Privacy Policy — Plan2Vision

This Privacy Policy explains how Plan2Vision Architectural AI collects, uses, and protects your personal data when you use our platform. We are committed to transparency and to your rights under the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nFADP).

1. Data Controller

Plan2Vision Architectural AI ("Plan2Vision", "we", "us") is the data controller for all personal data processed through this platform.

Plan2Vision

Staatsstrasse 121

9445 Rebstein, Switzerland

plan2vision.com/contact

2. Data We Collect

We collect the following categories of personal data:

**Account data** — your email address and, if provided, your name, collected when you register or authenticate.

**Usage data** — render jobs you submit (floor plan and room photo files), style selections, project names, and job history. Files are stored securely and deleted from our infrastructure within 30 days of generation.

**Payment data** — when you purchase credits, payment is processed by our payment provider. We do not store full card numbers; only a transaction reference and credit balance are retained.

**Technical data** — IP address, browser type, operating system, and session tokens necessary to operate the service securely.

**Cookie data** — session and preference cookies. See Section 9 for details.

3. Legal Basis for Processing

We process your data under the following legal bases:

Contract performance — processing is necessary to provide the services you have requested (account management, rendering jobs, credit transactions).
Legitimate interests — fraud prevention, platform security, product analytics to improve the service.
Legal obligation — retaining transaction records as required by Swiss commercial law.
Consent — for non-essential cookies and marketing communications, where you have opted in.

4. Third-Party Sub-Processors

We share data with the following sub-processors only to the extent necessary to operate the service:

Sub-processor	Purpose	Location
Supabase Inc.	Authentication, database, file storage	EU (Frankfurt)
kie.ai	AI image and video generation	EU / Singapore
Anthropic, PBC	Prompt parsing via Claude API	USA
Vercel Inc.	Hosting and edge delivery	Global CDN

All sub-processors are contractually bound to process data only on our instructions and maintain appropriate security measures. Transfers outside the EEA/Switzerland are governed by Standard Contractual Clauses or equivalent safeguards.

5. Data Retention

Account data — retained for the lifetime of your account, plus 12 months after deletion to fulfil any outstanding legal obligations.
Uploaded files — deleted from our storage within 30 days of the generation job completing. AI-generated outputs are retained until you delete your project, or for 90 days from creation if the project remains.
Transaction records — retained for 10 years as required by Swiss accounting regulations.
Log data — anonymised after 90 days.

6. Your Rights

Under GDPR and the Swiss Federal Act on Data Protection (nFADP), you have the right to:

Access — request a copy of the personal data we hold about you.
Rectification — request correction of inaccurate data.
Erasure — request deletion of your account and associated data, subject to legal retention obligations.
Restriction — request that we limit processing in certain circumstances.
Portability — receive your data in a machine-readable format.
Objection — object to processing based on legitimate interests.
Withdraw consent — at any time for consent-based processing, without affecting prior lawfulness.

To exercise any right, contact us at plan2vision.com/contact. We will respond within 30 days. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority.

7. Security

We implement technical and organisational measures proportionate to the risks involved, including:

TLS encryption for all data in transit
AES-256 encryption for files at rest
Row-level security and access controls on our database
API keys stored as server-side secrets; never exposed to the client
Regular security reviews

Despite these measures, no internet transmission is completely secure. We will notify affected users and, where required, supervisory authorities of any material data breaches.

8. Cookies & Tracking

We use the following cookies:

**Essential** — session authentication token required to keep you logged in. These cannot be disabled without breaking the service.

**Preference** — stores your cookie consent choice.

**Analytics** *(opt-in)* — if you accept analytics cookies, we use privacy-respecting, cookieless analytics to understand feature usage. No cross-site tracking or advertising networks are used.

You can manage your preferences at any time via the cookie banner or your browser settings.

9. Children's Privacy

Plan2Vision is not directed to children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us immediately at plan2vision.com/contact.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes to our practices or applicable law. Material changes will be notified by email or a prominent notice in the dashboard at least 14 days before taking effect. The date at the top of this page reflects the most recent revision.

11. Contact

For any privacy-related queries or to exercise your rights, contact our data protection team:

plan2vision.com/contact

Plan2Vision Architectural AI

Staatsstrasse 121, 9445 Rebstein, Switzerland

arrow_backBack to Home