Privacy Policy

1. Who We Are & Regulatory Status

This Privacy Policy governs the processing of personal data by Barber London Design Ltd, a company registered in England and Wales under company number 14715894, with its registered office at 189a High Street, Beckenham, Kent, United Kingdom, BR3 1AH, trading as Furniture Visualizer ("Furniture Visualizer", "we", "us", or "our").

We operate an artificial intelligence-powered workspace for furniture design and visualisation, alongside a computer-aided design (CAD) concept-drawing tool, constructed as a digital canvas focused entirely on the generation, editing, and rendering of design imagery, and CAD concept drawing of furniture designs (the "Service"). We act as the Data Controller for the personal data processed within our Software-as-a-Service (SaaS) application.

Our designated Merchant of Record, Stripe Payments Europe, Limited, acts as a separate Data Controller for your financial billing data (including card details, billing addresses, and tax-relevant identifiers) processed under its own privacy terms. Furniture Visualizer does not capture, store, or handle your full financial payment card details on its local databases.

2. The Data We Process (Data Mapping)

We map our processing activities directly to the operational categories of the Service:

2.1 User Content

In convergence with our Terms and Conditions, all content uploaded, submitted, processed, or generated via the Service is classified as User Content. This encompasses:

• Text Prompts & Short-Term Chat Logs: Written text or descriptive prompts entered to guide AI generations. Conversational message strings entered into the in-app AI chat interface are processed within a short-lived temporary system cache (running for approximately thirty (30) minutes) alongside brief summaries, rather than durable long-term storage. The only prompt text that persists long-term is what you deliberately save alongside a library asset.
• CAD Concept Drawings & Brand Assets: Concept drawings created in the CAD tools are stored as a structured, machine-readable data document in our application's own drawing format (internally '.fvd', a JSON-based format), capturing the layout coordinates, the template and title-block settings, and the dimensions and text you enter, with the line-drawing images and any placed assets (such as logos or text disclaimers) stored alongside. When you download a drawing, these are packaged together into a single compressed bundle (a '.fvd.zip').
• Uploaded Images: Graphic files, photographs, sketches, or visual assets uploaded to the platform.
• Design Queries: Non-textual settings, interface choices, style presets, sliders, and parameter toggles selected to guide the AI generation process.
• Generated Outputs: The final images, digital canvas files, or schematics produced by the AI engine.

2.2 Profile and Workspace Settings

We process user-configured selections, administrative choices, interface defaults, mailing list preferences, notification toggles, and saved asset settings or customisations stored within your Account dashboard or specific workspace tool pages.

2.3 Account Data

Your profile contains your name, verified email address, encrypted password hash, and a unique internal user identifier.

2.4 Financial Record Data

To maintain synchronisation with our Merchant of Record, we process limited, tokenised transaction records managed via your Account dashboard, including the last four digits of your payment card, active subscription plan type, payment-method type, billing status, and country of card issuance. All billing parameters are governed strictly by the Checkout Supremacy rules established at the moment of purchase.

2.5 Telemetry & Automated Usage Logs

Our infrastructure captures automated system telemetry, including originating IP addresses, request metadata, device hardware profiles, browser types, operating system details, credit consumption metrics, asset generation timestamps, and feature interaction histories.

2.6 Operational Support Data

When you engage with our support infrastructure, we capture your account verification state, system interaction histories, and the communication context submitted during the query.

3. System Audit Logs & Retention Timelines

3.1 System Audit Log Composition

We maintain automated, secure, and immutable system audit logs to preserve platform security, verify financial transactions, combat fraud, and meet regulatory record-keeping frameworks. In accordance with our Terms and Conditions, these system audit logs serve as the primary record of truth in the event of an operational discrepancy or credit wallet calculation dispute.

Audit log entries record an event identifier, timestamp, relevant account identifier, action category, and originating IP address. These logs track the following activities:

• Credit wallet transactions, including allocations, deductions, reversals, and refunds.
• Content generation events, capturing the generation type, timestamp, and utilised AI model parameters, excluding raw prompt text strings.
• Account-level structural modifications, including password updates, subscription tier changes, and formal account closure requests.
• File management actions, specifically file uploads and manual or automated asset deletions.
• Authentication events, tracking user logins, logouts, and suspicious infrastructure activity flags.

These logs are treated as personal data under the UK GDPR, are included within the scope of any Data Subject Access Request you submit, and are stored under restricted access control. We do not utilise system audit log data for marketing or behavioural profiling without first obtaining your separate, explicit consent.

3.2 Targeted Data Retention Periods

Personal data and system logs are held in restricted storage and are deleted or securely anonymised upon the conclusion of the following risk-adjusted timelines:

• Financial and Transactional Audit Logs: Retained for up to two (2) years to cover credit gateway chargeback dispute windows and post-dispute verification audits.
• Account Deletion Verification Records: Retained for up to three (3) years post-closure to evidence compliance with erasure mandates under UK GDPR Article 17 if formally challenged.
• General Security and Systemic Usage Logs: Retained for up to one (1) year to fuel fraud detection algorithms, mitigate infrastructure exploitation, and support backend operational debugging.
• Marketing Lists & Suppression Tracks: Active marketing data is removed within seven (7) days of a user withdrawing consent. Your email address is then transferred indefinitely to an isolated suppression list record to ensure continuous compliance with the UK Privacy and Electronic Communications Regulations.
• Closed Customer Support Tickets: Retained for three (3) years after a ticket is officially closed to support dispute resolution and the establishment, exercise, or defence of legal claims.

3.3 Children's Privacy Framework

The Service is structured exclusively for a professional design environment and is not directed at children. We do not knowingly collect or process personal data from anyone under the age of thirteen (13), or under the applicable minimum age of digital consent in their country of residence, whichever threshold is higher.

We process data in strict conformity with UK GDPR Article 8 and maintain close regard for the Information Commissioner's Office (ICO) Age Appropriate Design Code. If we discover that personal data has been captured from a child below the lawful age threshold without verified parental consent, we will take prompt steps to execute immediate, irreversible deletion protocols.

Parents or legal guardians who recognise that an unauthorised minor has established an active profile must submit a formal erasure notification through our single digital pathway via the in-app Support page link to trigger immediate account purging.

4. How We Use Your Data

We process your personal data only where we possess a valid legal basis under UK GDPR Article 6. The following scannable matrix governs our operational data deployment:

4.1 Service Quality Analysis & Operational Protections

We utilise User Content to analyse performance trends, diagnose system execution errors, and optimise the quality and safety of the Service. This analysis is bounded by strict operational safeguards:

• De-identification Frameworks: Analytical review is restricted to aggregated, de-identified datasets. User identifiers are completely detached before trend data is compiled to ensure your unique design workflows cannot be reverse-engineered.
• Absolute Training Prohibition: We fundamentally do not utilise your unique User Content (including text prompts & chat logs, uploaded images, design queries, or generated outputs) to train, fine-tune, test, or validate any artificial intelligence models, machine learning systems, or neural networks owned or operated by us or our third-party suppliers.

4.2 Customer Support and Automated Workflows

We leverage automated generative workflows to assist our support infrastructure in triaging tickets and drafting real-time responses to routine inquiries. These workflows operate under strict data minimisation and human oversight rules:

• The Sole Purpose Rule: Support data routed through automated systems is processed for the sole purpose of generating communication drafts and is never utilised for machine learning model training.
• Mandatory Human Review Flags: Automated systems are blocked from taking unilateral administrative or legal actions. Every decision that materially affects your subscription status, validates a financial refund, addresses a billing dispute, enforces content moderation, or executes an account suspension is subject to mandatory human review and manual confirmation by a member of our team.
• The Escalation Right: Users retain an absolute right to bypass automated support routing and demand direct interaction with a human representative via our live interface at any point.

5. Data Lifecycles & Digital Storage Quotas

We link our data preservation lifecycles directly to the active commercial status of your profile to regulate server overhead. All dynamic digital storage allocations, library retention windows, and capacity limits are governed strictly by the Checkout Supremacy parameters displayed on the checkout interface at the moment of purchase.

5.1 Active Account Retention & Library Storage

We preserve your User Content safely within your allocated digital storage space (your library) for as long as your account remains active. This architecture guarantees continual access to all assets generated or retained within the workspace through credit consumption.

5.2 Post-Subscription Grace Periods (The Thirty-Day Rule)

Upon the cancellation, expiration, or non-renewal of an active subscription tier, your library files enter an automated grace period to facilitate seamless reactivation:

• The Removal Trigger: If you do not reactivate your subscription within exactly thirty (30) calendar days following the conclusion of your active billing cycle, the system executes an automated purge. This permanently and irreversibly deletes your uploaded images, CAD files, and generated outputs from active production databases.
• De-identified Trend Logs: Following account closure or the expiration of the thirty (30) calendar day grace period, basic non-attributable usage statistics and de-identified prompt structural values may continue to be retained indefinitely for analytical purposes. Because chat logs are short-lived caches, raw conversational transcripts are not preserved; only aggregated, structural telemetry markers completely stripped of direct profile data (including account identifiers, email addresses, and originating IP addresses) are added to long-term datasets.

5.3 Encrypted Backup Cycles

When personal data or User Content is removed from active production directories, remnants persist within encrypted, offline system backups for up to sixty (60) calendar days before being completely overwritten via automated backup rotation scripts. We enforce a strict engineering lock on these environments: backup data is never accessed, indexed, or restored unless required for catastrophic system recovery or the explicit establishment, exercise, or defence of legal claims.

5.4 Infrastructure Outages & Data-Gap Safe Harbours

Automated data collection, telemetry tracking, and system audit logging are dependent on the operational uptime of our third-party infrastructure providers. During periods of external provider outage, scheduled server maintenance, or sudden downstream service disruptions, certain telemetry logging and data capture may be temporarily impaired or delayed. We bear no administrative or legal liability for operational gaps in data logging during these infrastructure windows, and the reconciliation supremacy provisions detailed within our Terms and Conditions apply.

6. Data Sharing & Sub-processors

We do not sell your personal data or User Content. We share data strictly with verified third-party service providers bound by data processing agreements to act only upon our direct instructions, or with separate Data Controllers where legally indicated.

6.1 Authorisation & Vendor Management Framework

By accepting our Terms and Conditions and this Privacy Policy, you grant us general written authorisation to engage sub-processors to help us provide the Service. We manage our vendor ecosystem under the following operational rules:

• Functional Classification: To preserve our evergreen operational strategy, sub-processors are detailed by functional utility category rather than individual vendor name. The sole exception is our Merchant of Record, who is named explicitly due to their status as a separate Data Controller.
• The Notification Window: We will provide at least thirty (30) calendar days' advance notice before we add or replace a sub-processor in a way that affects the processing of your personal data. This notice will be delivered via email or an in-app notification.
• The Remedy to Object: You have the right to object to any new sub-processor during that notice period by contacting us through our Single Digital Pathway. If we cannot reasonably accommodate your objection, you may close your account, and we will handle your data in accordance with our deletion and retention provisions.

6.2 Sub-processor Functional Processing Matrix

Our mixed-region infrastructure routes specific data categories to target global data centres based on processing utility:

6.3 AI Inference Provider Transparency

The AI inference for image generation, prompt assistance, and support drafting is performed by our AI processing provider. We do not own or operate the underlying AI models directly.

Our relationship with our AI inference sub-processor is governed by a binding data processing addendum. In strict conformity with our core data protection rules, this agreement contains explicit contractual safeguards that prohibit the provider from utilising your unique User Content or text prompts & chat logs to train, fine-tune, or iterate its public foundation models. Any verification requests regarding upstream data processing must be filed through our Single Digital Pathway.

7. International Data Transfers

We operate a mixed-region infrastructure architecture to deliver our Service. Personal data is stored in distinct global locations depending on the functional utility of the data being processed.

7.1 European Union Storage & Safeguards

Certain categories of personal data, including waitlist signups, marketing contact records, sales-pipeline data, support-ticket content, and system audit logs, are stored within data centres located in the European Union (Republic of Ireland). For users accessing the Service from the United Kingdom, this storage path does not constitute a restricted cross-border transfer.

The United Kingdom maintains a statutory adequacy decision in respect of the European Union under UK GDPR Article 45, confirming that equivalent data protection frameworks exist. Any onward transfers executed by our European Union sub-processors are strictly governed by Standard Contractual Clauses integrated directly into our vendor processing agreements.

7.2 United States Storage & The Data Privacy Framework

Primary user account credentials, core database metadata, and User Content are stored and processed within infrastructure located in the United States. If you access the Service from the United Kingdom, this personal data will be transferred to and processed in the United States.

Transfers of personal data from the United Kingdom to United States infrastructure are executed under the UK-US Data Bridge, which is the United Kingdom Government's adequacy decision (the UK Extension to the EU-US Data Privacy Framework). This framework permits the transfer of personal data to organisations in the United States that maintain active, verified certifications under the Data Privacy Framework (DPF) list. The current compliance status of any US-based sub-processor is publicly verifiable on the official DPF participant registry.

7.3 The Data Privacy Framework Safety Valve

To insulate platform operations against shifting international regulatory landscapes, we enforce a binding fallback mechanism within our infrastructure contracts:

• Immediate Fallback Activation: If any US-based sub-processor's DPF certification lapses, is suspended, is withdrawn, or otherwise becomes legally ineffective, our operations instantly transition to alternative transfer mechanisms.
• Contractual Execution: Under these conditions, we rely on the Standard Contractual Clauses (SCCs) issued by the European Commission, supplemented by the UK International Data Transfer Addendum (UK IDTA) approved by the UK Information Commissioner's Office, as a binding legal basis for the transfer in accordance with UK GDPR Article 46.
• Pre-established Frameworks: These corporate safeguards are already contractually established as an active structural layer beneath our sub-processor agreements to guarantee uninterrupted data protection.

7.4 Oversight & Infrastructure Migrations

The Information Commissioner's Office (ICO) acts as the United Kingdom's independent supervisory authority for data protection and oversees the lawful operation of international transfer mechanisms. All sub-processors are contractually required to apply equivalent technical and organisational safeguards to any subsequent onward transfer of personal data.

If the legal frameworks governing cross-border data transfers are modified, or if we elect to migrate any portion of the Service between alternative digital storage regions at a later date, we will update this Privacy Policy and provide users with at least thirty (30) calendar days' advance notice by email before those infrastructure modifications take effect, in accordance with our Terms and Conditions.

8. Data Subject Rights & The Centralised Support Pathway

Under the UK GDPR, you possess precise statutory rights regarding your personal data. To guarantee identity verification integrity, prevent malicious data spoofing, and ensure compliance with statutory response clocks, the Service utilises our standard Support page as the single, centralised pathway for processing all data rights requests. This Support page is publicly accessible on our website and can be utilised by anyone, whether you are actively logged into an account, securely locked out of your profile, or a non-registered web visitor.

8.1 Identity Verification Framework

While anyone can submit a request through the public Support page, the actions we take depend strictly on your authentication state to prevent security breaches and unauthorised data exposure:

• Authenticated Sessions: If you submit a request while safely logged into your Account dashboard, your active session automatically validates your identity, allowing us to process account-scoped modifications or data actions securely.
• Unauthenticated Submissions: If you are logged out, locked out, or do not hold an active account, you must still submit your request through the same public Support page. To protect user privacy and prevent data leakage to malicious third parties, we will place your request on hold until you complete an email-backed identity verification loop. We will send a secure confirmation link or verification token to your registered email address to prove definitive account ownership before any data is modified or released. Please note that email is utilised strictly as a secondary tool to verify your identity, and we do not maintain a separate, external email intake channel for submitting rights requests.

Once your identity is successfully verified across either pathway, we will address your request without undue delay and in any event within one (1) calendar month of receipt. If your request is complex or numerous, we may extend this window by up to two (2) additional calendar months under the UK GDPR, providing a clear statement of explanation within the initial month.

You may initiate the following legal remedies through our secure verification framework:

8.2 Right of Access & Portability

You have the right to request a comprehensive copy of the personal data we hold about you. Your validated data package will encompass your account profile data, billing histories, credit transaction records, usage metrics, and corresponding system audit logs. Self-service image and CAD concept library extraction remains accessible directly via your live Account dashboard at any time while your account is active. All other data will be provided in a structured, commonly utilised, and machine-readable format.

8.3 Right to Rectification

If you believe your account information is inaccurate, you can instantly update your profile defaults directly inside your Account dashboard or submit a structural correction request through our public Support page.

8.4 Right to Erasure ("Right to be Forgotten")

You hold the right to demand the structural deletion of your account and personal data. You can trigger an erasure request by navigating to Account > Delete Account within your authenticated dashboard, or by submitting a formal request via the public Support page. Once requested, your data enters a seven (7) calendar day cooling-off period to prevent accidental loss. Upon the conclusion of this seven-day boundary, your account credentials, password hashes, and profile metadata are permanently deleted from active production directories within thirty (30) calendar days, subject to the statutory exceptions below.

8.5 Lawful Retention Exceptions

Upon the finalisation of an account erasure request, certain historical records are structurally excluded from destruction and are locked in restricted storage to satisfy independent statutory mandates:

• HM Revenue & Customs (HMRC) Compliance: All financial transaction records, corporate invoices, and tax-relevant payment identifiers are preserved for a mandatory six (6) years from the transaction date under UK corporate and value-added tax record-keeping regulations.
• Regulatory Enforcement Logs: System audit logs are preserved strictly according to the standalone security timelines defined within this Policy.
• Legal Claims Defence: Closed customer support tickets and historical billing dispute logs are preserved for three (3) years post-closure to insulate the platform against chargeback fraud patterns and to ensure the establishment, exercise, or defence of active legal claims.

8.6 Right to Restriction of Processing

Under UK GDPR Article 18, you may demand that we freeze active data processing while preserving data storage. This applies if you challenge data accuracy, suspect unlawful processing but oppose outright erasure, or require the data to execute independent legal claims. If a data restriction block completely prevents our automated systems from performing our core software tasks under our Terms and Conditions, we will notify you of the technical impasse to evaluate account termination options.

8.7 Right to Object

Under UK GDPR Article 21, you have a right to object to data processing fuelled by Legitimate Interests. We will halt the targeted processing immediately unless we demonstrate compelling, contractually defensive legitimate grounds that override your individual freedoms (such as real-time server security or audit logging necessary to protect customer wallets). You possess an absolute right to object to processing for direct marketing purposes, which will be honoured instantly and permanently.

8.8 Automated Decision-Making and Profiling

Under UK GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Our system limits automated infrastructure safeguards to real-time throttling, input-blocking, and rate-limiting. All material status changes, account suspensions, refund validations, billing disputes, and content moderation decisions are subject to mandatory human review and manual confirmation by a member of our team.

8.9 Right to Lodge a Complaint

Under UK GDPR Article 77, you possess an independent right to lodge a formal complaint with our lead supervisory authority, the Information Commissioner's Office (ICO), online at ico.org.uk. We would, however, profoundly appreciate the commercial opportunity to resolve any data grievances or compliance concerns directly through our internal teams before you initiate an official regulatory escalation.

9. Cookies and Similar Technologies

We utilise cookies and similar tracking technologies on the Service to optimise operational performance, secure user sessions, and manage interface preferences. To ensure seamless operational clarity, these technologies are divided into four clear functional categories:

• Strictly Necessary Cookies: Required to operate the core infrastructure of the Service, handle secure user authentication login sessions, and execute anti-bot security checks. These do not require user consent under UK law and are deployed automatically because the Service cannot function safely without them.
• Functional Cookies: Utilised to remember personal choices you make to provide an enhanced user experience, including your specific Profile and Workspace Settings. These are non-essential and require your explicit consent before deployment.
• Analytics Cookies: Utilised to evaluate platform health, monitor aggregated feature engagement trends, or isolate performance anomalies. These cookies process de-identified data and require your explicit consent before activation.
• Marketing Cookies: Utilised to track the real-time conversion rates of our external advertising campaigns and deliver relevant promotional content tailored to your preferences. These remain blocked by default until you grant explicit consent.

9.1 Consent and Ongoing Control Framework

To guarantee compliance with UK data protection standards, the Service operates the following active consent mechanisms:

• The First-Visit Banner: Upon your first visit to the Service, a consent banner will present three clear, equally weighted choices: accept all cookies, reject all non-essential cookies, or manage category preferences. Rejecting non-essential tracking is structurally as simple as accepting it.
• Prior Opt-In Safeguard: No non-essential cookies are set or activated until you provide explicit, affirmative opt-in consent through the banner interface.
• The Cookie Preferences Link: You can modify or completely withdraw your cookie choices at any time. A single "Cookie preferences" link is embedded within the footer of every page across the Service. Clicking this link immediately re-opens your settings, allowing for real-time adjustments, and is backed by a dedicated Cookie Preferences page.

10. Marketing Communications & Suppression Records

We maintain strict compliance with the UK Privacy and Electronic Communications Regulations (PECR). We operate a strict no-marketing-by-default protocol. Creating an account or initiating a software subscription never automatically opts you into promotional distribution lists.

10.1 Capturing Consent & The Unsubscribe Autonomy

• Opt-In Requirement: You can establish direct marketing consent only by manually modifying your notification preferences inside your live Account dashboard or by ticking an explicit, un-ticked-by-default marketing tick box during checkout. We rely on your explicit consent as the lawful basis for sending these communications.
• Instant Withdrawal: You can withdraw your marketing consent at any point. You may either click the "Unsubscribe" hyperlink embedded in the footer of every marketing broadcast or toggle the preference off inside your account profile.
• Processing Window: Withdrawal of marketing consent has zero impact on your core software workspace availability. We will remove your data from our active marketing directory within seven (7) calendar days of receiving a withdrawal request.

10.2 The Statutory Suppression Mandate

When you opt out of marketing communications, your email address is transferred into an isolated, automated suppression list. This list functions under a strict legal obligation and a legitimate interest to ensure we never inadvertently re-import your profile into promotional workflows or violate PECR guidelines. This suppression list record is held indefinitely for that sole purpose and is never deployed for analytics, tracking, or profiling.

10.3 Transactional Enclosure

Critical service and transactional communications bypass marketing suppression list filters. These include invoice notifications, subscription renewal receipts, system downtime alerts, password resets, and mandatory Privacy Policy or Terms and Conditions updates. These are necessary to fulfil our contract with you or to maintain account security.

11. Security, Breach Notification & Corporate Contact Details

We enforce modern technical and organisational security measures designed to shield personal data and proprietary user designs from accidental loss, misuse, unauthorised access, modification, destruction, or leakage. Our production environments utilise industry-standard encryption protocols both in transit and at rest.

11.1 Breach Notification Protocol

In the event of a critical personal data breach that is calculated to pose a material risk to your statutory rights and freedoms, we commit to notifying the United Kingdom Information Commissioner's Office (ICO) within seventy-two (72) hours of discovery in accordance with UK GDPR Article 33. We will also issue clear, direct notifications to affected account profiles without undue delay if the risk index legally mandates it.

11.2 Regulatory Complaints & Internal Resolution

Under UK GDPR Article 77, you possess an independent right to lodge a formal complaint with our lead supervisory authority, the Information Commissioner's Office (ICO), online at ico.org.uk. We would, however, profoundly appreciate the opportunity to resolve any data grievances, tracking errors, or compliance concerns directly through our internal teams before you initiate an official regulatory escalation.

11.3 Corporate Contact and Compliance Administration

For routine compliance inquiries, infrastructure transparency verifications, or to initiate our secure rights verification workflows, please interface with our administration details below:

• Centralised Support Pipeline: All users and web visitors, whether actively logged in or unauthenticated, must initiate statutory rights requests, data access queries, and account erasure requests via our publicly accessible Support page interface on our website to trigger our standard compliance and verification workflows.
• Corporate Entity Identification: Barber London Design Ltd (trading as Furniture Visualizer), Company Registration Number: 14715894.
• Statutory Registered Office: 189a High Street, Beckenham, Kent, United Kingdom, BR3 1AH.