← Back to Stagify.ai

Privacy Policy

Last updated: June 18, 2026  ·  Effective date: June 18, 2026

---

Stagify LLC ("Stagify", "Stagify.ai", "we", "us", or "our") operates the website at stagify.ai and related products, including virtual staging, mask editing, AI Designer, PDF floor-plan tools, Stagify+ subscriptions, and enterprise domain plans (collectively, the "Service").

This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information when you visit our website, create an account, upload content, subscribe to a paid plan, or otherwise interact with the Service. It also explains your privacy rights and who owns content you submit or generate.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.

1. Who We Are (Data Controller)

For purposes of applicable privacy laws, including the EU and UK General Data Protection Regulation (GDPR), Stagify LLC is the data controller responsible for personal information processed through the Service.

Privacy contact: team@stagify.ai

General contact: Contact page or team@stagify.ai

Stagify is operated from the United States. We have not appointed a separate EU or UK representative; please direct all privacy inquiries to the contact above.

2. Scope and Definitions

In this policy:

• "Personal information" (or "personal data") means information that identifies, relates to, or could reasonably be linked with you or your household.
• "Uploads" means photos, floor plans, PDFs, furniture reference images, masks, chat attachments, and other files you submit.
• "Generated Output" means virtual staging results, mask edits, AI Designer images, CAD renders, and other content created for you by the Service.
• "Account holder" means a registered user with an email-based or Google-linked Stagify account.
• "Enterprise user" means a user whose email domain is covered by an active enterprise subscription.

This policy applies to the Service. It does not apply to third-party websites, services, or integrations that we do not control (such as Stripe's checkout pages or Google's sign-in flow), even if linked from our site.

3. Information We Collect

We collect the categories of information below. Not every category applies to every user.

3.1 Account and identity information

• Email address
• Password (stored only as a salted cryptographic hash; we never store plain-text passwords)
• Google account identifier (sub) if you use Google Sign-In
• Account ID, plan type (free, Stagify+, or enterprise-provisioned access), account creation date
• Daily generation usage counters for free-tier accounts
• Stripe customer ID and subscription ID for paid Stagify+ accounts
• Timestamp if your account received a promotional Stagify+ grant

3.2 Authentication and session data

• Server-side session tokens linked to your account
• Sign-in token stored in your browser's local storage (stagifyAuthToken)
• Password-reset tokens (valid for one hour, then deleted)

3.3 Content you provide

• Uploads: Room photos, floor plans, PDFs, furniture images, mask overlays, and chat file attachments
• Text inputs: Staging prompts, room/style selections, mask-edit instructions, AI Designer chat messages, and optional memory requests
• Generated Output: Delivered to your browser during your session; not stored by us as a permanent user gallery

3.4 AI Designer-specific data

• Chat conversation content (text and references to uploaded or generated images)
• Optional long-term "memories" you ask the AI to store, keyed to a pseudonymous user ID
• A pseudonymous browser identifier for AI Designer (userId in local storage), which may differ from your account ID
• Model preference (e.g., fast vs. pro) stored locally

3.5 Payment and enterprise information

• Stagify+: Billing status and Stripe identifiers (payment cards are handled entirely by Stripe)
• Enterprise signup: Company name, email domain, contact email, optional contact phone, and Stripe billing metadata associated with the organization
• Enterprise usage: Aggregated generation counts attributed to an email domain for billing and admin reporting

3.6 Communications and support

• Contact form and support messages (including name and email if provided)
• Bug reports: description, steps to reproduce, email, page URL, user agent, optional conversation history you attach, and pseudonymous user ID
• Password-reset and transactional emails sent via our email provider
• Email open tracking: For certain outreach emails, we may record whether a recipient's email address has opened a message (via a tracking pixel loaded through known email-client proxies). Each address is counted at most once, ever. We do not use this for advertising profiles.

3.7 Onboarding and optional profile answers

• Optional answers such as professional role, referral source, or email address that you provide during onboarding or that are stored locally and submitted with staging requests

3.8 Technical, usage, and log data

• IP address, browser type, device type, operating system, user agent, referring URL, and timestamps
• Staging metadata logged for operations: room type, style, prompt text, remove-furniture flag, authenticated email, and IP address
• Mask-edit logs: prompt text, model used, image dimensions, user identifier, IP address, and user agent
• Chat logs: pseudonymous user ID, user message text, attached file names and types, IP address, and user agent (AI responses are not logged in this file)
• Contact/onboarding logs: role, referral source, email, user agent, and IP address
• Anonymous mobile usage counts keyed by IP address (UTC day) for free-tier enforcement when no account session is present
• Aggregated, non-identifying site statistics (e.g., total generations, total contacts) displayed publicly on the homepage

3.9 Information we do not intentionally collect

We do not ask you to provide government ID numbers, financial account numbers (beyond what Stripe collects directly), precise geolocation, biometric identifiers, health information, or children's data. Uploads may incidentally contain personal belongings or reflections in room photos; you control what you upload.

4. How We Collect Information

• Directly from you when you register, sign in, upload content, enter prompts, subscribe, contact us, or submit bug reports
• Automatically when you use the Service (technical logs, IP address, usage metadata)
• From third parties such as Google (Sign-In verification), Stripe (payment and subscription status), and email-client proxies (for open tracking)
• From your browser via local storage for authentication tokens, language, and preferences
• From authorized integrations where a business customer uses our server-side staging API with an endpoint key (no end-user account required; usage is attributed to that integration)

5. Data Ownership and Generated Content

This section describes ownership of your content. It applies to all users, including free, Stagify+, and enterprise accounts.

5.1 You retain ownership

As between you and Stagify, you retain all ownership rights in:

• Your Uploads (including photographs, floor plans, PDFs, and reference images); and
• Generated Output (including virtually staged rooms, mask edits, AI-generated images, and CAD renders produced for you).

Stagify does not claim copyright, ownership, or other proprietary rights over your Uploads or Generated Output. We do not sell, publicly display, or license your Uploads or Generated Output for our own marketing or commercial purposes separate from operating the Service.

5.2 Limited license you grant to Stagify

By using the Service, you grant Stagify a limited, non-exclusive, worldwide, royalty-free license to host, store (temporarily), transmit, reproduce, and process your Uploads solely as necessary to:

• Provide, maintain, and secure the Service;
• Send content to our AI and infrastructure providers for inference and processing;
• Troubleshoot errors, prevent abuse, and comply with law.

This license is scoped to operating the Service for you and ends when your content is deleted from our active systems, except where a longer period is required by law or reasonably necessary for encrypted backups, security logs, billing records, or dispute resolution.

5.3 Your responsibilities

• You must have the necessary rights, permissions, and consents to upload content and to use Generated Output.
• You are solely responsible for how you use Generated Output, including in property listings, client deliverables, advertising, and social media.
• You must comply with applicable laws, MLS/board rules, disclosure requirements, copyright law, and privacy rights of individuals who may appear in or be identifiable from your Uploads.
• AI-generated content may not be unique and may be subject to limitations under copyright or other laws in some jurisdictions. Stagify does not guarantee that Generated Output is free from third-party claims.

5.4 No training on your content

We do not use your Uploads or Generated Output to train Stagify's own machine-learning models. We submit content to third-party AI APIs solely to produce results for you. Those providers process data under their own terms and privacy policies (see Section 10).

5.5 Enterprise accounts

Enterprise domain access does not transfer ownership of user Uploads or Generated Output to the enterprise organization or to Stagify. Individual users retain the ownership rights described above. Enterprise administrators may receive aggregated usage reporting (such as generation counts per domain) but do not receive ownership of user content through that reporting.

6. How We Use Information

We use personal information for the following purposes:

• Providing virtual staging, mask editing, AI Designer chat, PDF processing, and related features
• Creating, authenticating, and managing accounts and sessions
• Processing Stagify+ and enterprise subscriptions and usage-based billing
• Enforcing plan limits, detecting abuse, and protecting Service integrity
• Sending transactional communications (password resets, billing-related notices, support replies)
• Responding to contact messages, support requests, and bug reports
• Operating internal analytics, quality monitoring, and aggregated statistics
• Measuring outreach email engagement (open/ not-open, per address)
• Complying with legal obligations and enforcing our terms
• Developing and improving the Service using aggregated or de-identified data where possible

We do not use your personal information for cross-context behavioral advertising.

7. Legal Bases for Processing (EEA, UK, and Switzerland)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process personal data under these legal bases:

• Performance of a contract: To provide the Service you request, manage your account, process staging, and handle subscriptions.
• Legitimate interests: To secure the Service, prevent fraud, maintain operational logs, improve features, measure email delivery, and communicate about the Service — where not overridden by your rights.
• Consent: Where required by law, such as for non-essential cookies or optional marketing. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Legal obligation: Where we must retain or disclose data to comply with applicable law, regulation, or valid legal process.

8. AI Processing Disclosure

Core features of Stagify rely on artificial intelligence. When you use these features:

• Your Uploads, prompts, and related context are transmitted to our servers and to third-party AI providers for processing.
• Image generation and editing (virtual staging, mask edits, image generation in AI Designer) primarily use Google's Gemini API.
• Text chat, memory evaluation, image annotation, and related AI Designer logic use OpenAI's API.
• PDF floor-plan processing may be forwarded to a dedicated PDF processing service operated for Stagify.
• AI outputs are probabilistic and may contain errors, artifacts, or unintended changes. You should review Generated Output before use.
• AI features do not make binding legal, credit, employment, or housing eligibility decisions about you.

Do not submit sensitive personal information in prompts unless necessary, and avoid uploading images you are not authorized to share.

9. Cookies and Local Storage

We use cookies and similar technologies (including browser local storage) as follows:

• Authentication: stagifyAuthToken — keeps you signed in
• Language preference: selectedLanguage
• AI Designer: userId (pseudonymous), selectedModel
• Onboarding answers (if provided): userRole, userReferralSource, userEmail
• UI preferences: background video playback position and similar functional settings

These are strictly functional and necessary to operate the Service. We do not deploy third-party advertising cookies on the core staging experience. You may clear cookies and local storage in your browser; doing so may sign you out and reset preferences.

10. How We Share Information

We do not sell your personal information. We do not share personal information for cross-context behavioral advertising.

We disclose information only to the categories of recipients below, and only as needed:

10.1 Service providers (processors)

• Google — Gemini API for image generation/editing; Google OAuth for optional Sign-In (Google Privacy Policy)
• OpenAI — chat, memory evaluation, and related AI Designer text/image analysis (OpenAI Privacy Policy)
• Stripe, Inc. — payment processing and subscription management for Stagify+ and enterprise plans (Stripe Privacy Policy)
• Resend — transactional email delivery (e.g., password resets) (Resend Privacy Policy)
• Cloud hosting providers (such as Render) — application hosting and persistent storage for accounts and operational logs
• PDF processing service — floor-plan PDF conversion for Stagify+ users

These providers are authorized to process personal information only on our instructions and for the purposes described in this policy.

10.2 Enterprise administrators

If your organization has an enterprise plan, authorized Stagify administrators may access aggregated domain-level usage data (such as total generations). We do not provide enterprise administrators with access to individual users' Uploads or Generated Output through that reporting.

10.3 Authorized business integrations

Business customers may connect to our server-side staging API using an authorized endpoint key. Those integrations can submit images for processing without an end-user Stagify account. The business customer is responsible for its own privacy notices to its users.

10.4 Legal, safety, and business transfers

• We may disclose information if required by law, subpoena, court order, or governmental request, or to protect the rights, property, or safety of Stagify, our users, or others.
• If we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred subject to this Privacy Policy or equivalent notice.

11. International Data Transfers

Stagify is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States and in other countries where we or our service providers operate (including countries that may not provide the same level of data protection as your home jurisdiction).

Where required by applicable law, we implement appropriate safeguards for international transfers, such as Standard Contractual Clauses approved by the European Commission or UK authorities, or reliance on adequacy decisions where applicable.

12. Data Retention

We retain personal information only as long as reasonably necessary for the purposes described in this policy:

• Account data: While your account is active, plus a reasonable period afterward for disputes, enforcement, and legal compliance.
• Session and password-reset tokens: Sessions until logout or expiry; password-reset tokens for up to one hour.
• Uploads: Processed in memory during your request and not permanently stored as a user image library afterward. Temporary copies may exist in server memory, transit logs, or short-lived backups.
• Generated Output: Returned to your browser during the session; we do not maintain a long-term hosted gallery of your results.
• Operational logs (prompt, chat, mask, contact, bug-report, and email-open logs): Typically up to 24 months, unless a longer period is required for security investigations, legal compliance, or active disputes.
• AI Designer memories: Until you delete them, reset them through the Service, or request account deletion.
• Email open status: Retained as a binary opened/not-opened record per email address for internal analytics.
• Billing records: Retained as required by tax, accounting, and payment law (often several years).
• Aggregated statistics: May be retained indefinitely in de-identified form.

When retention expires, we delete or de-identify information using reasonable technical and organizational measures.

13. Security

We implement reasonable administrative, technical, and organizational measures designed to protect personal information, including:

• HTTPS/TLS encryption for data in transit
• Password hashing using salted one-way functions
• Restricted access to production data on a need-to-know basis
• Access keys and credentials for administrative and export endpoints
• Rate limiting and abuse detection on sensitive endpoints

No system is completely secure. You are responsible for maintaining the confidentiality of your account credentials and sign-in token on your device.

If we become aware of a data breach that creates a legal notification obligation, we will notify affected users and regulators as required by applicable law.

14. Children's Privacy

The Service is not directed to children under 13 years of age (or under 16 where applicable in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact team@stagify.ai and we will take steps to delete it.

15. Your Privacy Rights

Depending on your location, you may have some or all of the rights below:

• Access — know what personal information we hold about you
• Correction — request correction of inaccurate information
• Deletion — request deletion of your account and associated personal data, subject to legal exceptions
• Restriction — request that we limit certain processing
• Portability — receive personal information you provided in a portable format, where applicable
• Objection — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent
• Non-discrimination — we will not discriminate against you for exercising privacy rights

How to exercise your rights: Email team@stagify.ai or use our contact page. We may verify your identity before fulfilling a request. We aim to respond within 30 days (or the timeframe required by applicable law, such as 45 days under certain U.S. state laws).

Account deletion: You may request account deletion by contacting us. We will delete or de-identify personal information associated with your account, except where retention is required by law or for legitimate business purposes (e.g., billing records, fraud prevention).

EEA/UK complaint: You have the right to lodge a complaint with your local supervisory authority. A list of EU authorities is available at edpb.europa.eu. UK residents may contact the ICO at ico.org.uk.

16. U.S. State Privacy Notice

This section supplements the policy for residents of U.S. states with comprehensive privacy laws, including California, Colorado, Connecticut, Virginia, and others that may become effective.

16.1 Categories of personal information collected (last 12 months)

• Identifiers: Name (if provided), email, account ID, IP address, Google ID, pseudonymous AI Designer ID
• Customer records: Account and subscription information
• Commercial information: Subscription status, enterprise usage counts, billing metadata
• Internet/network activity: Log data, feature usage metadata, email open status
• Audio/visual information: Uploads and Generated Output submitted or produced during use (processed transiently; not stored as a permanent gallery)
• Inferences: We do not create advertising profiles about you

16.2 Sources, purposes, and sharing

See Sections 3, 4, 6, and 10 for details on sources, business/commercial purposes, and categories of third parties with whom information is shared.

16.3 Sale and sharing

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not respond to "Do Not Track" browser signals because there is no industry standard for compliance; however, we do not track you across unrelated third-party sites for advertising.

16.4 Sensitive personal information

We do not intentionally collect sensitive personal information as defined by California law. Do not upload content containing sensitive data unless you have a lawful basis to do so and accept the risks of processing through AI providers.

16.5 Authorized agents (California)

You may designate an authorized agent to submit a request on your behalf. We may require proof of authorization and direct verification of your identity.

17. Automated Decision-Making

We do not use solely automated decision-making that produces legal or similarly significant effects concerning you. AI features generate content and suggestions based on your inputs but do not determine eligibility for housing, credit, employment, or government benefits.

18. Third-Party Links and Services

Our site may contain links to third-party websites or services (such as Stripe's customer portal, social media, or partner tools). We are not responsible for their privacy practices. We encourage you to review their policies before providing personal information.

19. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" and "Effective date" at the top of this page. If changes are material, we will provide additional notice where required (such as by email or a prominent notice on the Service). Continued use after the effective date constitutes acceptance of the updated policy, to the extent permitted by law.

20. Contact Us

For privacy questions, data-rights requests, or concerns about this policy:

• Legal entity: Stagify LLC
• Email: team@stagify.ai
• Contact form: stagify.ai/contact
• Website: stagify.ai