Legal
Last updated: July 13, 2026
reviz.design is operated by Bengi Kirici, located at Stralauer Platz 37, 10243 Berlin, Germany ("reviz.design", "we", "us", or "our").
Contact: contact@reviz.design
This Privacy Policy explains how reviz.design collects, uses, stores, shares, and protects personal data when you access or use our website, web application, AI-powered image editing tools, image generation workflows, subscriptions, credits, payment flows, support services, and related software, content, and documentation (collectively, the "Service").
By using the Service, you acknowledge that your information may be processed as described in this Privacy Policy. If you do not agree with this Privacy Policy, you should not use the Service.
Controller: Bengi Kirici, operating reviz.design.
Address: Stralauer Platz 37, 10243 Berlin, Germany.
Email: contact@reviz.design
You can contact us at this address for privacy requests, account deletion, billing questions, cancellation requests, or any other legal/privacy inquiry.
This Privacy Policy applies when you:
We generally act as the data controller for account management, billing, support, analytics, security, product operations, and legal compliance.
If you use the Service to process personal data on behalf of another person, client, company, or other legal entity, you are responsible for ensuring that you have the required legal basis, permissions, and notices for that processing.
When you create or use an account, we may collect:
Authentication, database, storage, and backend operations may be handled by Supabase.
When you use AI-powered features, we may process:
When you access the Service, we may automatically collect:
Payments are processed by Stripe or another third-party payment provider. We may process:
We do not directly store full payment card details. Card data is handled by Stripe or the relevant payment provider.
When you use our chat and planner features, we store your conversation history so that you can return to and continue your previous sessions. You can delete individual conversations or your entire account at any time, and doing so removes the associated content. The legal basis for this processing is the performance of our contract with you (Art. 6(1)(b) GDPR).
To keep the service secure and prevent abuse, we also keep a limited record of feature usage — such as timestamps, the feature used, and message counts. These records do not contain the content of your messages. We retain them for a maximum of 90 days, after which they are automatically deleted. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR) in maintaining the security and reliability of the service.
We use information to:
| Purpose | Legal Basis |
|---|---|
| Account creation & login | Art. 6(1)(b) GDPR, performance of a contract |
| Service delivery, AI processing, credits, and outputs | Art. 6(1)(b), performance of a contract |
| Payments & invoicing | Art. 6(1)(b), performance of a contract; Art. 6(1)(c), legal obligations |
| Security & fraud prevention | Art. 6(1)(f), legitimate interests |
| Customer support | Art. 6(1)(b) and Art. 6(1)(f) |
| Optional analytics, cookies, and tracking | Art. 6(1)(a), consent, where required |
| Error tracking and service stability | Art. 6(1)(f), legitimate interests |
| Legal compliance and dispute handling | Art. 6(1)(c) and Art. 6(1)(f) |
reviz.design uses AI providers and model infrastructure to provide image editing, generation, enhancement, upscaling, visualization, chat and planner assistance, and related workflows. Depending on the feature you use, your uploaded images, prompts, instructions, masks, metadata, and generated outputs may be transmitted to and processed by AI providers.
To provide our AI-powered chat, planner, and rendering features, the inputs you provide are transmitted to Google (Gemini API), which processes them on our behalf.
AI providers used or that may be used depending on the feature include:
AI providers process content only as needed to provide the requested feature, such as generating an image, editing a selected area, enhancing image quality, applying a design style, creating a variation, or returning a preview or output.
reviz.design does not use your uploaded images, prompts, or generated outputs to train our own general-purpose AI models unless we clearly ask for your permission or provide a separate opt-in mechanism.
Third-party AI providers may process data according to their own terms, privacy policies, API policies, enterprise settings, retention settings, and legal obligations. Where available, we aim to use provider settings that limit training on customer data.
Some providers or infrastructure may temporarily store uploads, previews, outputs, cache files, or generated access URLs. These URLs may be accessible to anyone who has the link until they expire or are deleted.
You should not upload confidential, highly sensitive, private, or regulated data unless you have all necessary rights, permissions, and legal bases to do so.
We use third-party service providers to operate, host, secure, analyze, improve, and monetize the Service. These providers may process personal data, usage data, technical logs, payment data, uploaded content, prompts, generated outputs, or communication data depending on the feature used.
We do not sell your personal information.
We may use Google Analytics to understand website traffic, usage patterns, device information, referrers, approximate location, and aggregate user behavior. Where required, Google Analytics is used only after you consent to analytics cookies.
We use PostHog for error tracking and service stability. We may also use PostHog for product analytics, event tracking, funnel analysis, feature usage measurement, and service improvement where consent is required.
For error tracking, PostHog may process:
Anonymous visitors have no persistent identifier processed by PostHog error tracking.
For logged-in users who have accepted analytics or have not yet decided, the account identifier (user.id) is transmitted to PostHog whenever the app loads while logged in, not only when an error occurs, and is attached to error events. Legal basis: Art. 6(1)(f) GDPR, legitimate interest in service stability and account-level debugging.
For logged-in users who have explicitly rejected analytics, the account identifier is not transmitted to PostHog from the browser, and client errors are captured anonymously. Server-side errors are still attributed to the account through a server-side read of the Supabase session, under the same legitimate-interest basis as the application's own server logs.
PostHog is configured in the EU region as the processing location for this integration.
For product analytics, PostHog may collect:
This may include session replay (recording of on-screen activity and interactions).
Product analytics processing is based on user consent where required. Data is used to improve product performance and user experience.
We and our providers may use cookies, local storage, pixels, SDKs, and similar technologies to keep you signed in, remember preferences, secure the Service, measure performance, analyze usage, and prevent fraud or abuse.
You can manage cookie preferences via the cookie banner or .
For details, see our Cookie Policy:
We may share information:
reviz.design is operated from Germany, but our service providers may process data in the European Economic Area, the United States, the United Kingdom, Switzerland, or other countries.
Providers such as Supabase, Vercel, Stripe, OpenAI, Google, Replicate, Cloudflare, Resend, Google Analytics, PostHog, and other infrastructure or AI providers may process data outside your country of residence. PostHog is configured in the EU region for this integration.
Where required, we rely on appropriate safeguards, such as:
We retain personal data only for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, prevent abuse, and maintain business records.
If you request deletion, some information may remain in backups, logs, fraud prevention records, legal records, billing records, or dispute records where retention is necessary or legally required.
We use reasonable technical, organizational, and administrative safeguards designed to protect your information. These may include:
No method of transmission or storage over the internet is completely secure. We cannot guarantee absolute security.
Depending on where you live, you may have rights under GDPR, UK GDPR, KVKK, CCPA/CPRA, or other applicable privacy laws. These rights may include the right to:
Requests can be sent to contact@reviz.design. We may need to verify your identity before responding to certain requests.
You may request account deletion, data deletion, or a copy of your personal data by contacting us at contact@reviz.design.
After account deletion, we may delete or anonymize personal data unless retention is required for legal, accounting, fraud prevention, security, dispute resolution, enforcement of our Terms, backup, or disaster recovery purposes.
You are responsible for ensuring that your uploaded content, prompts, images, and outputs do not violate:
You should not upload private images of others, confidential client materials, biometric data, children's data, government IDs, medical information, financial records, or sensitive information unless you have all required rights, consents, and legal bases.
reviz.design is not designed to process highly sensitive personal information. Do not submit:
Outputs generated by reviz.design are AI-generated, conceptual, and illustrative. They may:
Outputs must not be relied upon for:
If we send marketing emails, you may opt out at any time by using the unsubscribe link or contacting us. Even if you opt out of marketing emails, we may still send transactional or service-related messages, such as account, security, billing, cancellation, legal, or policy notices.
The Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe that a child has provided personal information to us, contact us and we will take appropriate steps to delete it.
If you are a California resident, you may have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.
We do not sell personal information as the term "sell" is commonly understood. Depending on how analytics or advertising tools are configured, certain data sharing may be considered "sharing" or targeted advertising under some privacy laws. Where required, we will provide appropriate opt-out mechanisms.
We may update this Privacy Policy from time to time. If we make material changes, we may notify you by email, in-app notice, website notice, or by updating the "Last updated" date above.
Your continued use of the Service after an updated Privacy Policy becomes effective means you accept it.
reviz.design is operated by:
Bengi Kirici
Stralauer Platz 37
10243 Berlin
Germany
Contact: contact@reviz.design