Privacy Policy

Effective date: 2026-05-15

Last updated: 2026-05-15

Status: Beta / pre-launch. Interior Assist is under active development. This policy will be republished under our incorporated entity (a Washington-state LLC) when entity formation completes; material changes will be announced 30 days in advance.

1. Who we are

Interior Assist is operated by Udit Bansal, a sole proprietor based in Washington State, United States, doing business as "Interior Assist" (the "Service"). Once the Interior Assist legal entity is formed, this policy will be reissued in the entity's name and the operator role will transfer to that entity.

In this policy, "we," "us," and "our" refer to the operator. "You" refers to the person using the Service — typically an interior designer or a member of an interior design studio. "End client" refers to the designer's clients (the homeowners, businesses, or other parties whose projects the designer manages on the Service).

Contact for any privacy question: enquiry@interiorassist.ai.

2. The data we handle, and our role

The Service holds several distinct categories of data with different sensitivity and different legal positions:

Category	What it is	Our role	Examples
Account data	The designer's identity and account state	Controller (we decide how to use it)	Your name, email, profile picture, sign-in credentials (managed via WorkOS), workspace name, subscription status
Designer-supplied client data	Information about your end clients that you enter into the Service	Sub-processor — you are the controller	End client names, email addresses, partner names, project briefs, questionnaire answers, notes, uploaded documents
Financial records	Invoices, payments, payment-method metadata	Controller — for tax and audit obligations	Invoice line items, amounts, dates, payment status, Stripe customer/charge IDs (we never see card numbers)
Operational data	How the Service is used	Controller	Sign-in events, agent activity logs, error reports, billing meter counters
Secrets	Credentials we hold to operate the Service on your behalf	Controller	OAuth refresh tokens for Gmail, Stripe webhook signing keys

The most important distinction: for your end clients' personal data, we are a sub-processor and you are the controller. You decide what end-client data is collected, how it is used, and when it must be corrected or deleted. We process that data under your instructions to operate the Service.

3. How we use your data

We use the data we hold to:

Provide the Service — render your dashboard, store your projects, process invoices, send emails on your behalf via your connected Gmail account, generate AI-assisted drafts and recommendations.
Operate the AI agent — when you ask Interior Assist's agent to draft an invoice, summarize a project, propose a follow-up email, or perform a similar task, the relevant project context (which may include end-client data) is sent to our AI inference provider (see Sub-processors §5). The agent's output is shown to you for review and approval before any external action is taken.
Bill and collect — Stripe processes your subscription payment and any payment-processing fees on your behalf. You connect a Stripe account so end-client payments flow directly to you (we never custody your funds).
Maintain the Service — error tracking (with personal-data redaction), uptime monitoring, security audit logging, fraud and abuse detection.
Comply with law — retain financial records as required by US tax law (see Retention §6), respond to lawful requests, and honor data-subject rights.

We do not sell personal information. We do not use end-client data to train AI models. We do not share data with third parties except the sub-processors listed in §5 and as required by law.

4. Approval gates and external actions

The Service includes an AI agent that drafts and proposes actions on your behalf. No external action — sending an email to a client, sending an invoice, charging a payment — is taken without your explicit approval. When the agent proposes an external action, you see a preview of the exact recipient, subject, body, amount, and line items before you approve. The approval is recorded in our audit log.

5. Sub-processors

We rely on the following sub-processors. Each handles a defined slice of data and is bound by its own data-protection terms.

Sub-processor	What it does	Data it sees	Location
Amazon Web Services (AWS)	Hosting, storage, AI inference (via Amazon Bedrock), email delivery (via SES)	All categories above	US (us-east-2 region, Ohio)
Anthropic (PBC)	Provides the Claude foundation models we invoke through Amazon Bedrock	Data sent to the agent (project context, your prompts)	US (data path runs through AWS Bedrock; subject to AWS Bedrock data-handling terms, which exclude model-training use)
WorkOS	Single sign-on, authentication, identity directory	Account data only (email, name, sign-in events)	US
Stripe	Subscription billing for the Service; Stripe Connect for end-client payments to you	Billing data, payment metadata, your Stripe Connect account identifiers (no card numbers ever held by us)	US, with global presence
Google	Gmail OAuth — sending email on your behalf from your connected Gmail account	Email send metadata; the email content you (or the agent on your approval) compose	US
Sentry	Error tracking with PII redaction enabled	Error reports with personal data redacted at source before transmission	US
Cloudflare	DNS, content delivery, transactional email routing for inbound mail to our role addresses	Network metadata, IP addresses for site visitors	Global edge network

We will give 30 days' notice before adding or changing a sub-processor that materially affects how your data is handled. The current list is also published at interiorassist.ai/legal/subprocessors (forthcoming).

6. How long we keep data

Category	Live retention	Backup retention	After you cancel
Account data	While your account is active	35 days (passive expiry from automated database backups)	30 days grace, then permanent deletion
Designer-supplied client data	While the related project is active, or until you (the designer) request its purge — whichever comes first	35 days	30 days grace, then permanent deletion
Financial records (invoices, payments)	7 years — required by US tax law (IRS recordkeeping requirements)	35 days hot, then long-term archive for the 7-year window	Retained for the 7-year window even after cancellation
Operational data	While your account is active	35 days	30 days grace, then permanent deletion
Secrets (OAuth tokens, signing keys)	While your account is active	Encrypted with AWS KMS at all times; never stored or backed up in plaintext	Rotated and revoked on cancellation

When you (the designer) request the deletion of an end client's data, the live data is removed immediately. Backup data ages out passively over 35 days. Financial records linked to that client are retained — but the personal identifiers are replaced with an anonymized tombstone reference, so the financial record stays intact for tax compliance without retaining the client's personal data.

7. Your rights

You can:

Access your data — request an export of everything we hold about you and your workspace. We respond within 30 days.
Correct your data — update your account information at any time from the Settings page.
Delete your account — cancel your subscription and request workspace deletion. Account and operational data are deleted within 30 days; financial records are retained for the 7-year tax window described above; end-client data is purged according to the flow in §8.
Object to processing — contact us if you want us to stop processing your data for a specific purpose (note that some processing is necessary to operate the Service).

If you are an end client of one of our designer customers — meaning your data is in the Service because a designer entered it — your rights under applicable law (including California's CCPA / CPRA) are exercisable through the designer who controls your data. We will assist the designer in honoring your request promptly. You may also contact us directly at enquiry@interiorassist.ai and we will route the request to the appropriate designer.

8. Deletion of end-client data

You (the designer) can delete an individual end client's data from Settings → Clients → "Delete and purge." This triggers a five-phase purge:

Validate the request and record an audit entry.
Anonymize financial records — replace the client identifier with a tombstone reference; keep amounts, dates, and tax data intact (required by US tax law).
Hard-delete personal data — client record, contacts, projects, project documents (all S3 versions), questionnaire responses, agent transcripts scoped to those projects.
Redact audit trail — keep the audit rows so we can prove the purge happened, but strip the personal data from their content.
Verify backup expiry — confirm at the +35-day mark that the data has aged out of automated database backups.

We disclose this flow because it has a 35-day eventual-consistency window in our backups. Live data is gone immediately; the backup window is industry-standard and disclosed for transparency.

9. Security

All traffic between you and the Service is encrypted in transit (TLS 1.2 or higher).
All data at rest is encrypted using AWS KMS-managed keys.
The database enforces tenant isolation at three layers: application code, request middleware, and Postgres row-level security policies — so one customer's data cannot be queried from another customer's session.
Sign-in is handled by WorkOS; multi-factor authentication is supported.
Secrets are stored in AWS Systems Manager Parameter Store with KMS envelope encryption; they never appear in logs or error reports.
Personal data is redacted from error tracking and application logs at the source before transmission.

We follow the controls described in our internal Data Classification & Retention policy. A SOC 2 Type II audit is planned but not yet completed — we will update this policy when audit reports are available.

10. Children

The Service is not intended for and may not be used by anyone under the age of 18.

11. International users

The Service is currently designed for users in the United States. All data is hosted in the US (AWS us-east-2 region). The Service is not currently designed to meet the requirements of the EU General Data Protection Regulation (GDPR) or the UK GDPR. If you are located in the European Economic Area, the United Kingdom, or Switzerland, please do not use the Service until we have published a GDPR-aligned policy.

12. California privacy rights (CCPA / CPRA)

If you are a California resident, you have the rights described in §7 above (access, correction, deletion, objection). We do not sell or share personal information for cross-context behavioral advertising. We do not use sensitive personal information beyond what is necessary to operate the Service. To exercise these rights, contact enquiry@interiorassist.ai.

We apply the California standard to all customers regardless of location.

13. Changes to this policy

We may update this policy. If the change is material — meaning it expands what data we collect, changes how we use it, adds a sub-processor that handles a new data category, or shortens a retention period — we will notify active users by email and post the change at least 30 days before it takes effect. Non-material changes (clarifications, contact updates, formatting) take effect on posting.

When the Interior Assist legal entity is formed, this policy will be republished in the entity's name. That republication is an administrative change, not a material one — your rights and our practices do not change.

14. Contact

For any question about this policy, your data, or to exercise a right described above:

Email: enquiry@interiorassist.ai
Postal: Available on request.

We respond to privacy inquiries within 30 days.