Legal
Privacy Policy
This Privacy Policy explains how Planua processes personal data on the website, during account registration, when paid subscriptions are purchased, and when AI-based image workflows are used. The German version is authoritative.
1. Controller
Alibra AI Piro Scheibe
Piro Scheibe
Schnepfenwinkel 4, 21337 Lüneburg, Germany
Email: piro@getplanua.com
Phone: +49 151 70256253
No data protection officer has been appointed at this time.
2. Categories Of Data And Purposes
- Website access data such as IP address, browser data, language, referrer, and page views to deliver and secure the service.
- Account and profile data such as name, email address, login details, and authentication tokens to create and manage user accounts.
- Subscription and billing data such as selected plan, Stripe customer identifiers, invoices, VAT-related information, and cancellation status to process paid contracts.
- Workspace and usage data such as projects, renders, prompts, settings, team membership, and credit balances to provide the product.
- Uploaded content, especially room photos and generated output, to execute AI-powered staging and editing workflows.
- Support and communication data such as feedback requests, emails, and support messages to answer inquiries and improve the service.
- Consent data to document analytics and cookie preferences and, where relevant, consumer checkout declarations.
3. Legal Bases
- Performance of a contract or pre-contractual steps under Art. 6(1)(b) GDPR for account creation, subscriptions, team functions, and AI workflows.
- Legal obligations under Art. 6(1)(c) GDPR, especially tax, accounting, and commercial retention duties.
- Legitimate interests under Art. 6(1)(f) GDPR for service security, fraud prevention, abuse handling, and operational improvement.
- Consent under Art. 6(1)(a) GDPR and Section 25 TDDDG for analytics technologies and other non-essential storage or access on user devices.
4. Hosting, Infrastructure, And Processors
Vercel
We use Vercel for hosting and delivery of the website and application. Vercel may process server logs and technical usage data to provide the service.
Firebase
We use Firebase and Google Cloud services for authentication, database, and file storage. This includes Firebase Auth, Firestore, and Storage for account management, app data, and media handling.
Stripe
We use Stripe to process subscription payments, customer billing, invoices, and payment status. Payment data is processed directly by Stripe as an independent controller where required for payment regulation and fraud prevention.
Resend
We use Resend to send transactional emails such as invites, support messages, and operational notifications.
Upstash
We use Upstash for technical rate limiting and abuse protection.
AI Providers
To generate and edit images, we use Google Generative Language API services and Replicate. Uploaded content and prompts may be transmitted to these providers to fulfill the requested AI operation.
5. Uploaded Images And AI Processing
Planua is designed primarily for room photos and interior-related visual material. Even so, we do not assume that all uploads are free of personal data. If uploaded content contains personal data, processing occurs for the contractual purpose of performing the requested AI workflow.
Users remain responsible for ensuring they are permitted to upload and process the content they submit. Please avoid uploading material containing unnecessary personal or sensitive data.
6. Analytics, Cookies, And Consent
We use Google Analytics and Vercel Analytics only on the basis of consent for analytics storage and measurement. Essential cookies and comparable technologies remain limited to what is required for secure sign-in, core functionality, and consent documentation.
You can grant, deny, or later change your analytics choices via the cookie settings entry point on the site. Revocation applies for the future.
7. International Transfers
Some providers may process data outside the European Union or European Economic Area, especially in the United States. Where this is the case, transfers rely on an adequacy decision where available, including the EU-U.S. Data Privacy Framework where the provider is certified, or otherwise on appropriate safeguards such as Standard Contractual Clauses.
8. Storage Duration
- Account and workspace data are stored for as long as the account remains active and thereafter as needed for defense against claims or statutory retention.
- Billing and invoice data are retained for the legally required retention periods.
- Support and feedback data are retained as long as necessary to process the request and improve the service.
- Consent records are stored until they are no longer needed to prove compliance.
9. Your Rights
Subject to the statutory requirements, you have the right to access, rectification, erasure, restriction of processing, data portability, and to object to processing based on legitimate interests. You may withdraw consent at any time with future effect.
10. Right To Lodge A Complaint
You may lodge a complaint with a supervisory authority. Our competent supervisory authority is the Lower Saxony Data Protection Authority: lfd.niedersachsen.de.
11. Authoritative Version
The authoritative German version of this Privacy Policy is available at /de/datenschutz.