Privacy Policy

LuxStager AI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI virtual staging platform at luxstager.ai (the "Service").

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service immediately. By using LuxStager AI, you consent to the practices described in this policy.

We collect the following types of information:

Personal Data

When you register for an account, we collect your name, email address, and encrypted password. When you subscribe to a paid plan, billing information is collected and processed securely by our payment provider. We never store your full credit card number.

Usage Data

We automatically collect information sent by your browser, including your IP address, browser type and version, pages you visit, time and date of visits, time spent on pages, and referring URLs.

Image Data

Photos you upload for AI staging are processed by our AI system and stored securely in encrypted cloud storage. We do not use your uploaded photos to train our AI models without your explicit written consent. Uploaded images are automatically deleted after 90 days of account inactivity.

Cookies and Tracking

We use cookies and similar tracking technologies to improve your experience, analyze usage patterns, and serve relevant content. You can instruct your browser to refuse all cookies, though some features of the Service may not function correctly without them.

We use the information we collect to:

• Provide, operate, and maintain our Service
• Process your transactions and send related confirmations and receipts
• Send administrative information including updates to our terms, conditions, and policies
• Respond to your comments, questions, and customer service requests
• Send marketing and promotional communications (you may opt out at any time by clicking 'unsubscribe' in any email)
• Monitor and analyze usage and trends to improve your experience with the Service
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Comply with legal obligations

We do not sell, trade, or rent your personal information to third parties.

We may share your information with:

Service Providers

We work with third-party vendors to operate our Service, including Supabase (database and authentication), Replicate (AI image processing), and Stripe (payment processing). These parties have access to your information only to perform specific tasks on our behalf and are contractually obligated to keep it confidential.

Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as a business asset. We will notify you via email of any such change and your choices regarding your information.

We retain your personal data for as long as your account is active or as needed to provide services and comply with our legal obligations.

You may request deletion of your account and all associated data at any time by contacting privacy@luxstager.ai. We will process your request within 30 days.

Uploaded room images are permanently deleted from our servers within 30 days of your account deletion request. Generated staged images stored in your gallery are deleted immediately upon account deletion.

Depending on your location, you have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of any inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ('right to be forgotten').
• Right to Object: Object to our processing of your personal data for marketing purposes.
• Right to Data Portability: Request your data in a structured, machine-readable format.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@luxstager.ai. We will respond to all legitimate requests within 30 days. There is no charge for exercising your rights.

We implement industry-standard security measures to protect your information, including:

• SSL/TLS encryption for all data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Role-based access controls for our team
• Automatic session timeouts

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach, we will notify affected users within 72 hours as required by GDPR.

All room photos and personal data are stored securely via Supabase, our trusted cloud infrastructure provider. Uploaded images and user records are encrypted at rest using AES-256 and transmitted exclusively over TLS-encrypted connections. Our storage architecture ensures that your data remains isolated and protected within enterprise-grade data centers.

Access to production databases and storage buckets is strictly limited to authenticated personnel through role-based access controls (RBAC) and multi-factor authentication (MFA). Every access request is logged and audited. We maintain a zero-trust security posture, meaning no user or system is trusted by default, regardless of network location.

We never store your payment details on our servers. All billing information is handled directly by Stripe, a PCI-DSS Level 1 certified provider. Your financial data never touches our infrastructure, ensuring complete separation between staging content and payment processing.

LuxStager AI is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@luxstager.ai and we will delete such information from our systems.

LuxStager AI operates globally. Your information may be transferred to and processed in countries other than your own, including the United States. These countries may have data protection laws that differ from your country.

When we transfer personal data from the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

For privacy-related questions or to exercise your rights:

Email: privacy@luxstager.ai
Response time: within 48 hours

For urgent data breach notifications:
Email: security@luxstager.ai