Privacy Policy

Version: April 2025

1Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Data Collection on This Website

Who is responsible?

Data processing on this website is carried out by the website operator. You can find their contact details in the section "Notice on the Responsible Party" in this privacy policy.

How do we collect data?

Some data is collected when you provide it to us (e.g. via a contact form or file uploads). Other data is collected automatically by our IT systems when you visit the website (e.g. technical data).

What do we use your data for?

Some of the data is collected to ensure the website is provided without errors. Other data may be used to analyze your user behavior. Photos you upload (e.g. empty rooms, facades) are stored, transmitted to external AI models, and processed in order to provide you with the generated interior or garden designs.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you may revoke that consent at any time for the future. You also have the right to request that the processing of your personal data be restricted under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

2Hosting and Content Delivery Networks (CDN)

We host the content of our website with the following providers:

Web Hosting (Netlify)

Our web application is hosted by Netlify (Netlify, Inc., 2325 3rd Street, Suite 296, San Francisco, CA 94107, USA).

When you visit the website, technically necessary data (e.g. IP address, access time) is processed to ensure the delivery of content. This is based on Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient provision of the online offering).

Netlify is certified under the EU-U.S. Data Privacy Framework (DPF). Data transfers to the USA are carried out on the basis of the adequacy decision for DPF-certified companies (Art. 45 GDPR).

Google Firebase (Backend Services)

We use the service Google Firebase. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google").

Firebase forms the backbone of our data infrastructure. We use it for:

  • Firebase Authentication (Login): Secure management of user accounts, registrations, and logins.
  • Firestore Database (Data): Storage of structured application data (e.g. projects, user profiles, generated image references, Stripe credit balances).

Firebase Auth and Firestore data is stored in the europe-west3 region (Frankfurt, Germany). Data remains within the European Union.

The legal basis for this processing is Art. 6(1)(b) GDPR (performance of a contract), as Firebase Auth and Firestore are technically necessary to provide the service.

Backblaze B2 (Image Storage)

Provider: Backblaze Inc., 201 Baldwin Ave, San Mateo, CA 94401, USA.

We use Backblaze B2 Storage as our central data store for all user-uploaded original photos (e.g. of empty rooms or gardens) as well as all AI-generated images.

All image files are securely stored in the European data center (EU-Central in Amsterdam).

The legal basis for this processing is Art. 6(1)(b) GDPR (performance of a contract). Data transfers to the USA are carried out on the basis of Standard Contractual Clauses (Art. 46(2)(c) GDPR). We have concluded a Data Processing Agreement (Art. 28 GDPR) with Backblaze.

Cloudflare (Image Proxy via Cloudflare Workers)

Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA.

Cloudflare acts as an intermediary for all image uploads and downloads in this application (via Cloudflare Workers). All image data — including photos you upload and AI-generated images — passes through Cloudflare's infrastructure in both directions. Every image upload and every image delivery is routed through Cloudflare's global network before reaching or leaving our storage provider.

The legal basis for this processing is Art. 6(1)(b) GDPR (contract performance), as this infrastructure is technically necessary to provide the service. Cloudflare is GDPR-compliant and certified under the EU-U.S. Data Privacy Framework (DPF). Data transfers to the USA are carried out on the basis of the adequacy decision for DPF-certified companies (Art. 45 GDPR). Further information: https://www.cloudflare.com/trust-hub/gdpr/

Resend (System Emails)

For sending transactional emails (e.g. confirmations) and support communications, we use Resend. Provider: Resend, Inc., 2261 Market Street #4816, San Francisco, CA 94114, USA.

Resend is certified under the EU-US Data Privacy Framework (DPF). Data transfers to the USA are carried out on the basis of the adequacy decision for DPF-certified companies (Art. 45 GDPR). The use of Resend for transactional and contractual emails (e.g. order confirmations, payment receipts) is based on Art. 6(1)(b) GDPR (contract performance). For support communications, processing is additionally based on our legitimate interest in reliable communication (Art. 6(1)(f) GDPR).

3General Information and Mandatory Disclosures

Notice on the Responsible Party

DenizTech

Ahmet Deniz

Feldstr 48

31275 Lehrte

Email: [email protected]

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

Data Protection Officer

We have not appointed a data protection officer as we are not legally required to do so. For all questions regarding data protection, please contact the responsible party mentioned above directly.

Retention Period

Unless a more specific retention period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies (e.g. after deletion of your user account or explicit deletion of a project). If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible grounds for retaining it.

The following specific retention periods apply:

  • Server/access logs: 30 days
  • Payment and invoice records: 10 years (§ 257 HGB, § 147 AO)
  • Support communications: 3 years (statute of limitations)
  • Firebase account data: deleted within 30 days of an account deletion request
  • Uploaded photos and AI-generated images: deleted when the user deletes the project or closes their account, or after 24 months of inactivity

General Notes on Legal Bases

If you have given consent to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR. If data is necessary for the performance of a contract, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data where this is necessary for the fulfillment of a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing may also take place on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may revoke consent you have already given at any time. The legality of data processing carried out before the revocation remains unaffected.

Right to Object (Art. 21 GDPR)

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING.

WHERE YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING.

Right to Lodge a Complaint with the Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for us is:

The State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hannover, Germany
Phone: +49 511 120-4500
Email: [email protected]

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a commonly used, machine-readable format.

Right of Access (Art. 15 GDPR)

You have the right to request a copy of all personal data we hold about you, information about how it is processed, and the purposes for which it is used.

Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data we hold about you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed.

Right to Erasure (Art. 17 GDPR)

You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, or where processing is unlawful. This right may be limited where we have a legal obligation to retain data.

Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data. You may do this when you dispute the accuracy of your data, the processing is unlawful, we no longer need the data (but you need it to assert, exercise, or defend legal claims), or when you have objected to processing.

SSL / TLS Encryption

For security reasons and to protect the transmission of confidential content, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the padlock icon in your browser's address bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4Data Collection on This Website

Cookies & Local Storage

Our website uses so-called "cookies" and similar technologies such as LocalStorage. Cookies are small data packages and do not cause any damage to your device.

Cookie Consent

When you first visit our website, a cookie banner appears through which you can give your consent to the use of certain cookies. You can change your cookie settings at any time via the "Cookie Settings" link in the footer of the website.

Necessary Cookies

We use technically necessary cookies that are strictly required for the operation of the website. These cookies do not require consent. They include:

  • Session & Login (Firebase Auth): To securely log you in and authenticate your session.
  • Language Settings (i18next): To save your preferred language setting.
  • Cookie Consent: To save your cookie preferences.

The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest in the technical provision of the service) and, in the case of contract conclusions, Art. 6(1)(b) GDPR.

Note on payment providers: Our payment processors (e.g. Stripe) may also set cookies for fraud prevention and payment security. These are technically necessary for the secure checkout process.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files (browser type, operating system, referrer URL, IP address, time of access). This data is collected on the basis of Art. 6(1)(f) GDPR.

Contact Form, Support & Registration

If you register on our website, contact us via the contact form, or submit a support request, your information including the contact details you provide (e.g. name, email address, problem description) will be stored by us for the purpose of processing the request and in case of follow-up questions. We do not share this data without your consent.

Legal basis: The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR).

Retention period: The data you enter in the contact form or support requests will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been fully processed). Mandatory statutory provisions — in particular retention periods — remain unaffected.

User account: Data collected during registration is stored by us for as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.

Use of External AI Service Providers

To fulfill the main purpose of this application — AI-powered generation of interior and exterior designs — we use the following external artificial intelligence services via API interfaces:

  • OpenAI (OpenAI, L.L.C., USA) — certified under the EU-U.S. Data Privacy Framework (DPF) — used for image generation
  • Google Gemini (Google LLC, USA/Ireland) — certified under the EU-U.S. Data Privacy Framework (DPF) — used for image generation
  • fal.ai (fal, Inc., USA) — data transfers based on Standard Contractual Clauses — used for background segmentation
  • Reve API — used for image generation
  • Seedream / ByteDance — data transfers based on Standard Contractual Clauses — used for image generation

We have concluded Data Processing Agreements (Art. 28 GDPR) with each AI provider. Image data is transmitted exclusively for the purpose of processing the user's request and is not stored by these providers beyond the duration of the API call, to the extent permitted by their respective terms.

When you upload a photo for analysis or generation and enter a prompt, this image data is sent to the relevant AI provider for processing. The transmitted image data and prompts are used exclusively for processing your specific generation request.

Important Notice Regarding Personal Data (PII):

Please do not upload photos that show identifiable persons (faces), vehicle license plates, address signs, or other highly sensitive personal data (e.g. family photos on the wall). Since this image data is transmitted to external AI servers (some in third countries such as the USA) for processing, it is your sole responsibility to clear rooms or outdoor areas of personal items as much as possible before photographing them.

Legal basis: Processing is based on the fulfillment of our primary contractual service obligation to you (Art. 6(1)(b) GDPR), since without this transmission to the relevant AI models, image generation within the scope of our services would not be possible.

Data transfers to countries outside the EU are based on the EU Standard Contractual Clauses and/or the Data Privacy Framework. We strictly ensure that the service levels offered by our partners respect GDPR compliance and do not use your image data for training third-party models without authorization, to the extent contractually guaranteed.

Automated Decision-Making

The image generation feature involves automated processing of your uploaded photos. This processing does not constitute automated decision-making with legal effects within the meaning of Art. 22 GDPR. No profiling that produces legal effects or similarly significant effects on you is carried out.

5Analytics Tools and Cookies

Google Analytics 4

This website uses functions of the web analytics service Google Analytics 4. Provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Scope of Processing

Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transferred to a Google server in the USA and stored there.

Google Analytics 4 collects the following data by default:

  • Page views and time spent
  • Device information (browser type, operating system, screen resolution)
  • Approximate location (based on IP address)
  • Referrer URL (which page you came from)
  • Interactions with the website (clicks, scrolling behavior)

IP Anonymization

We have enabled IP anonymization. As a result, your IP address is shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

Google Analytics 4 (GA4)

We use Google Analytics 4 (GA4) directly via the Google Tag (gtag.js). No separate Google Tag Manager container is deployed.

Purpose of Data Processing

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services relating to website activity and internet usage to the website operator.

Legal Basis

The use of Google Analytics is based on your consent pursuant to Art. 6(1)(a) GDPR. Consent can be revoked at any time. Google Analytics is only activated if you give your consent in the cookie banner.

Data Transfer to the USA

Google is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA.

Cookies Used

Cookie NamePurposeDuration
_gaDistinguishing users2 years
_ga_*Storing session state2 years
_gidDistinguishing users24 hours

Revoking Consent

You can revoke your consent at any time by accessing the cookie settings via the link in the website footer and disabling analytics cookies. Cookies that have already been set will then be automatically deleted.

More information on Google Analytics can be found here: https://policies.google.com/privacy

Meta Pixel (formerly Facebook Pixel)

This website uses the "Meta Pixel" of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland for conversion measurement.

This allows the behavior of site visitors to be tracked after they have been redirected to our website by clicking on a Facebook or Instagram advertisement. This enables the effectiveness of ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

Legal basis: Use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR. Consent can be revoked at any time.

The data collected is anonymous to us as the operator of this website — we cannot draw conclusions about the identity of the users. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes.

To the extent that personal data is collected on our website using this tool and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). Data subjects may exercise their GDPR rights against either DenizTech or Meta Platforms Ireland Ltd. The joint controller arrangement is governed by Meta's Page Controller Addendum, available at: https://www.facebook.com/legal/controller_addendum

Data transfer to the USA is based on the EU Commission's standard contractual clauses and/or the Data Privacy Framework. Meta is certified under the Data Privacy Framework.

TikTok Pixel

Our website uses the TikTok Pixel of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. The pixel helps us to display targeted advertisements. It is only used after your voluntary consent (Art. 6(1)(a) GDPR) via the cookie banner.

Pinterest Tag

We use the conversion tracking tag from Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) on our website. It enables us to determine whether a user has performed a specific action after clicking on one of our Pinterest pins. Data is only collected with consent (Art. 6(1)(a) GDPR).

Microsoft Clarity

We use Microsoft Clarity (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA) to understand how users interact with our website (e.g. clicked links, mouse movements). This serves purely for bug fixing and UX optimization. Clarity uses cookies and other tracking technologies. Processing only takes place with your explicit consent (Art. 6(1)(a) GDPR) via marketing cookies.

6eCommerce and Payment Providers

We process personal data to the extent necessary for the fulfillment of contracts (purchase of packages).

Stripe

Provider: Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland.

To process payments on our website, your personal data is processed on Stripe's servers. For details, see Stripe's privacy policy: https://stripe.com/en-de/privacy.

The use of Stripe is based on Art. 6(1)(b) GDPR (performance of a contract) as the primary legal basis, and additionally on Art. 6(1)(f) GDPR (legitimate interest in fraud prevention and payment security).

Google Ads & Conversion Tracking

We use the online advertising program "Google Ads" and, within this context, conversion tracking. Provider is Google Ireland Limited.

When you click on an ad placed by Google, a cookie for conversion tracking is set. This allows us and Google to recognize that you have clicked on the ad and been redirected to our site. This is used to create conversion statistics (e.g. the number of users who purchased a package after clicking on an ad).

Legal basis: Processing is based on your consent (Art. 6(1)(a) GDPR).

Social Media

We maintain online presences within social networks (e.g. Instagram) to communicate with users active there and to inform them about our offerings.

When accessing the respective networks, the terms and conditions and data processing policies of their respective operators apply. Unless otherwise stated in our privacy policy, we process the data of users who communicate with us within social networks and platforms (e.g. write posts or send us messages).