Last updated: 26 May 2026
This Privacy Policy explains how Hbrothers L.L.C., trading as Hbro Studio ("we," "us," "our"), collects, uses, shares, and protects personal data when you use the RoomGPT mobile application (the "Service").
This policy is specific to RoomGPT. It does not cover any other application we publish.
Controller | Hbrothers L.L.C., trading as Hbro Studio (United States) |
What we collect | Room photos you upload, your subscription status, an email address if you sign in, device identifiers, and standard app usage data |
Why | To run the AI room-design feature, manage your subscription, prevent abuse, and improve the app |
Where data is stored | Google Cloud (US), Firebase (US), Apple, RevenueCat (US), PawWalls, OpenAI (US) — see Section 7 |
Tracking & ads | RoomGPT may use the Meta SDK for ad attribution and conversion events. In the EU/UK, it is only used after you give explicit consent in the app |
Your rights | Access, rectification, erasure, restriction, portability, objection, withdrawal of consent, complaint to a supervisory authority |
How to contact us | info.hbrothers.llc@gmail.com |
Controller
Hbrothers L.L.C., trading as Hbro Studio 412 W 7th St, Clovis, NM 88101, United States Email: info.hbrothers.llc@gmail.com Website: https://www.hbro-studio.com
Hbrothers L.L.C. is the data controller for personal data processed in connection with RoomGPT.
EU Representative (Article 27 GDPR)
We have appointed the following representative in the European Union under Article 27 of the EU GDPR. EU-based users may contact this representative directly on all questions concerning the processing of their personal data:
Thibault Mundele Rua Pinto Ferreira 56, 1D 1300 Lisbon, Portugal Email: info.hbrothers.llc@gmail.com
UK Representative (Article 27 UK GDPR)
We are in the process of appointing a UK representative under Article 27 of the UK GDPR. In the interim, UK-based users may contact us at info.hbrothers.llc@gmail.com for all questions concerning the processing of their personal data. This section will be updated once the UK representative is in place.
Privacy contact
For any privacy-related question or to exercise the rights described in Section 10, contact us at: info.hbrothers.llc@gmail.com
We do not have a formal Data Protection Officer, because RoomGPT's processing does not fall within the categories listed in Article 37(1) GDPR. The address above is our designated privacy point of contact.
This policy applies only to the RoomGPT iOS application and the services provided through it. It does not cover other apps we publish, or third-party websites or services that RoomGPT may link to.
RoomGPT can be used in two modes:
You can move between modes by signing in or signing out at any time.
We do not collect special-category personal data (Article 9 GDPR), such as health, biometric, political, religious, or sexual-orientation data. Room photos are pictures of interior spaces and are not used to identify individuals.
Purpose | Categories of data | Legal basis (EU/UK GDPR) |
To run the core AI room-design feature (generate designs from your photo) | Room photos, anonymous user ID, device data | Article 6(1)(b) — performance of contract |
To manage your subscription and process renewals | Email (if signed in), subscription status, device ID | Article 6(1)(b) — performance of contract |
To enforce free-tier limits and prevent abuse | Anonymous user ID, device data, usage data | Article 6(1)(f) — legitimate interest in protecting the Service |
To diagnose crashes and operate the app reliably | Device data, crash logs, anonymous user ID | Article 6(1)(f) — legitimate interest in technical operation |
To send you transactional notifications (your generation is ready, your subscription has renewed) | Email or anonymous user ID, device push token | Article 6(1)(b) — performance of contract |
To measure the performance of our advertising and attribute installs | Device identifiers, conversion events | Article 6(1)(a) — your explicit consent (via consent banner) |
To comply with legal obligations (tax, regulatory, fraud) | Subscription and payment records | Article 6(1)(c) — legal obligation |
You have the right to withdraw any consent you have given at any time, without affecting the lawfulness of processing carried out before withdrawal. You can withdraw push notification consent in the app settings, and ad-tracking consent in the privacy section of the app and in iOS settings.
To run RoomGPT we use the following sub-processors. Each one processes personal data on our instructions under a written agreement.
Sub-processor | Purpose | Country | Categories of data | Transfer safeguard |
Google LLC (Google Cloud Platform / Vertex AI / Imagen) | App backend (Cloud Functions in us-central1), AI generation | United States | Room photos, anonymous user ID, device data, processed images | EU-US Data Privacy Framework + SCCs |
Google LLC (Firebase: Auth, Firestore, Storage, App Check, Cloud Messaging, Crashlytics) | User authentication, database, file storage, push delivery, crash reports | United States | Email (if signed in), anonymous user ID, room photos, subscription data, device data, crash logs | EU-US Data Privacy Framework + SCCs |
OpenAI, L.L.C. | Selected AI features | United States | Photo content, generation parameters | SCCs |
RevenueCat, Inc. (including the pawwalls.com asset CDN it operates) | Subscription management, paywall delivery, paywall image and animation hosting | United States | Anonymous user ID, subscription events, device data, paywall asset requests | SCCs |
Apple, Inc. | App Store distribution, App Store payments, Apple Search Ads attribution, push delivery (APNs) | United States / Ireland | Payment data, App Store account data, push tokens | Apple's standard data processing terms |
Meta Platforms, Inc. | Ad attribution and conversion measurement — EU/UK: only after explicit consent | United States | Device identifiers, conversion events, IP address | EU-US Data Privacy Framework + SCCs |
We do not sell your personal data. We do not share your room photos with third parties for advertising or training purposes.
RoomGPT does not use website cookies. It does use third-party software development kits (SDKs) and identifiers that are functionally equivalent to cookies for the purposes of the EU ePrivacy Directive and the UK PECR.
We classify each SDK as either strictly necessary or non-essential.
Strictly necessary (no consent required):
Non-essential (consent required for EU/UK users):
RoomGPT does not currently send marketing or promotional push notifications.
If you are in the EU or the UK, the first time you open RoomGPT you will see a consent banner that asks whether you accept the non-essential SDKs and tracking. We do not initialize these SDKs and we do not transmit any data to them before you give consent. You can change your choice at any time from the in-app privacy settings.
This consent operates independently of Apple's App Tracking Transparency (ATT) permission. Even if ATT is granted, we still require your explicit consent under the EU ePrivacy Directive / UK PECR before non-essential SDKs run.
We are based in the United States, and most of our sub-processors are also based in the United States. When personal data of EU or UK users is transferred outside the European Economic Area or the United Kingdom, we rely on the following safeguards under Chapter V of the EU GDPR / UK GDPR:
You may request a copy of the safeguards in place for a specific transfer by contacting us at info.hbrothers.llc@gmail.com.
Category | Retention |
Room photos and generated images | Kept until you delete them from your generation history, or until you delete your account (signed-in users) or clear your data (anonymous users). No automatic time-based expiry. |
Anonymous user ID and usage data (free-tier counters) | While your installation remains active. Reset on uninstall. |
Hashed device identifier + free-tier usage flag (post-deletion fraud prevention) | Retained after account deletion as long as the device install persists. Reset when you uninstall the app. |
Email and account data (signed-in users) | Until you delete your account, then promptly removed (see Section 12). |
Subscription and payment records | 7 years after the last transaction, to comply with US and EU tax / accounting obligations. |
Crash logs and diagnostic data | 90 days, then deleted or aggregated. |
Marketing consent records and opt-in/opt-out history | 3 years after withdrawal, as evidence of consent. |
Support correspondence | 2 years after the last reply. |
When the retention period ends, we either delete the data or anonymise it so it can no longer be linked to you.
Under the EU GDPR and the UK GDPR you have the following rights:
To exercise any of these rights, write to info.hbrothers.llc@gmail.com. We will respond within one month, as required by Article 12(3) GDPR. We may ask you to confirm your identity before we act on a request.
You can permanently delete your RoomGPT account and the personal data associated with it from inside the app, under Settings → Account → Delete my account. The option is available whether you are signed in or using RoomGPT anonymously.
Deletion is irreversible and removes:
Deletion completes within 30 days.
For abuse-prevention purposes only, we retain a minimal device-level record after deletion: a hashed device identifier (a hashed form of Apple's Identifier For Vendor or the Firebase Installations ID associated with your device) together with a flag indicating whether that device has already used its free-tier generation quota. This record contains no identifying content, is not used to re-create any account, and exists solely to prevent users from indefinitely resetting the free tier through repeated deletions. This minimal retention is based on our legitimate interest under Article 6(1)(f) GDPR in preventing service abuse, and falls within the exceptions to the right of erasure under Article 17(3) GDPR. The record is reset if you fully uninstall the app from your device.
Anonymised or aggregated data, and data we must retain under law (Section 10), will also be kept.
Please note that deleting your account does not cancel your App Store subscription. To cancel a subscription, go to iOS Settings → Apple ID → Subscriptions.
If you cannot access the in-app option, you can also email us at info.hbrothers.llc@gmail.com and we will process the deletion on your behalf.
RoomGPT is rated 4+ on the App Store because it contains no objectionable content, but it is not directed at children. We do not knowingly process personal data of children under 16 (or the equivalent minimum age for digital consent in your country). If you are a parent or guardian and you believe your child has used RoomGPT, please contact us at info.hbrothers.llc@gmail.com and we will delete the data.
RoomGPT uses generative AI models to produce design suggestions from the photos you upload. The output is generated automatically based on your input and the model's parameters. We do not use your room photos or your generations to train AI models.
RoomGPT offers a free tier (a limited number of generations) and paid subscriptions on a weekly or yearly basis. Subscriptions are sold through Apple's App Store. Payments, billing, renewal, and refund requests are handled by Apple under your Apple ID terms. Refund requests must be submitted to Apple via https://reportaproblem.apple.com. We have no ability to issue App Store refunds directly.
EU and UK consumers should note that, under Article 16(m) of the EU Consumer Rights Directive (Directive 2011/83/EU) and equivalent UK law, the right of withdrawal from a digital content contract is lost once supply of the digital content has begun with your express prior consent. By starting to use RoomGPT's paid features after subscribing, you provide that consent.
RoomGPT only sends transactional push notifications — for example, "your generation is ready" or "your subscription will renew tomorrow." These are sent on the basis of our contract with you (Article 6(1)(b) GDPR) to every user who has granted iOS notification permission. We do not currently send marketing or promotional push notifications.
You can turn off notifications at any time by disabling notifications for RoomGPT in iOS Settings.
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS 1.2+) and at rest, access controls, App Check protection against unauthorised clients, and logging. No system is perfectly secure, and we cannot guarantee absolute protection. If we become aware of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform you directly, in accordance with Articles 33 and 34 GDPR.
If you are a California resident, you have the right to:
We do not "sell" personal information for money. We may "share" certain identifiers with Meta for cross-context behavioural advertising, but only after you have given affirmative consent in-app (see Section 8). To exercise your CCPA rights, email info.hbrothers.llc@gmail.com.
We retain personal information for the periods described in Section 10. We do not knowingly collect personal information of consumers under 16 without consent.
If you are located outside the EU, the UK, or California, applicable local privacy laws may grant you similar rights (for example, Canada's PIPEDA, Brazil's LGPD, Australia's Privacy Act). You can exercise any such rights by writing to info.hbrothers.llc@gmail.com.
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. If we make material changes, we will inform you through the app or by email before they take effect, where required by law.
Hbrothers L.L.C., trading as Hbro Studio Email: info.hbrothers.llc@gmail.com Website: https://www.hbro-studio.com
EU Representative (Article 27 EU GDPR): Thibault Mundele, Rua Pinto Ferreira 56, 1D, 1300 Lisbon, Portugal — info.hbrothers.llc@gmail.com UK Representative (Article 27 UK GDPR): appointment pending — contact info.hbrothers.llc@gmail.com in the meantime.
