
  • Soft-deleted data (such as removed spaces) may be retained for a limited recovery period before permanent deletion.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

8.1 General Rights (All Users)

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Request correction of inaccurate or incomplete data.
  • Deletion — Request deletion of your personal data (right to erasure).
  • Data Portability — Request your data in a structured, machine-readable format.
  • Restriction — Request that we restrict processing of your data in certain circumstances.
  • Objection — Object to the processing of your personal data.
  • Withdraw Consent — Where processing is based on consent, you may withdraw it at any time.

8.2 European Economic Area and United Kingdom (GDPR)

If you are located in the EEA or UK, the legal bases for our processing include: performance of a contract (providing the Service), legitimate interest (improving and securing the Service), and consent (where applicable). You have the right to lodge a complaint with your local Data Protection Authority.

8.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used.
  • Request deletion of your personal information.
  • Opt out of the sale or sharing of personal information. We do not sell your personal information.
  • Non-discrimination for exercising your privacy rights.

8.4 Indian Residents

If you are located in India, your rights are protected under the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDP Act). You have the right to access, correct, and request erasure of your personal data, as well as the right to nominate another individual to exercise your rights. You may lodge a grievance with the Data Protection Board of India.

To exercise any of these rights, please contact us at [Contact Email].

9. Cookies and Tracking

  • Essential authentication cookies — Managed by Clerk to maintain your login session. These are strictly necessary for the Service to function.
  • Theme preference— Your light/dark mode preference is stored in your browser's local storage.

We do not use analytics cookies, advertising trackers, social media pixels, or any other third-party tracking technologies.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our hosting (Vercel), authentication (Clerk), and AI processing (Google) providers operate. When such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required under GDPR, and compliance with applicable cross-border data transfer regulations.

11. Children's Privacy

The Service is not intended for individuals under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we may also notify you via email or an in-app notification. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

  • Email: [Contact Email]
  • Company: [Your Company Name]
  • Address: [Your Company Address]

For data protection inquiries in the EU, you may also contact our Data Protection Officer (if appointed) at the email address above.