Breaking Canvas

Last updated May 10, 2026

Privacy Policy

Breaking Canvas is an interior design tool. We collect the minimum information needed to create your designs, protect your account, process payments, and operate the service.

The short version

  • Your original room photos are stored in private cloud storage.
  • Original room photos are automatically deleted from our cloud storage within 1 hour of upload.
  • We do not return original uploads as public URLs.
  • Generated designs may be stored on public image URLs so you can view, download, and share them.
  • We use uploaded photos only to generate the designs you request.
  • We do not use client-side direct uploads to our AI provider because that would risk exposing provider credentials.
  • We do not sell your personal information or room photos.

Information we collect

We collect account information such as your email address, session token, credit balance, payment records, generation history, selected room type, selected design style, prompts, uploaded room photos, and generated design images. We also process basic technical data such as IP address, request metadata, and rate-limit events to prevent abuse.

Room photos and designs

If you upload a room photo, the original source image is stored in a private bucket and is only served through authenticated API routes to the account that created it or an administrator. Generated images are stored separately and may be hosted on public URLs because downloads, previews, galleries, and sharing depend on accessible image links.

Why uploads pass through our server

Some apps process photos on-device or use temporary backend jobs. In Breaking Canvas, uploads pass through our Cloudflare backend so we can authenticate the request, protect our AI provider credentials, enforce file limits, store the original privately, and avoid exposing your photo as a public storage URL. We do not put AI provider API keys in the browser.

AI processors

We send your prompt and, when you upload one, your room photo to our image generation provider solely to produce the requested design. Provider processing is necessary for the service to work. We do not ask providers to train custom models on your photos.

Payments

Payments are handled by DodoPayments. We store payment identifiers, product information, credit amounts, and timestamps so we can add credits, prevent duplicate webhook processing, and support account questions. We do not store full card numbers.

Email and sign-in

We use Google Sign-In and email magic links for authentication. Transactional emails are sent through Resend. We normalize email addresses to reduce abuse and duplicate free-credit claims.

Retention and deletion

We keep account records, credit history, payment records, and saved generations for as long as needed to operate the service. Original uploaded room photos are private and are automatically deleted from our cloud storage within 1 hour of the initial upload. After that, before-and-after previews may no longer show the original upload. Generated designs may remain available for account history, downloads, sharing, galleries, and support. You can request account or data deletion by contacting us.

Security

We use session tokens, server-side authorization checks, private cloud storage for original uploads, rate limits, CAPTCHA checks on magic links, and provider secrets stored outside the frontend bundle. No internet service can guarantee perfect security, but we design the system to avoid unnecessary public exposure of private uploads.

Contact

For privacy questions or deletion requests, contact the site operator from the account email you used with Breaking Canvas. You can also return to the home page.