DeskSetupCreator
Try it free
Legal

Privacy Policy

Plain-language version of how we handle your data. The defaults are private; the controls are yours.

Last updated · May 24, 2026
On this page

TL;DR

  • We collect the minimum needed to run the product: account info, uploaded photos, generated renders, billing data, and basic usage analytics.
  • We never train AI models on your uploaded photos or generations.
  • We never sell your data and never share it with advertisers.
  • You can export everything, delete everything, or delete your account at any time from /dashboard/settings.

Who we are

“DeskSetupCreator”, “we”, “us” refers to the operator of DeskSetupCreator at desksetupcreator.com. We are the data controller for the information described below. For data-protection questions, write to faraaz.codes@gmail.com.

Data we collect

1. Account information

When you sign up via Clerk (our authentication provider), we receive your email address, a unique user ID, and any social-login profile data you authorize (name, avatar, OAuth provider ID).

2. Photos you upload

If you use the “Use my room photo” flow or the Upgrade flow, you upload an image of your room. We store it on our infrastructure for the duration of the render and for as long as the generated setup is in your library.

3. Generations and saves

Every render you create, every setup you save, and the configuration you used to produce them (style, lighting, products, prompt) is stored against your account so you can revisit and remix.

4. Payments and billing

Stripe processes all payments. We do not store card numbers. We do store the resulting customer ID, the credits / plan you purchased, and the receipt metadata Stripe sends back via webhook.

5. Usage analytics

We log basic, aggregated product analytics: pages visited, which flows you complete, error rates, performance metrics. These are tied to a pseudonymous session ID, not your name or email. We use this to find bugs and prioritize features.

6. Device information

We log standard request metadata (IP address, user-agent, referer, timestamp) to operate the service, prevent abuse, and meet legal record-keeping obligations.

How we use your data

  • Run the product — store your account, render generations, manage credits, deliver the features you ask for.
  • Process payments — start checkout sessions, credit your balance after a successful purchase, issue receipts and refunds.
  • Keep things working — diagnose crashes, monitor uptime, debug performance regressions.
  • Communicate — send transactional emails (receipts, security alerts, account events) and the weekly digest if you opted in.
  • Prevent abuse — rate-limit, detect fraud, enforce the Terms.
  • Comply with the law — respond to lawful requests, keep books and tax records as required.

AI generation and your photos

This is the part most readers care about, so we put it up front:

  • We do not train AI models on your uploaded photos or your generations. Your photos are used only to render the setup you asked for.
  • Generations are performed on managed model providers (currently Google's Gemini image models). The image you upload is sent to the provider strictly for the duration of the render and is bound by the provider's no-training data policy for paid API access.
  • If we ever want to use anonymized examples for marketing (before/after showcases), we will ask you for explicit permission.

Who we share data with

We share only what's needed to operate the service, with the following processors:

  • Clerk — authentication, session management, user records.
  • Convex — application database and file storage.
  • Stripe — payment processing.
  • Google (Gemini API) — image generation.
  • Vercel (or our hosting provider) — request logs and edge caching.

We do not sell your personal data. We do not share data with advertisers. We do not run pixel trackers from Meta, TikTok, X, or Google Ads on this site.

Cookies and tracking

We use a small set of cookies and similar local-storage values:

  • Auth session (HttpOnly cookie set by Clerk) — keeps you signed in.
  • Theme preference (theme in localStorage) — remembers your light/dark choice.
  • CSRF protection (short-lived cookie) — guards form submissions.

We do not use third-party advertising cookies. We do not fingerprint your browser. If we add analytics later, we'll use a privacy- respecting provider (no cross-site tracking) and disclose it here.

How long we keep data

  • Account info — for as long as the account is open.
  • Uploaded photos & renders — until you delete them, or 90 days after account deletion (backup window).
  • Payment records — 7 years (tax and accounting requirement).
  • Analytics & logs — 90 days for raw logs, aggregated metrics retained.

Your rights

Depending on where you live (GDPR / UK GDPR / CCPA / similar), you have the right to:

  • Access — get a copy of the personal data we hold about you.
  • Rectify — correct anything inaccurate.
  • Delete — wipe your account and all linked data.
  • Export — receive your data in a portable format (JSON + image bundle).
  • Restrict / object — limit how we process your data.
  • Withdraw consent — for anything we ask consent for (e.g. marketing email).
  • Lodge a complaint with your local data protection authority.

The Privacy section of /dashboard/settings lets you download your data and delete your account directly. For anything else, email faraaz.codes@gmail.com and we'll respond within 30 days.

California residents:we do not “sell” or “share” personal information as defined by CPRA. You may still exercise the rights above without discrimination in service.

Security

Everything is served over HTTPS. Account auth is handled by Clerk with bcrypt-hashed passwords and optional MFA. Payments never touch our servers — Stripe handles the card data behind PCI-DSS controls. Convex storage is encrypted at rest. We log security-relevant events and review access regularly.

No system is perfectly secure. If you believe you've found a vulnerability, please report it responsibly to faraaz.codes@gmail.combefore disclosing publicly. We'll respond within 48 hours.

Children

DeskSetupCreator is not directed at children under 13 (or 16 in the EEA/UK). We do not knowingly collect data from children. If you believe a child has created an account, contact us and we'll delete it.

International data transfers

Our processors operate in the United States and the EU. When data is transferred outside your jurisdiction, we rely on standard contractual clauses or equivalent safeguards approved by the European Commission and the UK ICO.

Changes to this policy

We may update this policy as the product evolves or the law changes. When we do, we'll update the “Last updated” date and, for material changes, notify you by email or an in-app banner before the change takes effect.

Contact

Questions, requests, or complaints about this policy go to faraaz.codes@gmail.com.