Privacy Policy
Version 1.0Effective
This summary is provided for transparency and is not legal advice.
Overview
dee (“dee”, “we”, “us”) is a personal interior-design platform that turns inspiration into a grounded room design. This policy explains what data we collect, why, who processes it on our behalf, and the choices you have. It is written to reflect the system as it is actually built — including the privacy-protective defaults already in place.
Data we collect
We collect only what the product needs to function:
- Account data — your email, name, and either a securely hashed password (bcrypt; we never store your password in plain text) or your Google sign-in identity if you use Google to sign in; whether your email is verified; your preferences; your plan tier; and a Stripe customer reference if you have purchased a plan.
- Room photos and uploaded images — the photos of your space that you upload, stored as image content in object storage. These are your content; see Your photos and content.
- Design content — style profiles, your messages to the in-app designer assistant, bill-of-materials and product selections, and the plans you create.
- Product-search queries — the searches we run on your behalf to find purchasable products that match your design.
- Analytics — privacy-preserving usage events (see Our privacy-protective defaults).
- Error and diagnostic data — technical error reports used to keep the app working, with sensitive fields scrubbed before they leave the app (see below).
- Payment data — handled by Stripe. dee never sees or stores your card number.
Service providers (subprocessors)
We use the following processors to operate dee. Each handles only the data needed for its function:
| Provider | What it processes |
|---|---|
| Vercel | Application hosting and content delivery. |
| Managed Postgres | Primary datastore for account and design data. |
| Amazon S3 / Cloudflare R2 | Storage of your room photos and generated renders. |
| AI Gateway → Anthropic and Google | AI inference. Your photos, prompts, and designer messages are sent to these model providers to generate renders, design suggestions, and image segmentation. |
| Stripe | Payment processing. dee never stores card numbers. |
| SerpAPI | Product search used to match your design to buyable items. |
| Resend | Transactional email (e.g. verification, password reset). |
| PostHog | Privacy-preserving product analytics (see below). |
| Sentry | Error and performance diagnostics, with PII scrubbed. |
Your photos and content
You own the photos and content you upload. To provide the service, you grant dee a limited license to store and process your photos — including sending them to our AI providers via the AI Gateway — solely to generate your designs, renders, and product matches. We do not sell your photos and do not use them to train third-party models beyond what is necessary to return your result.
AI-generated output
Renders, suggestions, and product matches are AI-generated visualizations and estimates, not guarantees. Dimensions, colors, stock, pricing, and fit can differ from reality. Always verify measurements and product details before purchasing.
Our privacy-protective defaults
These are not promises for later — they are how the app is built today:
- Cookieless, un-profiled analytics by default. Our analytics run in identified-only mode: anonymous and marketing visitors are counted without being profiled, and analytics are served through a first-party path so they don't depend on third-party cookies.
- We respect Do Not Track (DNT). If your browser sends a DNT signal, analytics are disabled for your session.
- Sensitive content is never sent to analytics. Room photos, the contents of your designer-assistant messages, and authentication tokens are excluded from analytics events by design.
- Error reports are scrubbed. Diagnostics do not attach default personal data (such as IP, cookies, or headers), and request bodies, cookies, authorization headers, and any image, crop, depth, message, prompt, or secret/token fields are redacted before an error report leaves the app.
Cookies and consent
dee does not show a cookie-consent banner, and that is a deliberate decision. We use no advertising pixels and no cross-site tracking. Our analytics are cookieless and identified-only, are proxied first-party, and respect Do Not Track, so there is no consent-gated tracking to ask you about. We use only the strictly necessary cookies required to keep you signed in. If we ever add pre-login tracking or advertising pixels, we will revisit this and add a consent mechanism.
Data retention and deletion
We keep your data while your account is active and for as long as needed to provide the service. You can request deletion of your account and associated data — including database records and your stored photos and renders — at any time.
To request deletion, email privacy@withdee.com. We monitor this address and honor deletion requests by purging your records and storage objects. A self-serve, in-app deletion option is on our roadmap as a fast-follow.
Your rights
Depending on where you live, you may have rights under laws such as the GDPR (EU/UK) and CCPA/CPRA (California), including the right to:
- access the personal data we hold about you;
- correct inaccurate data;
- delete your data;
- receive a portable copy of your data; and
- object to or restrict certain processing.
Our lawful bases for processing are performing our contract with you (operating your account and designs), your consent where applicable, and our legitimate interests in keeping the service secure and working. We do not sell your personal information. To exercise any right, contact us at privacy@withdee.com.
Children
dee is not directed to children under 16, and we do not knowingly collect their personal data.
Changes to this policy
We may update this policy as the product evolves. Material changes are reflected in the version and effective date at the top of this page.
Contact
Privacy questions and requests: privacy@withdee.com.