Privacy Policy
Last updated: May 8, 2026
This Privacy Policy explains how Reform AI ("we", "the App", "the Service") collects, uses, and shares information when you use our iOS application.
By using the App you agree to this Policy. If you do not agree, please do not use the App.
1. Who we are
The App is operated by Marc Montane Marti, based in Spain.
For any privacy-related question, contact us at: privacy@airemodelapp.com
2. What we collect
2.1 Account data (required to use the App)
When you sign in with Apple ID (Sign in with Apple), we receive:
- A unique anonymous user identifier (managed by Apple).
- An email address — either your real email or a private relay email, depending on your choice.
- Your name (optional, only the first time).
We never see your Apple ID password.
2.2 Content you upload
- Photos of rooms you take or pick from your photo library. These are uploaded to our backend and to our AI provider (see §4). We store them only as long as needed to deliver the result and your history.
- Generated images produced by the AI from your photos.
- Optional text prompts you write in the "Additional details" field.
2.3 Subscription data
If you subscribe to Reform AI Pro, Apple processes the payment via the App Store. We never see or store your payment details. We only receive a confirmation that your subscription is active or expired, via Apple's StoreKit framework.
2.4 Usage data (only if analytics is enabled)
If analytics is enabled in a future build, we use PostHog to collect:
- Anonymous events (e.g. "generation started", "paywall shown").
- Device model, OS version, app version, locale.
- The user identifier so we can group events per user.
We do not use this data for advertising or to track you across other apps.
2.5 Diagnostics
We do not currently send custom crash reports. Apple may share aggregated, anonymous crash data with us via App Store Connect if you have enabled "Share With App Developers" in iOS Settings → Privacy → Analytics.
3. How we use your data
We use the data above strictly to:
- Authenticate you and keep your session.
- Generate room redesigns using AI.
- Save your generation history so you can revisit your designs.
- Process subscriptions and verify entitlements.
- Improve the App (debugging, understanding usage if analytics is enabled).
We do not sell your data. We do not show ads. We do not use your photos to train AI models.
4. Who we share data with (subprocessors)
| Provider | Purpose | Storage region |
|---|---|---|
| Apple (Sign in with Apple, StoreKit, App Store) | Authentication and payments | Apple infrastructure |
| Supabase | Backend, database, file storage | EU (Ireland) |
| Replicate | AI image generation (model google/nano-banana) | United States |
When you generate a redesign, your photo is sent through a short-lived signed URL to Replicate which runs the AI model and returns the result.
Replicate's policy: replicate.com/privacy · Supabase's policy: supabase.com/privacy
We do not share your data with any other third parties unless legally required.
5. International transfers
Your data may be processed in the European Union (Supabase) and in the United States (Replicate, Apple). Where required by GDPR, transfers rely on Standard Contractual Clauses approved by the European Commission.
6. How long we keep your data
| Data | Retention |
|---|---|
| Account (auth user, profile) | Until you request deletion |
| Original photos uploaded | Up to 90 days, then deleted |
| Generated images | Until you delete them or request account deletion |
| Subscription status | Until you cancel + 12 months for accounting |
| Analytics events (if enabled) | 12 months |
7. Your rights
Wherever you are, you can:
- Access the data we have about you.
- Correct inaccurate data.
- Delete your account and all associated data.
- Export a copy of your data.
- Object to our processing of your data.
To exercise any of these rights, email privacy@airemodelapp.com. We will respond within 30 days.
If you are in the EU, you can also lodge a complaint with your local Data Protection Authority. In Spain: AEPD.
8. Children
The App is rated 4+ but is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has used the App, contact us and we will delete the account.
9. Security
- All connections use HTTPS / TLS 1.2+.
- Backend access requires a JWT token issued by Apple Sign-In.
- Storage buckets enforce Row-Level Security so a user can only read their own files.
- Service role keys are never shipped in the app and are kept on the backend.
No system is 100% secure. If we discover a breach affecting your data, we will notify you within 72 hours per GDPR.
10. Changes to this Policy
We may update this Policy from time to time. We will post the new version on this page and update the "Last updated" date. Material changes will be notified inside the App.
11. Contact
Marc Montane Marti
Email: privacy@airemodelapp.com