Welcome to DecorAI (“we,” “our,” or “us”), an AI-powered interior design application operated by Rocket Digital Limited, 1603 The L Plaza, 367-375 Queens Road Central, Hong Kong. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website located at https://www.mydecor.app (collectively, the “Service”). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.
1. Information We Collect
1.1 Information You Provide Directly
- Account information: When you register, we collect your email address, display name, and authentication credentials via Firebase Authentication.
- Room photos and images: Photos you upload to generate AI interior design transformations.
- Design preferences: Style selections, room types, and design parameters you configure.
- Payment information: Subscription and billing data processed by RevenueCat. We do not store payment card numbers directly.
- Communications: Messages you send to our support team at hello@rocketdigital.ai.
1.2 Information Collected Automatically
- Usage data: Pages visited, features used, time spent, tap and click interactions, and app performance metrics via Firebase Analytics and Google Analytics.
- Device information: Device model, operating system, unique device identifiers, IP address, browser type, and mobile advertising identifiers.
- Log data: Server logs, error reports, and crash analytics collected automatically.
- Cookies and similar technologies: Session cookies, persistent cookies, and local storage tokens used for authentication, preferences, and analytics. See Section 5 for details.
1.3 Information from Third Parties
We may receive information about you from third-party sign-in providers (such as Apple Sign-In or Google Sign-In) including your name and email address if you choose to authenticate via those services.
2. How We Use Your Information
We use collected information to:
- Provide, operate, and maintain the Service.
- Process your room photos through AI models to generate interior design transformations.
- Manage your account, authenticate your identity, and process subscription payments.
- Send transactional communications, including receipts, subscription confirmations, and technical notices.
- Send promotional communications where permitted by law and your preferences (you may opt out at any time).
- Analyze usage patterns to improve app features and user experience.
- Serve relevant advertisements through Google AdMob within the mobile application.
- Comply with legal obligations and enforce our Terms of Service.
- Prevent fraud, abuse, and security incidents.
3. Third-Party Services
We rely on reputable third-party services to operate DecorAI. Each provider has its own privacy policy governing how they process data we share with them.
| Service | Purpose | Data Shared |
|---|---|---|
| RevenueCat | Subscription management and payment processing | User ID, purchase history, subscription status |
| Firebase (Google) | Authentication, cloud storage, and analytics | Account credentials, usage data, stored images |
| Google AdMob | In-app advertising | Device identifiers, advertising ID, usage context |
| OpenAI | AI image generation and processing | Room photos submitted for redesign |
| Microsoft Azure | Cloud infrastructure and AI services | Processed images, service logs |
| Replicate | AI model hosting and inference | Room photos submitted for redesign |
| Fal.ai | AI image processing | Room photos submitted for redesign |
| Google Analytics | Website analytics (ID: G-WHE5WXR9PJ) | Anonymized usage data, page views, session data |
| Meta Pixel | Advertising analytics (ID: 2993446560864456) | Page view events, anonymized visitor data |
| Vercel | Website hosting and edge analytics | IP address, request logs, performance metrics |
We encourage you to review the privacy policies of each third-party service listed above. We are not responsible for the data practices of third-party providers.
4. How We Share Your Information
We do not sell your personal information. We share data only in the following circumstances:
- Service providers: With the third-party vendors listed in Section 3 solely to perform services on our behalf.
- Legal requirements: When required by applicable law, court order, or government authority.
- Protection of rights: To protect the rights, safety, or property of DecorAI, our users, or the public.
- Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.
- With your consent: For any other purpose with your explicit consent.
5. Cookies and Tracking Technologies
Our website uses the following types of cookies and tracking technologies:
- Essential cookies: Required for the website to function correctly (session management, security).
- Analytics cookies: Google Analytics (G-WHE5WXR9PJ) collects anonymized data about how visitors interact with our website, including pages visited, time on site, and referral sources.
- Advertising pixels: Meta Pixel (2993446560864456) tracks page view events to help us measure the effectiveness of advertising campaigns.
- Performance cookies: Vercel Analytics collects Core Web Vitals and page performance metrics.
You may disable cookies through your browser settings or use browser extensions to opt out of analytics tracking. Note that disabling certain cookies may affect website functionality. You can opt out of Google Analytics tracking by visiting tools.google.com/dlpage/gaoptout.
6. Data Retention
We retain your data for the following periods:
- Account data: For as long as your account remains active, plus 30 days following account deletion to allow for error recovery.
- Uploaded images: Room photos are retained in Firebase Cloud Storage for a maximum of 12 months or until you delete them, whichever comes first.
- Generated designs: AI-generated design images are retained for 12 months unless you delete them earlier.
- Analytics data: Aggregated, anonymized analytics data may be retained indefinitely. User-level analytics data is retained for 14 months by default in Google Analytics.
- Support correspondence: Retained for 3 years to support dispute resolution.
7. Data Security
We implement industry-standard security measures to protect your personal information:
- All data transmitted between our app and servers is encrypted using TLS 1.2 or higher.
- Firebase Authentication uses secure, hashed credential storage and supports multi-factor authentication.
- Cloud storage access is controlled through Firebase Security Rules, allowing only authenticated owners to access their own images.
- Our infrastructure on Microsoft Azure and Vercel operates in SOC 2 Type II certified environments.
- We conduct regular security reviews and promptly address identified vulnerabilities.
Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. If you become aware of a security breach, please contact us immediately at hello@rocketdigital.ai.
8. Your Rights
8.1 All Users
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete personal data.
- Deletion: Request deletion of your personal data, subject to legal retention obligations.
- Opt-out of marketing: Unsubscribe from promotional communications at any time via the link in our emails or by contacting us.
8.2 European Economic Area (GDPR)
If you are located in the EEA, you have the following additional rights under the General Data Protection Regulation (GDPR):
- Right to restriction: Request that we limit processing of your data in certain circumstances.
- Right to portability: Receive your data in a machine-readable format and transmit it to another controller.
- Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
- Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
- Lodge a complaint: File a complaint with your local Data Protection Authority.
Our lawful bases for processing include: performance of a contract (providing the Service), legitimate interests (improving our product and preventing fraud), legal obligations, and consent (marketing communications, analytics cookies).
8.3 California Residents (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
- Right to delete: Request deletion of your personal information, subject to certain exceptions.
- Right to correct: Request correction of inaccurate personal information.
- Right to opt out of sale/sharing: We do not sell or share personal information for cross-context behavioral advertising as defined under CPRA.
- Non-discrimination: We will not discriminate against you for exercising any CCPA rights.
To exercise these rights, contact us at hello@rocketdigital.ai with “California Privacy Request” in the subject line. We will respond within 45 days.
9. Children's Privacy
DecorAI is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@rocketdigital.ai and we will promptly delete such information. If you are located in the European Economic Area, this restriction applies to children under 16 years of age.
10. International Data Transfers
DecorAI is operated from Hong Kong. If you access our Service from outside Hong Kong, your information may be transferred to, stored in, and processed in Hong Kong and other countries where our third-party service providers operate (including the United States and the European Union).
For transfers of personal data from the European Economic Area, we rely on appropriate transfer mechanisms including Standard Contractual Clauses (SCCs) and adequacy decisions where applicable. Our third-party service providers listed in Section 3 each maintain their own compliance mechanisms for international data transfers.
11. Advertising and Tracking Opt-Outs
You can limit interest-based advertising on your mobile device through:
- iOS:Settings → Privacy & Security → Tracking, and disable “Allow Apps to Request to Track.”
- Android:Settings → Google → Ads → “Opt out of Ads Personalization.”
- Google AdMob: Visit adssettings.google.com to manage your Google ad preferences.
- Meta: Visit your Facebook Ad Settings to manage Meta ad preferences.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, by in-app notification or email. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Rocket Digital Limited
1603 The L Plaza, 367-375 Queens Road Central, Hong Kong
hello@rocketdigital.aiWe aim to respond to all privacy-related inquiries within 30 business days.