Rinnova Spaces
Legal

Privacy Policy

Last updated: June 11, 2026

Summit 23 LLC, dba Rinnova Spaces ("Rinnova Spaces," "we," "us," or "our") respects your privacy. This Privacy Policy explains what we collect when you use our website, mobile experience, and AI design tools (the "Service"), how we use and share it, how long we keep it, and the choices and rights you have. By using the Service, you agree to the practices described here.

Information we collect

  • Account information. When you create an account we collect your email address, a hashed password (or third-party sign-in identifier such as Google), and basic profile details you choose to provide.
  • Photos you upload. Images you submit to generate a redesign or virtual staging are transmitted to our AI provider so we can produce your output.
  • Design inputs. Style selections, room type, optional written notes, and other prompt parameters you provide with each request.
  • Generated outputs. The AI images returned to you, and metadata about each generation (timestamps, mode, status).
  • Billing information. Subscription status, plan, trial state, and renewal dates. Payments are processed by Stripe; we do not store full card numbers, CVCs, or bank credentials on our servers.
  • Communications. Support messages, feedback, and emails you send us, along with our replies.
  • Technical and usage data. IP address, browser and device type, operating system, referrer, pages viewed, approximate location derived from IP, request timestamps, and error logs used to operate and secure the Service.
  • Cookies and local storage. Used for essential site functionality, authentication sessions, preference storage, and basic analytics. We do not use third-party advertising trackers or cross-site behavioral ad networks.

How we use information

  • Generate, deliver, and display your AI redesigns.
  • Create and manage your account, including authentication and password resets.
  • Process payments, manage subscriptions, trials, refunds, and tax compliance.
  • Operate, maintain, debug, secure, and improve the Service.
  • Enforce daily generation limits, prevent abuse, and detect fraud.
  • Send transactional emails (receipts, account notices, security alerts).
  • Respond to support requests and other communications.
  • Comply with legal obligations and enforce our Terms of Service.

Legal bases (EEA/UK users)

Where the GDPR or UK GDPR applies, we rely on: performance of a contract (to provide the Service you request), legitimate interests (to operate, secure, and improve the Service), consent (where required, e.g. optional communications), and legal obligation (tax, accounting, responding to lawful requests).

AI processing and retention

Uploaded photos and prompts are transmitted to our AI model provider solely to generate your result. We do not sell your images, and we do not use your uploaded photos to train third-party foundation models. Generated outputs and inputs are retained only as long as needed to deliver, display, and support the Service, and are deleted on a rolling basis or upon account deletion, subject to limited backup retention and legal hold requirements.

How we share information

We share information only as follows:

  • Service providers (processors). Hosting and database infrastructure, AI inference providers, payment processing (Stripe), email delivery, error monitoring, and analytics, each under contracts requiring confidentiality and limited use.
  • Legal and safety. When required by law, subpoena, or to protect the rights, property, or safety of Rinnova Spaces, our users, or the public.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

We do not sell or rent personal information.

International transfers

We operate primarily from the United States, and our providers may process data in the U.S. or other countries. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses for cross-border transfers.

Security

We use industry-standard administrative, technical, and physical safeguards including encryption in transit (TLS), encryption at rest for stored data, scoped access controls, and row-level security on our database. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Data retention

We retain account, billing, and generation records for as long as your account is active and for a reasonable period afterward to comply with legal, accounting, and dispute-resolution obligations. You can request deletion of your account at any time; some records (e.g. invoices, fraud-prevention logs) may be retained as required by law.

Your choices and rights

You control what photos you upload and can stop using the Service at any time. Depending on your jurisdiction (including the EEA, UK, California, and other U.S. states with privacy laws), you may have the right to access, correct, delete, port, or restrict processing of your personal information, to object to certain processing, and to withdraw consent. California residents have specific rights under the CCPA/CPRA, including the right to know, delete, correct, and to opt out of "sharing" for cross-context behavioral advertising (we do not engage in such sharing). To exercise any right, contact us at the email below. You may appeal a denied request by replying to our response. We will not discriminate against you for exercising your rights.

Cookies

Essential cookies are required for authentication and core site functionality. Preference cookies remember settings like theme. We may use first-party analytics to understand aggregate usage. You can control cookies through your browser settings; disabling essential cookies may break parts of the Service.

Children

The Service is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.

Third-party links and services

The Service may link to or integrate third-party sites and services (e.g. payment pages, sign-in providers). Their privacy practices are governed by their own policies, which we encourage you to review.

Do Not Track

We do not currently respond to browser "Do Not Track" signals, as no common standard has been adopted. We do honor applicable opt-out preference signals where required by law.

Changes

We may update this Policy from time to time. Material changes will be reflected by updating the "Last updated" date above, and where appropriate we will provide additional notice (e.g. by email or in-app message).

Contact

Summit 23 LLC, dba Rinnova Spaces
Email: [email hidden]

← Back to home