LushAI← Home

Privacy Policy

Effective date: 10 June 2026

We take the protection of your personal data seriously. This Privacy Policy explains, in line with the General Data Protection Regulation (GDPR), what data we process when you use LushAI, on what legal basis, and what rights you have.

1. Controller

The controller within the meaning of the GDPR is SoftMediaTec GmbH, [Registered address]. Contact: [email protected]. Further details are in our Imprint.

2. Data we process

  • Account data: email address, display name, and authentication data.
  • Uploaded content: photos of your outdoor spaces and the designs you create.
  • Generated visualizations: the AI-generated images.
  • Usage and log data: IP address, browser, timestamps, features used.
  • Payment data: billing status; card details are processed solely by our payment processor.

3. Legal bases

  • performance of a contract (Art. 6(1)(b) GDPR) for your account and the service;
  • legitimate interests (Art. 6(1)(f) GDPR) for security, abuse prevention, and improving the service;
  • consent (Art. 6(1)(a) GDPR) where required, e.g. for optional cookies;
  • legal obligation (Art. 6(1)(c) GDPR), e.g. for retention duties.

4. Processors and recipients

To provide the service we use carefully selected providers with whom we have data processing agreements in place:

  • self-hosted Supabase infrastructure (authentication, database, storage) on AWS;
  • a payment processor to handle subscriptions;
  • an email delivery service (Resend) for transactional and authentication emails;
  • Cloudflare for content delivery, DNS, and protection against attacks;
  • Google OAuth, if you sign in with Google;
  • third-party AI image-generation providers to create the visualizations.

Where data is processed outside the EEA, we ensure appropriate safeguards such as the EU Standard Contractual Clauses.

5. Data retention

We retain personal data only as long as necessary for the purposes described. Account and content data are kept until you delete your account and are then erased within a reasonable period, unless statutory retention obligations (e.g. commercial or tax law) require otherwise.

6. Your rights

Under the GDPR you have the right to:

  • access the data we hold about you (Art. 15);
  • rectification of inaccurate data (Art. 16);
  • erasure (Art. 17);
  • restriction of processing (Art. 18);
  • data portability (Art. 20);
  • object to processing (Art. 21);
  • withdraw consent with effect for the future.

You also have the right to lodge a complaint with a data-protection supervisory authority.

7. Cookies

We use technically necessary cookies to operate the service and, where required, optional cookies only with your consent.

8. Contact

To exercise your rights or for any privacy questions, contact us at [email protected].