Privacy Policy
Last updated: 1 May 2026
RoomStack helps property teams upload room photos, generate furnished versions, organize image libraries, and automate the workflow through an API. This policy explains what data we process, why we process it, and how customers can control their account data.
Who we are
RoomStack is operated from Kappavej 24, 9000 Aalborg, Denmark. Privacy, billing, and product questions should be sent through the contact form so we can route the request to the right person.
Data we collect
We process account identifiers from Clerk, workspace roles, billing identifiers from Stripe, uploaded room photos, uploaded furniture references, prompts, generation settings, generated images, folders, ratings, edits, API keys, credit usage, contact form messages, and technical logs needed to keep the service secure and reliable.
Why we use the data
We use the data to provide the Studio, Editor, Library, batch generation, API access, team permissions, billing, credit accounting, support, abuse prevention, security monitoring, and product improvement. We do not sell customer image libraries or contact data.
Uploaded and generated images
Source photos, furniture references, generated versions, and edits are stored with the relevant workspace so customers can review, download, reuse, delete, and organize them. Customers should only upload images and reference material they own or have permission to process.
AI processing
When a generation or edit is requested, the relevant image, prompt, and settings may be sent to the AI generation provider used for that request. Customers should avoid uploading sensitive personal data, confidential floor plans, or identifiable people unless they have a lawful basis and permission to do so.
Hosting and processors
The product is built as an EU-focused service with data storage in Germany and Sweden. We use trusted processors for authentication, payments, database hosting, application hosting, email/contact handling, logging, and AI generation. Where a processor requires processing outside the EEA, we use appropriate contractual and technical safeguards.
Retention and deletion
Account and workspace records are kept while the account is active. Library items deleted by a user are removed from the active product view, while backups, logs, billing records, and security records may be retained for a limited period where required for reliability, accounting, legal compliance, or fraud prevention.
Your rights
Depending on the situation, you may request access, correction, deletion, restriction, portability, or object to certain processing. You may also complain to a data protection authority. We may need to verify your identity before acting on a request.
Security
We use account-scoped access, workspace permissions, API key controls, transport encryption, operational logging, and least-access practices to reduce the risk of unauthorized access. No internet service can guarantee absolute security.