Skip to main content
← Back to Stagio

Privacy Policy

Last updated: May 2026

1. Who We Are (Data Controller)

Stagio is operated by the operator of Stagio. The data controller for the processing described here is the operator of Stagio. For all privacy matters, including the exercise of your rights below, contact [email protected]. We respond within 30 days.

EU/EEA and UK users may contact [email protected] for any data-protection matter; where required, requests are handled in cooperation with our EU representative.

2. Information We Collect

  • Account data: name and email address (via our authentication provider).
  • Uploaded content: the room photos you upload and the staged images we generate from them.
  • Usage & billing data: generation history, plan, credit balance, and subscription status.
  • Technical data: error diagnostics (with URLs and email addresses redacted before storage).

3. How & Why We Use It (Lawful Basis)

  • Performance of contract: generating staged images, processing payments, managing your subscription and credits.
  • Legitimate interest: fraud/abuse prevention, service security, and aggregate product improvement.
  • Consent: onboarding and product emails — you can withdraw consent at any time via the unsubscribe link in any email.

4. Your Uploaded Photos

Photos you upload are stored on Cloudflare R2 and used solely to generate staged versions. They are sent to our AI provider (fal.ai) only to produce your result. You retain ownership of your uploaded photos and generated images. Generated real-estate images are virtual staging and must be disclosed as such in any listing, per our Terms.

Please upload only photos of empty or unoccupied rooms. Do not upload images containing identifiable people or other third-party personal data unless you have a lawful basis to do so — you are responsible for the rights to any photo and to anyone or any property depicted in it.

Image storage objects are addressed by unguessable identifiers and access to them is gated by server-side ownership checks. Generation is performed by the AI model only; we do not carry out automated decision-making producing legal or similarly significant effects about individuals (Art. 22 GDPR).

5. Processors & International Transfers

We share data only with the processors needed to run the service. Data may be transferred to and processed in the US and EU; transfers rely on the processors' Standard Contractual Clauses or equivalent safeguards.

  • Clerk (US) — authentication, account data
  • Paddle (UK/EU) — payments & Merchant of Record (handles tax; Paddle's buyer terms apply to purchases)
  • fal.ai (US) — AI image generation (receives uploaded photos to produce results)
  • Cloudflare R2 (US/global) — image storage
  • Neon (US/EU) — database
  • Resend (US) — transactional & onboarding email (receives your email + first name)
  • Upstash (US/global) — rate limiting (stores a hashed user identifier)
  • Sentry (EU) — error monitoring (URLs/emails redacted, no request bodies, no PII by default)
  • Vercel (US/global) — hosting & privacy-friendly analytics

A Data Processing Agreement is available to business customers on request.

6. Data Retention

We retain account data while your account is active. When you delete your account, your account record, generation history, uploaded photos, and generated images are deleted from our database and object storage. Short-lived intermediate files are deleted automatically during processing. Note that copies cached at CDN/browser level expire on their own cache schedule.

7. Your Rights

Depending on your location (including under the GDPR and the California CPRA), you have the right to access, correct, delete, export, restrict, or object to the processing of your personal data, and to withdraw consent. To delete your account and all associated data, delete your account from your account settings or email [email protected]. We do not sell or share personal data for cross-context behavioral advertising. You may also lodge a complaint with your local data protection authority.

8. Cookies

We use strictly necessary cookies for authentication and to remember your theme/preferences. Our analytics (Vercel) is configured to be privacy-friendly and does not use advertising or cross-site tracking cookies.

9. Contact

Privacy questions, data-subject requests, or deletion requests: [email protected].