Privacy Policy

1. Introduction

Design-Rite Corporation, doing business as DesignRight.ai ("Company," "we," "us," or "our"), respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our website at https://designright.ai, our subscriber portal at https://portal.designright.ai, and any related services, applications, or tools (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when you:

• Create an Account: Name, email address, password, company name, job title, phone number
• Subscribe to Our Services: Billing address, payment card information (processed securely by Stripe), subscription tier selection
• Use Our Platform: Project data, client information you input, equipment specifications, estimates, proposals, and designs you create
• Communicate With Us: Support inquiries, feedback, survey responses
• Interact With AI Features: Prompts, queries, conversation history, voice recordings (if using voice features)

2.2 Information Collected Automatically

When you access our Services, we automatically collect:

• Device Information: Browser type and version, operating system, device type, screen resolution
• Usage Data: Pages visited, features used, time spent on pages, click patterns, navigation paths
• Network Information: IP address, approximate geographic location (city/region level), internet service provider
• Authentication Data: Login timestamps, session duration, authentication method used
• Performance Data: Error logs, load times, system performance metrics

2.3 Information From Third Parties

• Authentication Providers: If you sign in using Google or other OAuth providers
• Payment Processors: Transaction confirmations and billing status from Stripe
• Analytics Services: Aggregated usage statistics

3. How We Use Your Information

3.1 Service Delivery

• Provide, operate, and maintain our Services
• Process your transactions and manage your subscription
• Generate AI-powered estimates, proposals, and designs based on your inputs
• Store and retrieve your projects and data
• Authenticate your identity and maintain account security

3.2 Service Improvement

• Analyze usage patterns to improve features and user experience
• Train and improve our AI models (using anonymized and aggregated data only)
• Debug and fix technical issues
• Develop new features and services

3.3 Communications

• Send transactional emails (account confirmation, password reset, payment receipts)
• Provide customer support and respond to inquiries
• Send service announcements and updates
• Send marketing communications (with your consent; you may opt-out at any time)

3.4 Security and Compliance

• Detect, prevent, and address fraud, abuse, and security issues
• Enforce our Terms of Service and other agreements
• Comply with legal obligations and respond to lawful requests

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on:

• Contract Performance: Processing necessary to provide Services you have requested
• Legitimate Interests: Processing for our legitimate business interests (improving Services, fraud prevention, security) where not overridden by your rights
• Consent: Where you have given specific consent for processing (e.g., marketing communications)
• Legal Obligation: Processing necessary to comply with applicable laws

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share your information in the following circumstances:

5.1 Service Providers

We engage trusted third-party companies to perform services on our behalf:

All service providers are contractually obligated to use your data only for the purposes we specify and to maintain appropriate security measures.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal process (subpoenas, court orders, search warrants)
• Government requests that meet legal requirements
• Situations where disclosure is necessary to protect our rights, safety, or property
• Emergencies involving potential threats to safety

5.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your personal information.

5.4 With Your Consent

We may share your information in other circumstances with your explicit consent.

6. Data Security

We implement comprehensive security measures to protect your information:

6.1 Technical Safeguards

• Encryption in Transit: All data transmitted between your browser and our servers uses TLS 1.3 encryption
• Encryption at Rest: Sensitive data is encrypted in our databases using AES-256 encryption
• Secure Authentication: Passwords are hashed using bcrypt; we support multi-factor authentication
• API Security: Rate limiting, API key authentication, and request validation
• Infrastructure Security: Firewalls, DDoS protection via Cloudflare, regular security patches
• Web Application Firewall: OWASP-compliant WAF protection against common attack vectors

6.2 Organizational Safeguards

• Access controls limiting employee access to personal data on a need-to-know basis
• Regular security training for team members
• Incident response procedures for potential data breaches
• Regular security assessments and vulnerability testing

6.3 PCI Compliance

Payment information is handled exclusively by Stripe, a PCI DSS Level 1 certified payment processor. We never store, process, or transmit your full credit card numbers on our servers.

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry best practices.

7. Data Retention

We retain your personal information for as long as necessary to:

• Provide our Services to you while your account is active
• Comply with legal obligations (e.g., tax records retained for 7 years)
• Resolve disputes and enforce our agreements
• Maintain business records for legitimate purposes

Specific retention periods:

• Account Data: Retained while account is active, deleted within 30 days of account deletion request
• Project Data: Retained while account is active; you may delete individual projects at any time
• Transaction Records: Retained for 7 years for tax and legal compliance
• Support Communications: Retained for 3 years after resolution
• Server Logs: Automatically deleted after 90 days

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

8.1 General Rights (All Users)

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Data Portability: Request your data in a structured, machine-readable format
• Opt-Out: Unsubscribe from marketing communications at any time

8.2 Additional Rights for EEA/UK Residents (GDPR)

• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Complaint: Lodge a complaint with your local data protection authority

8.3 Additional Rights for California Residents (CCPA/CPRA)

• Right to Know: What personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out of Sale: We do not sell personal information
• Right to Non-Discrimination: We will not discriminate for exercising your rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit Use: Limit use of sensitive personal information

8.4 Exercising Your Rights

To exercise any of these rights, contact us at:

Email: privacy@designright.ai

We will respond to your request within 30 days (or 45 days for complex requests, with notice). We may need to verify your identity before processing your request.

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

• Essential Cookies: Required for authentication, security, and basic functionality. Cannot be disabled.
• Functional Cookies: Remember your preferences and settings (theme, language, etc.)
• Analytics Cookies: Help us understand how visitors use our Services

9.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Services. Most browsers allow you to:

• View what cookies are stored and delete them individually
• Block third-party cookies
• Block all cookies from specific sites
• Delete all cookies when you close your browser

9.3 Do Not Track

Our Services do not currently respond to "Do Not Track" signals. However, you can opt out of analytics tracking using browser extensions or by adjusting your cookie preferences.

10. International Data Transfers

Our Services are hosted in the United States. If you access our Services from outside the United States, your information will be transferred to, stored, and processed in the United States.

For users in the EEA, UK, or Switzerland, we ensure appropriate safeguards for international transfers through:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with our service providers
• Compliance with applicable data protection frameworks

11. Children's Privacy

Our Services are intended for business professionals and are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

If you believe we have collected information from a child under 18, please contact us immediately at privacy@designright.ai.

12. Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make changes:

• We will update the "Effective Date" at the top of this policy
• For material changes, we will provide prominent notice (e.g., email notification or banner on our website)
• We will obtain your consent where required by applicable law

Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact your local data protection authority.