Privacy Policy

1. Who we are

DesignToRender (“we”, “us” or “our”) provides an AI rendering and visualization service for architects and designers. This policy describes our practices as the controller of the personal data described below. For questions or to exercise your rights, contact us at support@designtorender.com.

2. Information we collect

We collect the following categories of information:

• Account and identity data— your name and email address, and either a password (which we store only as a salted hash, never in plain text) or, if you sign in with Google, the identity information that provider returns. We also store your plan, account role and account status.
• Content you submit and generate— the images, sketches, files and prompts you upload (Input), the renders, upscales, material edits, isometric views, region edits and walkthrough videos generated for you (Output), and the project information you add, such as project name, client, location and notes.
• Activity and generation logs— for each render or generation, we record the type of job, the model used, the prompt and settings, the associated project, the outcome and duration, and the time. We attach this to your account.
• Device, network and location data— including your IP address, browser, operating system and device type, and an approximate country and city derived from your IP address. We record this for account activity, uploads and generation jobs.
• Billing data— your plan and subscription status, and identifiers and records synced from our payment provider. Your full payment-card details are collected and processed directly by our payment provider; we do not receive or store full card numbers.
• Communications and email logs— messages you send us, and records of the transactional emails we send you (such as type, recipient, status and delivery identifier).
• Security and operational data— sign-in and sign-up records, rate-limiting counters, abuse-prevention signals, and administrative audit logs.

3. How we use information

• to provide, operate, maintain and secure the Service;
• to process your Input and generate Output, including by transmitting it to the third-party AI model providers that perform the generation;
• to manage your account, process payments and administer subscriptions;
• to enforce limits, detect, prevent and investigate fraud, abuse, security incidents and violations of our terms, including through rate limits and automated suspension of accounts;
• to comply with legal obligations, respond to lawful requests, and establish, exercise or defend legal claims;
• to maintain quality and reliability and to improve the Service;
• to communicate with you, including service, security and transactional messages.

4. Legal bases

Where data-protection law (such as the EU/UK GDPR or Turkey’s KVKK) applies, we rely on the following bases: performance of our contract with you to provide the Service; our legitimate interests in operating, securing and improving the Service and preventing abuse; compliance with legal obligations; and your consent where required. You may withdraw consent at any time without affecting prior processing.

5. Logging, IP addresses and traceability

To keep the Service safe and accountable, we record information about account activity and content generation, including the associated account, IP address, browser, device, approximate location, the type of job and the time. We keep these records to operate and secure the Service, prevent and investigate misuse, enforce our Acceptable Use Policy, respond to legal requests, and protect our rights and the rights of others. We may retain them for as long as necessary for those purposes and as required by law.

6. Third parties we share information with

We do not sell your personal data. We share information with the following categories of providers, who process it on our behalf or to provide their part of the Service:

• AI model providers(currently fal.ai) — to process your Input and prompts and generate Output.
• Payment and subscription provider(currently Polar) — to process payments and manage subscriptions and billing.
• Email provider(currently Resend) — to send transactional emails such as account, password and notification messages.
• Database and storage hosting(MongoDB) — where your account data, content and logs are stored.
• IP-geolocation provider— to derive an approximate location from an IP address for security and analytics.
• Sign-in provider(Google, if you choose it) — for authentication.

We may also disclose information to authorities or other parties where we believe it is required by law or reasonably necessary to comply with legal process, enforce our terms, or protect the rights, safety or property of any person, and in connection with a merger, acquisition, financing or sale of assets, subject to this policy. Our providers may change over time; we will keep this policy reasonably current.

7. International transfers

We and our providers may process information in countries other than your own, including outside the European Economic Area, the United Kingdom or Turkey. Where required, we use appropriate safeguards, such as standard contractual clauses, to protect transferred data.

8. Sharing links you create

The Service lets you create links that let others view your images without signing in. Anyone with such a link can access the linked content, and the links do not automatically expire. You control what you choose to share. Do not share links to content you want to keep private.

9. Retention

We keep account data for as long as your account is active. Content and project data are kept until you or we delete them; deleting your account removes your projects and associated content from our active systems. We retain activity, security and billing logs for as long as needed for the purposes described here and as required by law (for example, for tax, accounting, security or dispute-resolution purposes), after which we delete or anonymize them. Deleted content may persist in backups for a limited time before being overwritten, and some operational records, such as geolocation caches and rate-limit counters, expire automatically.

10. Your rights

Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal data, to object to or restrict certain processing, to withdraw consent, and to lodge a complaint with a supervisory authority (such as your local data-protection authority or, in Turkey, the KVKK authority). If you are in California or another US state with similar laws, you may have rights to know, delete, correct and limit the use of your information, and to not be discriminated against for exercising them; we do not sell or “share” personal information for cross-context behavioral advertising. To exercise any right, contact us at support@designtorender.com. We may need to verify your identity and may decline requests as permitted by law.

11. Cookies and similar technologies

We use a small number of strictly necessary cookies, primarily to keep you signed in and to secure your session. We do not use third-party advertising or cross-site tracking cookies, and analytics about how the Service is used are derived from our own server-side records rather than third-party tracking scripts. You can control cookies through your browser settings; disabling necessary cookies may prevent you from signing in or using the Service.

12. Security

We use technical and organizational measures designed to protect personal data, including hashing of passwords, signed access tokens for shared images, rate limiting and abuse controls. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

13. Children

The Service is intended for users who are at least 18 years old and is not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will take appropriate steps.

14. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the effective date and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

15. Contact

For privacy questions or requests, contact us at support@designtorender.com.