Privacy Policy – HomeLens AI

Section 01

Who We Are

HomeLens AI is an application published and operated by an individual entrepreneur (Entrepreneur Individuel) registered in France. We build AI-powered tools that let users reimagine their living spaces through the power of generative design.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the HomeLens AI mobile application ("the App"). We are committed to full transparency and compliance with the General Data Protection Regulation (GDPR – EU 2016/679) and all applicable French data protection laws.

HomeLens AI — Data Controller

Legal form	Entrepreneur Individuel (EI)
SIREN	949 332 993
SIRET	949 332 993 00011
Activity	Software development, digital content creation & digital marketing
Contact email	[email protected]

Section 02

What Data We Collect

We collect only the data that is strictly necessary to deliver the HomeLens AI experience. We do not sell your personal data to third parties. Here is what we may collect:

Photos you upload. Images of your rooms, exterior, or garden that you choose to submit to the App for AI redesign processing. These are processed on our servers and are not shared publicly.
Device information. Basic technical identifiers such as device model, operating system version, language, and anonymous install ID — used solely for app functionality and crash diagnostics.
Usage data. Anonymous, aggregated data about how features are used (e.g., which design styles are selected) to help us improve the App. No individual user is identified in these analytics.
Subscription & purchase data. If you subscribe or make a purchase, your subscription status and transaction data are managed via Adapty (our paywall and subscription management provider). Payment processing itself is handled entirely by Apple (App Store) or Google (Play Store) — we never receive your payment card details.
Support communications. If you contact us by email, we collect your email address and the content of your message to respond to your request.
Optional account data. If you choose to create an account, we collect your email address and a hashed password. Account creation is entirely optional.

🔒 We never collect biometric data, precise GPS location, contacts, or any data not listed above. We do not use behavioral advertising trackers.

Section 03

How We Use Your Data

Your data is used for the following purposes only, each grounded in a lawful legal basis under GDPR:

AI image processing (Art. 6.1.b – contract performance). We process your uploaded photos through our AI models to generate redesigned room visuals. This is the core service you request.
Subscription management (Art. 6.1.b – contract performance). We use Adapty to manage your subscription status, trial periods, and in-app purchase entitlements.
App performance and bug fixing (Art. 6.1.f – legitimate interest). Device and crash data helps us ensure the App runs stably and reliably.
Product improvement (Art. 6.1.f – legitimate interest). Anonymous usage analytics allow us to understand which features are most useful and prioritise development accordingly.
Customer support (Art. 6.1.b – contract performance). If you reach out to us, we use your contact information to respond.
Legal compliance (Art. 6.1.c – legal obligation). We may retain certain data to fulfil our obligations under French and EU law (e.g., accounting records, fraud prevention).

We never use your data for profiling, targeted advertising, or any purpose not listed above.

Section 04

How We Handle Your Photos

Photos you upload are processed transiently on our secure servers solely to generate your AI design output. Unless you explicitly save a design to your account, uploaded photos are automatically deleted within 24 hours of processing. We do not use your photos to train AI models without your explicit, separate consent.

All image transfers between the App and our servers are encrypted using TLS 1.2 or higher. Storage is secured with AES-256 encryption at rest, hosted on infrastructure certified to ISO 27001 and SOC 2 standards.

Your photos are never shared with third parties, never used in marketing materials, and never made publicly accessible — they belong to you.

Section 05

Who We Share Data With

We share your data with a very limited number of third-party service providers who assist us in operating the App, each bound by strict data processing agreements (DPAs) in compliance with GDPR Article 28:

Adapty — our subscription and paywall management platform. Adapty receives your subscription status, purchase events, and an anonymous user identifier to manage your access to paid features. Adapty does not receive your photos or any other personal content. You can review Adapty's privacy policy at adapty.io/privacy.
Cloud infrastructure providers (EU-region hosting) for secure server operations and storage.
Anonymous analytics providers for aggregated usage statistics — configured to collect no personally identifiable information.
Apple / Google for payment processing, crash reporting, and app distribution — governed by their own privacy policies.
Customer support (email only) — only your email address and your message are involved.

We do not share your data with advertisers, data brokers, or any entity for commercial purposes. In the event of a business transfer, you will be notified before your personal data is transferred to a new controller.

Section 06

How Long We Keep Your Data

Uploaded photos (unregistered users): Deleted within 24 hours of processing.
Saved designs (account holders): Retained as long as your account is active, deleted within 30 days of account deletion.
Account data: Retained as long as your account is active, or for up to 3 years after your last login if inactive.
Subscription data (via Adapty): Retained for the duration of your subscription and for up to 3 years thereafter for legal and support purposes.
Anonymous usage analytics: Retained in aggregated form for up to 24 months.
Support correspondence: Retained for 3 years from the date of resolution.
Transaction records: Retained for 10 years in compliance with French accounting law (Code de Commerce, Art. L.123-22).

Section 07

Your Rights Under GDPR

As a user in the European Economic Area (EEA) or the United Kingdom, you hold the following rights regarding your personal data. To exercise any of them, contact us at [email protected]. We will respond within 30 days.

Right of access (Art. 15). Request a copy of all personal data we hold about you.
Right to rectification (Art. 16). Ask us to correct inaccurate or incomplete data.
Right to erasure (Art. 17). Request that we delete your personal data ("right to be forgotten").
Right to restriction (Art. 18). Ask us to limit how we process your data in certain circumstances.
Right to data portability (Art. 20). Receive your data in a structured, machine-readable format.
Right to object (Art. 21). Object to processing based on legitimate interest.
Right to withdraw consent. Where processing is based on consent, withdraw it at any time without penalty.

Section 08

Cookies & Tracking

HomeLens AI is a mobile application. We do not use web cookies. Within the App, we may use a limited set of software development kits (SDKs) for analytics and crash reporting. These SDKs are configured to operate in a privacy-preserving mode: no advertising identifiers (IDFA / GAID) are collected, and no cross-app tracking takes place.

On iOS, we fully comply with Apple's App Tracking Transparency (ATT) framework. We do not request permission to track your activity across other companies' apps and websites.

Section 09

International Data Transfers

We strive to keep data processing within the European Economic Area (EEA) wherever possible. Where we engage service providers outside the EEA (e.g., US-based providers such as Adapty), we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Article 46.

Section 10

Children's Privacy

HomeLens AI is not directed at children under the age of 13 (or 16 in EU member states that have set this higher age limit under GDPR Art. 8). We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected] and we will promptly delete that information.

Section 11

Security Measures

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

TLS encryption for all data in transit between the App and our servers
AES-256 encryption for all data at rest
Access controls on a strict need-to-know basis
Regular security reviews and vulnerability assessments
Incident response plan in compliance with GDPR Art. 33 (72-hour breach notification to the relevant supervisory authority)

In the unlikely event of a data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay, in accordance with GDPR Art. 34.

Section 12

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will revise the "Last updated" date at the top of this page. For material changes that significantly affect your rights, we will notify you directly through the App or by email, at least 14 days before the change takes effect.

Your continued use of HomeLens AI after the effective date of a revised policy constitutes your acceptance of the updated terms.

Contact

Questions & Requests

For any question, request, or concern regarding your privacy or this policy, we are available and committed to responding within 30 days.

Contact Us

📧 Email: [email protected]