Privacy Policy
Last updated: April 23, 2026
BiziEdit ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our real estate photo enhancement service at biziedit.com.
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address (required for authentication)
- Full name (optional)
- Company name (optional)
- Phone number (optional)
Uploaded Content
When you use our service, we temporarily store:
- Original images you upload
- AI-enhanced versions of your images
- Project details (property name, address)
- Enhancement settings you select
Payment Information
Payment processing is handled entirely by Stripe. We do not store your credit card numbers, CVV, or complete payment credentials. We receive from Stripe:
- Transaction confirmation and amount
- Last four digits of your card (for display purposes)
- Payment status
Automatically Collected Information
When you visit our website, we may automatically collect:
- IP address
- Browser type and version
- Device information
- Pages visited and time spent
2. How We Use Your Information
We use your information to:
- Provide our service: Process your images, manage your projects, and deliver enhanced photos
- Process payments: Complete transactions and maintain payment records
- Communicate with you: Send service-related emails, respond to inquiries, and provide support
- Improve our service: Analyze usage patterns to enhance functionality and user experience
- Ensure security: Detect and prevent fraud, abuse, or unauthorized access
- Comply with legal obligations: Meet tax, accounting, and regulatory requirements
3. Third-Party Services
We use the following third-party services to operate BiziEdit. Each has its own privacy policy governing how they handle your data:
Supabase
We use Supabase for authentication, database storage, and image storage. Your account information, project data, and uploaded images are stored on Supabase infrastructure.
- Privacy Policy: supabase.com/privacy
Stripe
We use Stripe to process payments. When you make a payment, your payment information is transmitted directly to Stripe's secure servers.
- Privacy Policy: stripe.com/privacy
OpenAI
We use OpenAI's Image Edit API to generate the enhanced version of each photo. Every image you upload is transmitted to OpenAI over TLS as part of an edit request. OpenAI returns the enhanced image, which we store in our Supabase bucket; we do not retain the request body beyond what OpenAI's own retention window covers.
Under OpenAI's API data usage policy, API inputs and outputs are not used to train OpenAI models by default. OpenAI may retain API request payloads for up to 30 days for abuse monitoring and legal compliance before deletion. We do not currently operate under a Zero Data Retention (ZDR) agreement with OpenAI, so the 30-day window applies to your images while they are in transit through the API.
- Privacy Policy: openai.com/policies/privacy-policy
- Enterprise Privacy / API data usage: openai.com/enterprise-privacy
Google (Gemini)
We use Google's Gemini API to analyze uploaded photos before processing (detecting rooms, windows, and lighting conditions so the pipeline can pick the right prompt). A downscaled copy of each image is sent to Google for analysis; the results flow back to our servers as structured text, not images.
Per Google's Gemini API terms, paid-tier API content is not used to improve Google's generative models. Google may retain request content for abuse review and operational logging per their Cloud data protection terms.
- Gemini API Additional Terms: ai.google.dev/gemini-api/terms
- Google Cloud Privacy: cloud.google.com/terms/cloud-privacy-notice
Resend
We use Resend to send transactional emails (account confirmations, order confirmations, refund notices, completion notices). Your email address and the contents of the email are processed by Resend on our behalf.
- Privacy Policy: resend.com/legal/privacy-policy
Sentry
We use Sentry to capture server-side and client-side errors so we can diagnose bugs. Stack traces and request metadata may include your user ID and the URL you were visiting when the error occurred. We configure Sentry to scrub standard PII fields (emails, passwords, cookies) before ingestion.
- Privacy Policy: sentry.io/privacy
Render
Our website and background worker run on Render. Render may collect standard web traffic data (IP, user agent, request path) for operational logging.
- Privacy Policy: render.com/privacy
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Uploaded images (original and enhanced) | 30 days for unpaid projects, 60 days for paid projects (from payment date), then automatically deleted |
| Account/profile information | Until you delete your account |
| Transaction records | Until account deletion (or 7 years for tax compliance if required) |
| Support communications | 2 years after last interaction |
| Anonymized aggregate statistics | Indefinitely (see below) |
Important: We recommend downloading your enhanced images promptly. After the retention window (30 days unpaid, 60 days paid), images are permanently deleted and cannot be recovered.
Account Deletion and Data Anonymization
When you delete your account, we immediately and permanently delete:
- Your profile information (name, email, company, phone number)
- All projects and their details (names, addresses, settings)
- All uploaded images (original and enhanced)
- Your transaction history
To maintain essential business analytics and comply with financial reporting requirements, we retain anonymized aggregate statistics that cannot be linked back to you:
- Total number of projects completed (count only, no project details)
- Total number of images processed (count only)
- Total revenue generated (amount only, no transaction details)
- Account age at time of deletion
This anonymized data contains no personally identifiable information and is used solely for aggregate business metrics such as total platform usage and revenue reporting.
5. Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Encrypted data transmission (HTTPS/TLS)
- Secure cloud infrastructure with access controls
- Row-level security on database tables
- Regular security reviews
However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
6. Cookies and Analytics
BiziEdit does not set advertising or analytics cookies by default. On your first visit you see a consent banner. If you Accept, we load Google Analytics 4 (to understand aggregate usage patterns) and Google Ads conversion tracking (so we can measure ad campaign performance). Both tools set cookies under the google.com, googletagmanager.com, and doubleclick.net domains.
If you Decline or close the banner, neither tool loads, no tracking cookies are set, and no information is shared with Google. You can change your choice later by clearing cookies for biziedit.com, which removes the saved preference and re-shows the banner on your next visit.
Session cookies strictly required for authentication and for the site to function (set by Supabase Auth and our CDN) are exempt from the consent requirement and are always set when you sign in.
7. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information:
All Users
- Access: Request a copy of the personal information we hold about you
- Correction: Update or correct inaccurate information via your account settings
- Deletion: Delete your account instantly via Account Settings > Danger Zone. This is a self-service feature that permanently removes all your personal data immediately.
- Export: Download your images before the retention window expires (30 days for unpaid projects, 60 days for paid)
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request disclosure of the categories and specific pieces of personal information we've collected
- Right to Delete: Request deletion of your personal information, subject to certain exceptions
- Right to Opt-Out: We do not sell personal information, so this right does not apply
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
To exercise these rights, contact us at support@biziedit.com.
European Union Residents (GDPR)
If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):
- Right of Access: Obtain confirmation of whether we process your personal data and request a copy
- Right to Rectification: Request correction of inaccurate personal data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restriction: Request restriction of processing in certain circumstances
- Right to Data Portability: Receive your personal data in a structured, commonly used format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Where processing is based on consent, withdraw at any time
Legal Basis for Processing: We process your data based on:
- Contract performance (providing our service)
- Legitimate interests (improving our service, preventing fraud)
- Legal obligations (tax and accounting requirements)
- Consent (where applicable)
To exercise your GDPR rights, contact us at support@biziedit.com. You also have the right to lodge a complaint with your local data protection authority.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your own, including the United States. Our service providers (Supabase, Stripe, OpenAI, Render) operate globally. We ensure appropriate safeguards are in place for international transfers as required by applicable law.
9. Children's Privacy
BiziEdit is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 18, we will delete it promptly.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Updating the "Last updated" date
- Sending an email notification for significant changes (where appropriate)
Your continued use of BiziEdit after changes constitutes acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
Email: support@biziedit.com
Website: biziedit.com
We aim to respond to all privacy-related inquiries within 30 days.