Privacy Policy
Last Updated: March 10, 2026
At Aiimly, we value your privacy. This Privacy Policy explains how we collect, use, protect, and share your personal information when you use our AI-powered furniture visualization services.
Table of Contents
1. Information We Collect
1.1 Information You Provide
- Account Information: Email address, name, password (if you create an account)
- Uploaded Content: Room photos you upload for visualization
- Furniture Preferences: Style, color, material, price range, and other preferences you select
- Contact Information: Information provided through contact forms, partnership inquiries
- Subscription Information: Email address when you subscribe to our newsletter
1.2 Automatically Collected Information
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Pages visited, features used, clicks, session duration, time stamps
- Cookies and Similar Technologies: We use the following types of cookies:
- Strictly Necessary Cookies: Essential for website functionality; cannot be disabled. Examples: session management, security authentication.
- Performance/Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous information. Examples: Google Analytics (with IP anonymization), page load times, error logging.
- Functionality Cookies: Remember your preferences and choices. Examples: language preferences, saved room photos (if enabled), display settings.
1.3 Cookie Management
You can control and/or delete cookies as you wish. You can delete all cookies on your computer and configure most browsers to prevent cookies from being placed. However, if you do this, you may have to manually adjust preferences every time you visit our site, and some services may not function properly.
1.4 Third-Party Cookies
We use cookies from the following third-party services:
- Google Analytics: Website analytics (Google Privacy Policy)
For more information about cookies and how to manage them, visit www.aboutcookies.org or www.allaboutcookies.org.
1.5 Do Not Track Signals
Some web browsers incorporate "Do Not Track" (DNT) features that signal to websites you visit that you do not want your online activity tracked. Because there is not yet a common understanding of how to interpret DNT signals, our website does not currently respond to DNT browser signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and privacy settings available through our website and your browser.
1.6 Third-Party Sources
- Social Media: If you log in using social media, we receive basic profile information
- Analytics Services: Data from Google Analytics and similar services
2. How We Use Your Information
2.1 Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
- Contractual Necessity: Processing of uploaded photos, account information, and furniture preferences is necessary to perform our service contract with you (GDPR Art. 6(1)(b)).
- Consent: Marketing communications, newsletter subscriptions, and non-essential cookies are processed based on your explicit consent (GDPR Art. 6(1)(a)). You may withdraw consent at any time.
- Legitimate Interests: Analytics, fraud prevention, and service improvement are based on our legitimate business interests, balanced against your rights (GDPR Art. 6(1)(f)).
- Legal Obligation: Compliance with applicable laws, tax requirements, and legal process (GDPR Art. 6(1)(c)).
2.2 To Provide and Improve Services
- Process uploaded photos and generate AI visualizations
- Recommend furniture products based on your preferences
- Personalize your user experience
- Provide customer support and respond to inquiries
- Improve our AI algorithms and service quality
2.3 For Communications
- Send service updates and notifications
- Respond to your questions and requests
- Send marketing emails (you can unsubscribe anytime)
- Follow up on partnership and business inquiries
Email Marketing Compliance (CAN-SPAM Act): All marketing emails will include:
- Our physical mailing address
- A clear and conspicuous unsubscribe mechanism
- Honest subject lines that accurately reflect email content
- Clear identification that the message is an advertisement (where applicable)
We will honor opt-out requests within 10 business days.
2.4 For Analytics and Research
- Analyze usage patterns to improve our product
- Conduct market research and user surveys
- Develop new features and capabilities
- Prevent fraud, abuse, and security issues
2.4 For Legal Obligations
- Comply with applicable laws and regulations
- Enforce our Terms of Service
- Protect our rights and the rights of our users
- Respond to legal requests and court orders
3. Information Sharing
3.1 We Do Not Sell Your Personal Information
Aiimly does not and will never sell your personal information to third parties for their marketing purposes.
3.2 We May Share Information With:
- Service Providers: Cloud storage providers (e.g., GCP), analytics services (e.g., Google Analytics), email services, and other vendors who help us operate our services. These providers are contractually obligated to protect your data.
- Partner Retailers: When you click on a product link to purchase furniture, we may share limited preference data with the retailer. We never share your uploaded room photos with retailers.
- Legal Requirements: When required by law, legal process, or to protect our rights or the rights of others.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
3.3 Anonymized Data
We may share anonymized, aggregated data (that cannot identify you personally) for research, marketing, and analytical purposes.
4. Data Security
4.1 Security Measures We Implement
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
- Encryption at Rest: Sensitive data is encrypted when stored in our databases
- Access Controls: Strict access controls and authentication requirements for our team
- Regular Security Audits: Periodic security assessments and vulnerability testing
- Employee Training: All employees undergo security and privacy training
4.2 Disclaimer
While we implement industry-standard security measures, no method of electronic transmission or storage is completely secure. We strive to protect your personal information but cannot guarantee absolute security.
5. Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant supervisory authorities as required by applicable law.
5.1 Notification Timeline
- Supervisory Authority (GDPR): Within 72 hours of becoming aware of the breach
- Affected Individuals: Without undue delay, when the breach is likely to result in high risk to your rights and freedoms
- US State Laws: As required by applicable state breach notification laws (typically without unreasonable delay)
5.2 Notification Contents
Our breach notifications will include:
- Nature of the personal data breach
- Categories and approximate number of individuals affected
- Categories and approximate number of records affected
- Likely consequences of the breach
- Measures taken or proposed to address the breach
- Contact point for more information
- Recommended steps you can take to protect yourself
6. Your Rights
Depending on your location, you may have the following rights:
6.1 Access and Correction
You have the right to access and correct your personal information. You can update most information through your account settings.
6.2 Deletion
You can request deletion of your account and personal data. Note that we may retain certain information as required by law or for legitimate business purposes.
6.3 Data Portability
You can request to export your data in a commonly used, machine-readable format.
6.4 Marketing Opt-Out
You can unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email or contacting us at support@aiimly.com or through the form on our main page.
6.5 Cookie Controls
You can control cookies through your browser settings. Note that disabling certain cookies may affect functionality.
6.6 Right to Restriction of Processing (GDPR)
You have the right to request restriction of processing of your personal data in the following circumstances:
- You contest the accuracy of the personal data (for a period enabling us to verify accuracy)
- The processing is unlawful and you oppose erasure, requesting restriction instead
- We no longer need the data, but you require it for legal claims
- You have objected to processing pending verification of our legitimate grounds
6.7 Right to Object (GDPR)
You have the right to object at any time to processing of your personal data based on legitimate interests (including profiling). We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for establishment, exercise, or defense of legal claims.
6.8 Right to Withdraw Consent (GDPR)
Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal. To withdraw consent:
- Marketing emails: Click "unsubscribe" in any email
- Cookies: Adjust your browser settings or use our cookie management tool
- Other consents: Contact support@aiimly.com or use our contact form
6.9 Automated Decision-Making and Profiling (GDPR)
We use AI algorithms to generate furniture visualizations and product recommendations. This constitutes automated processing but not automated decision-making with legal or similarly significant effects under GDPR Article 22. Our AI does not make decisions that significantly affect your legal rights without human intervention. You have the right to request human review of any AI-generated recommendations.
6.10 California Residents - Your CCPA/CPRA Rights
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information:
Right to Know
You have the right to request that we disclose:
- The categories of personal information we have collected about you
- The categories of sources from which the personal information is collected
- Our business or commercial purpose for collecting, selling, or sharing personal information
- The categories of third parties to whom we disclose personal information
- The specific pieces of personal information we have collected about you
Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions.
Right to Correct
You have the right to request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing
Aiimly does not sell your personal information as defined by CCPA/CPRA. We do not share your personal information for cross-context behavioral advertising purposes.
Right to Limit Use of Sensitive Personal Information
We do not use or disclose sensitive personal information (as defined by CPRA) for purposes other than those permitted under CPRA ยง 1798.121.
Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights, including by denying goods or services, charging different prices or rates, providing a different level of quality, or suggesting you will receive different prices or quality.
Authorized Agents
You may designate an authorized agent to make requests on your behalf. We will require written proof of the agent's authority or a valid power of attorney.
Verification Process
To protect your privacy, we will verify your identity before processing CCPA/CPRA requests. We will match at least two data points you provide with data we maintain, or we may request a signed declaration under penalty of perjury.
How to Exercise California Rights
To exercise your California privacy rights, contact us at:
- Email: support@aiimly.com
- Web form: Submit request through our contact form
- Toll-Free Number: Toll-free number will be provided when we begin commercial operations or reach 50,000 California residents, as required by CCPA
We will respond to verifiable requests within 45 days of receipt. If we require more time (up to 90 days total), we will inform you of the reason and extension period.
Categories of Personal Information Collected (Last 12 Months)
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email, IP address, device identifiers | YES |
| Commercial Information | Furniture preferences, purchase history | YES |
| Internet/Network Activity | Browsing history, interactions with website | YES |
| Geolocation Data | Approximate location from IP address | YES |
| Visual Information | Uploaded room photos | YES |
| Inferences | Preferences, characteristics, behavior predictions | YES |
Shine the Light Law
California Civil Code Section 1798.83 permits California residents to request certain information regarding disclosure of personal information to third parties for direct marketing purposes. As stated above, we do not share personal information with third parties for their direct marketing purposes.
6.11 Additional State Privacy Rights
Virginia, Colorado, Connecticut, and Utah Residents
If you are a resident of Virginia, Colorado, Connecticut, or Utah, you have the following rights under your state's privacy law:
- Right to Confirm: Whether we are processing your personal data
- Right to Access: Your personal data we have collected
- Right to Correction: Inaccuracies in your personal data
- Right to Deletion: Your personal data (subject to exceptions)
- Right to Data Portability: Obtain a copy of your data in a portable format
- Right to Opt Out: Targeted advertising (we do not engage in targeted advertising as defined by these laws)
- Right to Opt Out: Sale of personal data (we do not sell personal data)
- Right to Opt Out (CO, CT, VA): Profiling in furtherance of decisions that produce legal or similarly significant effects
To exercise these rights, contact us at support@aiimly.com or through our contact form. We will respond within 45 days (Virginia, Colorado, Connecticut) or 45 days (Utah) of receipt. If you are unsatisfied with our response, you may appeal by contacting us at the same email address within a reasonable time after receiving our decision.
Other State Residents
Residents of other states may have additional privacy rights under applicable state laws. Please contact us at support@aiimly.com or through our contact form to inquire about rights specific to your state.
6.12 How to Exercise Your Rights
To exercise any of these rights, please contact us at support@aiimly.com or contact us through the form on our main page. We will respond to your request within one month of receipt. In complex cases, we may extend this by up to two additional months and will inform you of any such extension and the reasons for it.
7. Data Retention
We retain your data only as long as necessary for the purposes outlined in this policy:
- Account Data: Retained while your account is active and for 30 days after account closure
- Uploaded Photos: Automatically deleted within 30 days after upload (unless you choose to save them)
- Usage Logs: Retained for 90 days for analytics and troubleshooting
- Marketing Subscriptions: Retained until you unsubscribe
- Legal Requirements: Some data may be retained longer if required by law
8. Children's Privacy
Our services are not directed to children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected information from a child without parental consent, we will delete it promptly.
If you believe your child has provided us with personal information, please contact us at support@aiimly.com or through the form on our main page.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your own, including the United States and other locations where our servers and service providers operate.
9.1 Transfer Mechanisms We Use
We rely on the following mechanisms for international data transfers:
- Standard Contractual Clauses (SCCs): We use Standard Contractual Clauses approved by the European Commission (Commission Implementing Decision (EU) 2021/914) with our service providers located outside the EEA. Copies of these clauses are available upon request.
- EU-US Data Privacy Framework (DPF): [PLACEHOLDER - State if certified under DPF or if service providers are certified. If not applicable, state: "Not currently applicable to our operations."]
- Adequacy Decisions: We may transfer data to countries recognized by the European Commission as providing adequate protection.
9.2 Primary Data Processing Locations
Our primary data processing occurs in:
- United States: Primary servers and business operations (Google Cloud Platform)
- [PLACEHOLDER - List other specific countries if applicable]
9.3 Additional Safeguards
In addition to legal transfer mechanisms, we implement supplementary measures including:
- Encryption in transit (TLS 1.2 or higher) and at rest (AES-256)
- Contractual requirements for data minimization and purpose limitation
- Access controls limiting who can access transferred data
- Regular security assessments of data recipients
For more information about our data transfer safeguards or to obtain copies of the safeguards we have in place, please contact us at support@aiimly.com.
10. Policy Changes
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be notified via:
- Prominent notice on our website
- Email notification to registered users
- In-app notification
Your continued use of our services after we make changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Data Controller: Aiimly (Pre-incorporation)
Email: support@aiimly.com
Contact Form: Submit inquiry through our main page
Notice for California and EU Residents:
We are currently operating in preview/showcase mode. A physical mailing address
and phone number will be provided upon incorporation or when required by applicable
law (such as reaching 50,000 users or generating revenue). Until then, please use
the email addresses or contact form above for all inquiries, including exercising
your privacy rights under GDPR, CCPA, or other applicable laws.
For EU/EEA residents:
If you are located in the European Union or European Economic Area, you have
the right to lodge a complaint with your local data protection authority.
A list of supervisory authorities is available at:
https://edpb.europa.eu/about-edpb/board/members_en
For UK residents:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk/
Phone: 0303 123 1113
This Privacy Policy was last updated on March 10, 2026.
Return to Home |
View Terms of Service