Skip to main content

Privacy Policy

How we collect, use, and protect your data.

Updated 29 December 20256 min read

At a Glance:

  1. We sell software, not data. We never sell your personal information to third parties.
  2. Your designs stay yours. Private workspace content is never used to train our AI models.
  3. Essential cookies only. No tracking, no advertising cookies, no cookie banner needed.
  4. Delete anytime. Request full account deletion and we'll remove your data within 30 days.

Who We Are

Ictinus is an AI-powered design platform for architects and designers. We're operated by Ictinus Ltd, registered in England and Wales. When we say "we", "us", or "our" in this policy, we mean Ictinus Ltd.

Information We Collect

Information You Provide

  • Account Data: Your name, email address, and password (securely hashed — we never store plaintext passwords).
  • Billing Data: Payment information is processed directly by Stripe. We receive only the last four digits of your card and billing address for invoicing purposes.
  • User Content: The prompts, sketches, reference images, and 3D models you upload to generate designs.
  • Communications: Any messages you send to our support team.

Information Collected Automatically

  • Log Data: IP address, browser type, device information, and pages visited. We use this for security monitoring and debugging.
  • Usage Analytics: We use Vercel Analytics to understand how people use Ictinus. This data is aggregated and cannot identify you personally.

Cookies

We only use cookies that are strictly necessary for Ictinus to function:

  • Authentication cookies to keep you signed in
  • Security cookies to protect against cross-site request forgery

We do not use advertising cookies, tracking cookies, or any third-party cookies that follow you across the web. No cookie consent banner, because there's nothing optional to consent to.

How We Use Your Information

We use your information to:

  • Provide and maintain the Ictinus service
  • Process your payments and manage your subscription
  • Generate AI designs based on your prompts and uploads
  • Send transactional emails (receipts, password resets, important service updates)
  • Respond to your support requests
  • Detect and prevent fraud, abuse, and security issues
  • Improve our service based on aggregated usage patterns

We do not use your information to:

  • Sell to third parties
  • Send marketing emails without your explicit consent
  • Build advertising profiles
  • Train AI models on your private content

AI & Your Data

We take a clear stance on how your data interacts with our AI:

Private Workspaces: Designs, prompts, and uploads in your private projects are never used to train our foundational models. Your architectural work remains confidential.

Public Gallery: If you choose to publish designs to the Ictinus community gallery, you grant us permission to use those specific designs for research, marketing, and model improvement. You control what gets published.

AI Processing: When you generate a design, your prompt and reference images are sent to our AI providers (see Subprocessors below) to produce results. This data is processed in real-time and is not retained by these providers for training purposes.

Subprocessors

We use carefully selected third-party services to operate Ictinus:

ServicePurposeData ProcessedLocation
OpenAIAI image generationPrompts, reference imagesUSA
Google CloudAI model inferencePrompts, reference imagesUSA
VercelHosting & analyticsLog data, usage metricsGlobal (CDN)
SupabaseDatabase & authenticationAccount data, user contentUSA
StripePayment processingBilling dataUSA

All subprocessors are contractually bound to protect your data and comply with applicable privacy laws.

Data Retention

We retain your data for as long as your account is active, plus:

  • Account data: Deleted within 30 days of account deletion request
  • User content: Deleted within 30 days of account deletion request
  • Billing records: Retained for 7 years as required by tax law
  • Log data: Automatically deleted after 90 days
  • Support conversations: Retained for 2 years, then anonymised

Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Passwords are hashed using bcrypt with individual salts
  • Database access is restricted and logged
  • Regular security audits and dependency updates
  • Two-factor authentication available for all accounts

No system is 100% secure. If we discover a breach affecting your data, we'll notify you within 72 hours as required by GDPR.

International Transfers

Ictinus is operated from the UK, but our subprocessors are primarily located in the USA. When your data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) with all US-based subprocessors
  • Adequacy decisions where applicable
  • Encryption of all data in transit

Your Rights

Whether you're in California, Europe, or anywhere else, we offer the same rights to all users:

RightWhat It Means
AccessRequest a copy of all data we hold about you
CorrectionFix any inaccurate personal information
DeletionRequest complete deletion of your account and data
ExportDownload your data in a portable format
ObjectionObject to specific processing activities
RestrictionRequest we limit how we use your data

To exercise any right: Email privacy@ictinus.app from your registered email address. We'll respond within 30 days. For account deletion, you can also use the "Delete Account" option in your account settings.

We won't charge you to exercise your rights, and we won't treat you differently for doing so.

Children's Privacy

Ictinus is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@ictinus.app and we'll delete it promptly.

Changes to This Policy

We may update this policy from time to time. When we make significant changes:

  • We'll update the "Last Updated" date at the bottom of this page
  • For material changes, we'll notify you by email or through a notice in the app
  • We'll never reduce your rights without giving you notice and the opportunity to delete your account

Previous versions of this policy are available upon request.

Contact Us

Questions about this policy or how we handle your data?

Email: privacy@ictinus.app

We aim to respond to all privacy enquiries within 5 business days.