Privacy Policy

---

Introduction

Decorate ("we," "our," or "the App") is committed to protecting your privacy. This Privacy Policy explains how we handle information when you use our iOS application.

Data Collection

What We Collect

We collect the minimum data necessary to provide the Decorate service:

• Authentication identifiers - Anonymous ID, Apple ID, or Google account identifier used for sign-in via Firebase Auth
• Purchase metadata - Subscription status and credit balance, processed through RevenueCat and Apple's App Store
• Generation payloads - Space images (rooms, patios, gardens, facades), text prompts, spot coordinates, and optional reference images you submit for AI decoration, sent to our backend for processing

What We Don't Collect

• Advertising identifiers or tracking data
• Behavioral analytics or usage profiling
• Location data
• Contacts, calendars, or other personal data
• Cookies or similar tracking technologies

How Your Data is Processed

Authentication

You can sign in anonymously or with your Apple or Google account via Firebase Auth. Authentication identifiers are used solely to:

• Identify your account for credit and subscription management
• Enable purchase restoration across devices

We do not use authentication data for marketing, profiling, or advertising purposes.

AI Generation

When you submit a space image and prompt for decoration:

• Your image, prompt, spot coordinates, and any reference images are sent to our backend server
• Our backend uses OpenRouter to generate the decoration output
• The generated image is returned to your device
• Spot reference images are used only for the generation request and are not stored server-side
• Your project history, versions, and generated results are stored locally on your device

Billing and Credits

Subscription and credit status are validated server-side to ensure accurate entitlement. Payment processing is handled entirely by Apple through the App Store. We never see or store your payment details.

On-Device Storage

Your design projects, iteration history, spot configurations, reference images, and generated images are stored locally on your device. This data is not uploaded to our servers or shared with third parties.

Third-Party Services

We use the following third-party services to deliver the Decorate experience:

Firebase Auth (Authentication)

• Provides anonymous, Apple, and Google sign-in
• Processes authentication identifiers only
• Privacy policy: firebase.google.com/support/privacy

RevenueCat (Billing & Subscriptions)

• Manages subscription entitlements and consumable credit packs
• Processes purchase receipts and subscription status
• Does not track app usage or behavior
• Payment is handled entirely by Apple
• Privacy policy: revenuecat.com/privacy

OpenRouter (AI Generation Infrastructure)

• Processes space images, prompts, spot coordinates, and reference images to generate decoration outputs
• Accessed through our backend; your device does not communicate with OpenRouter directly
• We use enterprise-tier billing with AI training explicitly disabled
• Under our premium plan with training opted out, OpenRouter does not retain your input data or generated outputs
• Your content is never used to train AI models
• Privacy policy: openrouter.ai/privacy

Services We Don't Use

• Advertising networks or ad tracking SDKs
• Behavioral analytics providers
• Social media tracking integrations
• Crash reporting services that collect personal data

Data Security

We take appropriate measures to protect your data:

• All communication between the app and our backend uses encrypted connections (HTTPS/TLS)
• Authentication is handled by Firebase's enterprise-grade security infrastructure
• Project data stored on your device is protected by iOS built-in security features, your device passcode/biometric authentication, and app sandbox isolation
• We do not store your space images, reference images, or generated designs on our servers beyond the time needed to complete a generation request

Data Retention and Deletion

Server-Side Data

Generation payloads (space images, prompts, spot coordinates, and reference images) are processed in real-time and are not retained on our servers after the generation is complete. Authentication identifiers and subscription status are retained as long as your account exists.

On-Device Data

You can delete your project data at any time by:

• Deleting individual projects within the app
• Deleting the app to remove all local data

Account Deletion

You can delete your account and all associated server-side data directly from the app by going to Settings > Delete Account. This action is immediate and permanent. You can also contact decorate@essx.co if you need assistance.

Children's Privacy

Decorate is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information promptly.

Your Privacy Rights

Permission Management

You can manage app permissions at any time through:

• iOS Settings > Decorate
• iOS Settings > Privacy (for Camera and Photo Library access)

Compliance

GDPR (European Union)

We process personal data based on legitimate interest (service delivery) and consent (account creation). You have the right to access, correct, delete, and port your data. You can delete your account directly from Settings > Delete Account, or contact us for other requests.

CCPA (California)

We do not sell personal information. California residents have the right to know what data we collect and to request its deletion. You can delete your account directly from Settings > Delete Account, or contact us for other requests.

Other Regulations

We comply with applicable privacy regulations worldwide, including but not limited to:

• Brazil's LGPD (Lei Geral de Proteção de Dados)
• Canada's PIPEDA (Personal Information Protection and Electronic Documents Act)
• Australia's Privacy Act
• Japan's APPI (Act on the Protection of Personal Information)

Cross-Border Transfers

Your data may be processed in jurisdictions outside your country of residence, including the United States, where our servers and third-party service providers operate. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be reflected by updating the "Last Updated" date at the top of this policy.

We will notify users of significant changes through:

• An in-app notification
• App Store update notes

Continued use of the App after changes constitutes acceptance of the updated policy.

Contact Us

---

What Decorate Does

• Generates AI-powered interior and exterior decorations from your space photos
• Provides a one-screen iterative design workspace with precision Spot Edit
• Stores your projects and version history locally on your device
• Processes space images, spot coordinates, and reference images through secure backend AI infrastructure
• Manages subscriptions and credits through Apple's App Store and RevenueCat

What Decorate Doesn't Do

• Track you with advertising SDKs
• Personalize ads based on your behavior
• Store your space images, reference images, or designs on our servers permanently
• Share your design projects with third parties
• Sell your personal information
• Use your content to train AI models

---

Decorate - Your Creative Space, Your Data
Offered by Ess X LLC.
This privacy policy is effective as of February 10, 2026 and applies to all users worldwide.