Privacy Policy

Version 1.2 — Effective as of June 9, 2026

This Privacy Policy describes how Individual entrepreneur Hugo Frederic Mourlan (“AI Home”, “we”) collects, uses, shares, and protects your personal data when you use the AI Home mobile application (the “Application”) and the ai-home.app website.

AI Home is an application that reimagines your interior, façade, and garden using artificial intelligence: you take or import a photo of a space, choose a style and a color palette, and the AI generates a new design.

We are committed to complying with the General Data Protection Regulation (GDPR — EU Regulation 2016/679), the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), the Brazilian Lei Geral de Proteção de Dados (LGPD), as well as local privacy laws applicable in all countries where the Application is available.

1. Data Controller

The data controller is an Individual Entrepreneur under Georgian law (individual entrepreneur registered as a natural person), benefiting from Small Business Status.

Name: Individual entrepreneur Hugo Frederic Mourlan
Legal status: Individual Entrepreneur — Georgian Civil Code — Small Business Status
Registered business address: Nino and Ilia Nakashidze Street N1, Apartment 3, Building 3, Krtsanisi, Tbilisi, Georgia, 0105
Personal identification / registration number: 304808992
Publication director: Hugo Mourlan
Dedicated data protection email: contact@ai-home.app

2. Data Protection Officer (DPO)

Although appointing a DPO is not formally required for AI Home, a dedicated point of contact is available:

Email: contact@ai-home.app

3. Data Collected

We collect the following categories of data:

3.1 Account data

Email address,
Display name (optional),
Password (hashed and salted via Firebase Authentication, never accessible in plain text) — or the identifier provided by your chosen sign-in method (Apple, Google),
Profile picture (optional),
Account creation date,
Country / preferred language.

3.2 Photos and generated designs

Photos you take or import of your spaces (interior rooms, façade and exterior, garden),
The designs generated by the AI from your photos,
Your choices associated with each generation: type of space, selected style, color palette, and any settings,
Your generation history and favorites saved to your Account.

3.3 Photo metadata

EXIF metadata that may be embedded in the photos you upload (capture date, device model, and, where present, embedded geolocation).

We use this metadata only to process your photo technically. We do not use any geolocation embedded in your photos to track you, and we do not build a location profile from it. Where technically feasible, location metadata is stripped before storage.

3.4 Purchase and subscription data

Anonymized purchase identifier (transmitted by RevenueCat / Apple / Google),
PRO subscription status (active, in trial, suspended, cancelled),
History of PRO transactions associated with the Account.

No banking data (card number, CVV, IBAN) is collected or stored by AI Home: payments are entirely managed by Apple or Google depending on the Store concerned.

3.5 Technical data

Device model, operating system and version, Application version,
Advertising identifier (IDFA on iOS, AAID on Android), subject to consent,
IP address (collected temporarily for security, fraud prevention, and language personalization purposes),
Technical and performance logs,
Anonymized crash reports (Crashlytics).

3.6 Usage data

Features used, frequency of use, number of generations, navigation paths within the Application (page views, session duration).

3.7 Categories of data we DO NOT collect

Health data,
Sexual orientation, political, religious, or philosophical opinions,
Racial or ethnic origin,
Biometric data,
Precise device geolocation (the Application does not request location permissions),
Bank card numbers or detailed financial data.

4. Purposes and Legal Bases of Processing

In accordance with Article 6 of the GDPR, each processing operation is based on an identified legal basis:

Purpose	Legal basis (GDPR)
Account creation and management	Contract performance (Art. 6.1.b)
Provision of PRO services	Contract performance (Art. 6.1.b)
AI design generation from your photos	Contract performance (Art. 6.1.b)
Storage of your photos, designs, and history	Contract performance (Art. 6.1.b)
Measurement and attribution of our advertising campaigns (TikTok)	Consent — Art. 6.1.a; otherwise aggregated attribution without identifier
Push notifications	Consent — Art. 6.1.a
Targeted advertising (free version)	Consent — Art. 6.1.a
Audience measurement and usage statistics	Consent or legitimate interest (anonymization) — Art. 6.1.f
Security, fraud prevention, quota enforcement	Legitimate interest — Art. 6.1.f
Compliance with legal obligations (accounting, judicial)	Legal obligation — Art. 6.1.c
Improvement of AI models proprietary to the Application	Legitimate interest, after pseudonymization
Response to GDPR rights requests	Legal obligation — Art. 6.1.c

5. Recipients and Data Processors

We never sell your personal data, and we never use your photos for advertising. We share certain data with processors strictly necessary for the operation of the Application, under Data Processing Agreements (DPA) compliant with Article 28 of the GDPR.

Processor	Service provided	Location	Safeguards
Google Ireland Ltd. (Firebase)	Authentication, database (Firestore), Cloud Functions, notifications (FCM), Gemini AI, Crashlytics, Analytics, Storage	Ireland / EU + United States	Google DPA + EU Standard Contractual Clauses (SCCs)
RevenueCat, Inc.	PRO subscription management	United States	RevenueCat DPA + SCCs
Google Ireland Ltd. (AdMob)	Advertising delivery (free version)	Ireland / United States	Google DPA + SCCs + user consent
TikTok Information Technologies UK Ltd. (TikTok Business / Events SDK)	Measurement and attribution of our advertising campaigns (installs, sign-ups, subscriptions)	Ireland / United Kingdom / United States	TikTok DPA + SCCs + user consent (ATT)
Apple Distribution International Ltd.	iOS distribution, payment collection	Ireland	Apple App Store terms + DPA
Google LLC (Google Play)	Android distribution, payment collection	United States	Google Play terms + SCCs
Google Firebase Hosting	ai-home.app website hosting	Google Ireland (EU) + United States	Google DPA + SCCs

All our processors are bound contractually and undertake a level of protection compliant with the GDPR.

6. Transfers Outside the European Union

Some data may be transferred outside the EU, in particular to the United States and the United Kingdom (Google, RevenueCat, TikTok). These transfers are framed by:

The Standard Contractual Clauses adopted by the European Commission (Decision 2021/914),
The EU-U.S. Data Privacy Framework for certified processors,
Additional technical measures (in-transit and at-rest encryption, pseudonymization),
Transfer Impact Assessments conducted on a case-by-case basis.

7. Retention Periods

Data category	Retention period
Active account	For the entire duration of use
Account inactive for 3 years	Deletion or anonymization
Account deleted by the User	Deletion within 30 days, except for legal retention obligations
Photos and generated designs	As long as the User keeps them on the Account (then deleted within 30 days)
Billing and transaction data	10 years (accounting obligations)
Technical and security logs	12 months maximum
Advertising data (identifiers, targeting)	13 months maximum
Customer support data	3 years after last contact

8. Security

We implement technical and organizational measures appropriate to the risks:

TLS 1.3 encryption for all client/server exchanges,
Passwords hashed and salted (Firebase Authentication, bcrypt algorithm),
AES-256 encryption for sensitive stored data,
Restricted and logged access to data,
Regular and redundant backups,
Periodic security testing,
Incident response plan and procedure for notifying breaches to the competent supervisory authority within 72 hours and to data subjects when necessary (Art. 33 and 34 GDPR).

8.1 Internal Governance and Compliance

The Publisher maintains the following governance documentation, in accordance with Articles 24, 30, 32, and 35 of the GDPR:

A Record of Processing Activities (RoPA) listing all processing operations, their purposes, legal bases, categories of data subjects, retention periods, and recipients,
A Data Protection Impact Assessment (DPIA) for processing presenting a high risk, in particular the processing of user-uploaded photos and AI image generation,
A breach management policy specifying the internal procedure for detection, qualification, and notification within 72 hours to the competent supervisory authority,
A retention policy reviewed annually,
An annual review of processors verifying the maintenance of an adequate level of protection (DPA, certifications, international transfers),
A documented procedure for handling rights requests.

These internal documents are available upon reasoned request from competent supervisory authorities.

9. Your Rights

In accordance with the GDPR, the CCPA, the LGPD, and equivalent laws, you have the following rights over your personal data:

Right of access (Art. 15 GDPR): obtain confirmation that data concerning you is being processed and obtain a copy,
Right to rectification (Art. 16): correct inaccurate or incomplete data,
Right to erasure or “right to be forgotten” (Art. 17),
Right to restriction of processing (Art. 18),
Right to object (Art. 21): object to processing based on legitimate interest or used for direct marketing,
Right to data portability (Art. 20): receive your data in a structured, commonly used, machine-readable format,
Right to withdraw consent at any time, without affecting the lawfulness of prior processing,
Right to define post-mortem directives on the fate of your data after death (French Law No. 2016-1321),
Right not to be subject to a solely automated decision with legal effect (Art. 22).

For California residents (CCPA / CPRA): you also have the right to know what categories of data are collected, sold, or shared (we do not sell any data), the right to deletion, the right to limit the use of sensitive data, and the right not to be discriminated against for exercising your rights.

9.1 How to exercise your rights

From the Application: Settings > Privacy > My data,
By email: contact@ai-home.app — response within one (1) month, extendable by two months for complex requests,
By postal mail: Nino and Ilia Nakashidze Street N1, Apartment 3, Building 3, Krtsanisi, Tbilisi, Georgia, 0105.

A proof of identity may be required if there is reasonable doubt about the identity of the requester, in accordance with Article 12.6 of the GDPR.

9.2 Complaint to a supervisory authority

If you believe your rights are not respected, you may lodge a complaint with the competent supervisory authority:

France: Commission Nationale de l’Informatique et des Libertés (CNIL) — https://www.cnil.fr/en/plaintes
Other EU countries: national data protection authority — EDPB directory: https://edpb.europa.eu/about-edpb/about-edpb/members_en
United Kingdom: Information Commissioner’s Office (ICO) — https://ico.org.uk
United States (California): California Privacy Protection Agency — https://cppa.ca.gov

10. Minors

The Application is not intended for children under 16 years of age in the EEA, under 13 years of age in the United States (COPPA), or under the equivalent minimum age applicable in each country.

We do not knowingly collect data from children below this age. If you are a parent or legal representative and find that your child has provided data without authorization, contact us at contact@ai-home.app to delete it.

11. Automated Processing

The Application uses an automated generative artificial intelligence model to produce design suggestions (new looks for your interior, façade, or garden) from the photos you provide.

These generations are purely creative and indicative outputs. They produce no legal effect and do not significantly affect you within the meaning of Article 22 of the GDPR. They are not architectural, structural, or construction recommendations (see the Terms of Service, Article 11).

12. Cookies and Trackers

The Application and the ai-home.app website use trackers under the conditions described in our Cookie Policy: https://ai-home.app/legal/cookies.

13. Modifications to the Policy

We may modify this Privacy Policy to reflect regulatory, technical, or commercial developments. Any substantial modification will be notified by email to the address associated with the Account and/or by in-app notification at least 30 days before taking effect.

The date of last update appears at the top of the document.

14. Contact

Dedicated data protection email: contact@ai-home.app
Postal address: Nino and Ilia Nakashidze Street N1, Apartment 3, Building 3, Krtsanisi, Tbilisi, Georgia, 0105

Legal Notices

Publisher

The Application and the ai-home.app website are published by an Individual Entrepreneur under Georgian law (individual entrepreneur registered as a natural person), benefiting from Small Business Status.

Publisher’s name: Individual entrepreneur Hugo Frederic Mourlan
Legal status: Individual Entrepreneur — Georgian Civil Code — Small Business Status
Registered business address: Nino and Ilia Nakashidze Street N1, Apartment 3, Building 3, Krtsanisi, Tbilisi, Georgia, 0105
Personal identification / registration number: 304808992
Publication director: Hugo Mourlan
Email: contact@ai-home.app
Website: https://ai-home.app

Hosting

Application (backend): Google Firebase / Google Cloud Platform — Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Website: Google Firebase Hosting / Google Cloud Platform — Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

Intellectual Property

All elements of the Application and the ai-home.app website (texts, images, logos, graphics, icons, sounds, videos, source code) are the exclusive property of Individual entrepreneur Hugo Frederic Mourlan or its partners. Any reproduction, representation, modification, publication, transmission, or full or partial exploitation without prior written authorization is prohibited and constitutes infringement subject to penalties under intellectual property law.

The AI Home trademark and logo are [registered / unregistered] trademarks belonging to Individual entrepreneur Hugo Frederic Mourlan.

Credits

AI: Google Gemini.
Typeface: Mulish (SIL Open Font License).