Privacy Policy – Spacia
Last updated: 26 May 2025
Gemma Studio, LLC ("Gemma," "we," "us," or "our") operates the interior-design platform Spacia through our websites gemma.so and spacia.app (collectively, the "Site") and our mobile application (the "App"). Together, the Site, the App, and any other online or offline offerings that link to this Privacy Policy are the "Services."
This Policy explains how we collect, use, disclose, transfer, and store your personal information and describes the choices and rights you may exercise under applicable privacy laws (including the EU and UK GDPR).
1 Updates to This Privacy Policy
We may update this Policy from time to time. If we make material changes, we will post the revised Policy on the Site and/or notify you in the App or by email at least 14 days before the changes take effect.
2 Personal Information We Collect
| Source | What We Collect |
|---|---|
| You provide directly | • Email address and hashed password (handled by our authentication provider) • Photos you upload and AI renders you create • Payment-related data (plan, amount, transaction ID or app-store receipt) • Messages and attachments you send to support |
| Collected automatically | • IP address, device/OS details, crash logs • Usage analytics—pages viewed, buttons tapped, feature usage • Cookies, pixel tags, and similar technologies on the Site |
| From other sources | • Country inferred from analytics data • Limited billing details returned by our payment processor (never your full card number) |
We do not ourselves perform face or biometric analysis, and we do not train our own AI models on your photos or renders. However, some third-party AI inference providers we rely on may process your content under their own privacy terms, which could include model-improvement uses.
3 How We Use Your Personal Information
| Purpose | Examples | Legal Basis* |
|---|---|---|
| Provide & maintain the Services | Create accounts, render designs, save projects, process payments | Contract |
| AI functionality | Send your prompts or photos to third-party AI inference providers to generate outputs | Contract |
| Customer support | Respond to questions, troubleshoot issues | Legitimate interests |
| Analytics & improvement | Measure engagement, diagnose crashes, test new features | Legitimate interests |
| Marketing (opt-in) | Send newsletters, promotional emails, or push notifications you consent to receive | Consent |
| Security & compliance | Detect fraud or copyright-infringing uploads, meet tax or legal obligations | Legitimate interests / Legal obligation |
* GDPR Art. 6 bases (for transparency).
4 How We Disclose Your Personal Information
| Recipient Category | Why We Share |
|---|---|
| Service providers | Cloud hosting, authentication & database, analytics, crash reporting, payment processing, AI inference, email delivery |
| Affiliates & advisers | Internal administration, accounting, legal, or security advice |
| Business partners | When you choose to use joint features (e.g., links to external retailers) |
| Authorities or litigants | To comply with law, enforce agreements, or defend legal claims |
| Corporate transactions | Your data may transfer if we merge, sell assets, or are acquired |
We do not sell or "share" your data for behavioural advertising.
5 Your Privacy Choices and Rights
| Choice | How to Exercise |
|---|---|
| Email marketing opt-out | Click "Unsubscribe" in any promo email or toggle off in Settings |
| Push-notification opt-out | Disable in your device or App settings |
| Cookies | Adjust browser settings or Site banner preferences |
Subject to law, you may access, rectify, erase, restrict, port, or object to processing of your personal data, and withdraw any consent.
Email privacy@gemma.so or use in-app tools; we respond within one month. You may also complain to your local data-protection authority.
6 International Data Transfers
We store and process data in the United States and the European Union. When personal data moves across borders, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms and apply reasonable technical and organisational safeguards (e.g., encryption in transit, role-based access controls).
7 Retention of Personal Information
| Data | Retention Period |
|---|---|
| Account & purchase records | While your account is active + 6 years (tax/accounting) |
| Renders & uploaded photos | Until you delete them or request deletion; automatically purged 24 months after last access if inactive |
| Analytics & crash logs | 24 months, then aggregated or anonymised |
| Support communications | 3 years after ticket closure |
8 Security Measures
- TLS encryption for all data in transit
- Hashed-and-salted passwords managed by our authentication platform
- Data stored on managed cloud infrastructure with access limited to authorised personnel under the principle of least privilege
9 Children's Information
Spacia is not directed to children under 16 without verifiable parental consent, nor to anyone under 13. If we learn we have collected data from a child contrary to these rules, we will delete it promptly.
10 Third-Party Websites / Applications
Our Services may link to external sites or let you interact with third-party services (e.g., payment checkout, retailer sites). Those services follow their own privacy policies; we are not responsible for their practices.
11 Contact Us
Gemma Studio, LLC
8 The Green, STE R
Dover, DE 19901, USA
Email: support@gemma.so
By creating an account or using Spacia, you confirm that you have read and understood this Privacy Policy.