Privacy Policy

Version 1.0Effective

This summary is provided for transparency and is not legal advice.

Overview

dee (“dee”, “we”, “us”) is a personal interior-design platform that turns inspiration into a grounded room design. This policy explains what data we collect, why, who processes it on our behalf, and the choices you have. It is written to reflect the system as it is actually built — including the privacy-protective defaults already in place.

Data we collect

We collect only what the product needs to function:

  • Account data — your email, name, and either a securely hashed password (bcrypt; we never store your password in plain text) or your Google sign-in identity if you use Google to sign in; whether your email is verified; your preferences; your plan tier; and a Stripe customer reference if you have purchased a plan.
  • Room photos and uploaded images — the photos of your space that you upload, stored as image content in object storage. These are your content; see Your photos and content.
  • Design content — style profiles, your messages to the in-app designer assistant, bill-of-materials and product selections, and the plans you create.
  • Product-search queries — the searches we run on your behalf to find purchasable products that match your design.
  • Analytics — privacy-preserving usage events (see Our privacy-protective defaults).
  • Error and diagnostic data — technical error reports used to keep the app working, with sensitive fields scrubbed before they leave the app (see below).
  • Payment data — handled by Stripe. dee never sees or stores your card number.

Service providers (subprocessors)

We use the following processors to operate dee. Each handles only the data needed for its function:

dee subprocessors and what each one processes
ProviderWhat it processes
VercelApplication hosting and content delivery.
Managed PostgresPrimary datastore for account and design data.
Amazon S3 / Cloudflare R2Storage of your room photos and generated renders.
AI Gateway → Anthropic and GoogleAI inference. Your photos, prompts, and designer messages are sent to these model providers to generate renders, design suggestions, and image segmentation.
StripePayment processing. dee never stores card numbers.
SerpAPIProduct search used to match your design to buyable items.
ResendTransactional email (e.g. verification, password reset).
PostHogPrivacy-preserving product analytics (see below).
SentryError and performance diagnostics, with PII scrubbed.

Your photos and content

You own the photos and content you upload. To provide the service, you grant dee a limited license to store and process your photos — including sending them to our AI providers via the AI Gateway — solely to generate your designs, renders, and product matches. We do not sell your photos and do not use them to train third-party models beyond what is necessary to return your result.

AI-generated output

Renders, suggestions, and product matches are AI-generated visualizations and estimates, not guarantees. Dimensions, colors, stock, pricing, and fit can differ from reality. Always verify measurements and product details before purchasing.

Our privacy-protective defaults

These are not promises for later — they are how the app is built today:

  • Cookieless, un-profiled analytics by default. Our analytics run in identified-only mode: anonymous and marketing visitors are counted without being profiled, and analytics are served through a first-party path so they don't depend on third-party cookies.
  • We respect Do Not Track (DNT). If your browser sends a DNT signal, analytics are disabled for your session.
  • Sensitive content is never sent to analytics. Room photos, the contents of your designer-assistant messages, and authentication tokens are excluded from analytics events by design.
  • Error reports are scrubbed. Diagnostics do not attach default personal data (such as IP, cookies, or headers), and request bodies, cookies, authorization headers, and any image, crop, depth, message, prompt, or secret/token fields are redacted before an error report leaves the app.

Cookies and consent

dee does not show a cookie-consent banner, and that is a deliberate decision. We use no advertising pixels and no cross-site tracking. Our analytics are cookieless and identified-only, are proxied first-party, and respect Do Not Track, so there is no consent-gated tracking to ask you about. We use only the strictly necessary cookies required to keep you signed in. If we ever add pre-login tracking or advertising pixels, we will revisit this and add a consent mechanism.

Data retention and deletion

We keep your data while your account is active and for as long as needed to provide the service. You can request deletion of your account and associated data — including database records and your stored photos and renders — at any time.

To request deletion, email privacy@withdee.com. We monitor this address and honor deletion requests by purging your records and storage objects. A self-serve, in-app deletion option is on our roadmap as a fast-follow.

Your rights

Depending on where you live, you may have rights under laws such as the GDPR (EU/UK) and CCPA/CPRA (California), including the right to:

  • access the personal data we hold about you;
  • correct inaccurate data;
  • delete your data;
  • receive a portable copy of your data; and
  • object to or restrict certain processing.

Our lawful bases for processing are performing our contract with you (operating your account and designs), your consent where applicable, and our legitimate interests in keeping the service secure and working. We do not sell your personal information. To exercise any right, contact us at privacy@withdee.com.

Children

dee is not directed to children under 16, and we do not knowingly collect their personal data.

Changes to this policy

We may update this policy as the product evolves. Material changes are reflected in the version and effective date at the top of this page.

Contact

Privacy questions and requests: privacy@withdee.com.