Privacy Policy

Last updated: February 28, 2026

This Privacy Policy applies to the Roof Visualizer Pro web application at roofvisualizerpro.com and our mobile applications available on the Google Play Store and the Apple App Store.

1. Introduction

Roof Visualizer Pro LLC ("we," "our," or "us") operates the Roof Visualizer Pro web application and mobile apps (collectively, the "Service"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

When you create an account or use Roof Visualizer Pro, we collect:

  • Name and email address
  • Encrypted password (hashed, never stored in plaintext)
  • Company name and business information (if provided)
  • Organization membership and team role (owner, admin, or member)
  • Subscription tier and account preferences

Payment Information

All subscription payments are processed by Stripe, whether you subscribe through our web application or mobile app. We do not collect or store credit card numbers on our servers. We retain your Stripe customer ID and subscription identifiers to manage billing. The mobile app does not process payments through Google Play or Apple App Store — all billing is handled directly through Stripe.

User-Generated Content

  • Photos you upload for roof visualization
  • Generated visualization images (roof color/material overlays)
  • Custom branding configurations (logos, colors, fonts) for branded visualizers
  • Watermark settings and visualizer embed configurations

Technical and Device Data

  • Device fingerprint: A hashed identifier derived from non-personal device characteristics (screen resolution, timezone, platform, browser type) used solely for rate limiting and abuse prevention — not for advertising or cross-site tracking
  • Browser user agent and IP address
  • Approximate geolocation (country, state, city) associated with image uploads and visualization requests
  • Device type, operating system, and unique device identifiers (mobile apps only)

Lead Capture Data (Pro Tier — Branded Visualizers)

If a roofing contractor enables lead capture on their branded visualizer, end-users who submit the form may provide: name, email, phone number, property address, ZIP code, project timeline, budget range, and a message. This data is stored on behalf of the contractor and shared with them. Contractors are responsible for their own compliance with data protection laws when processing lead data.

Usage and Analytics Data

  • Number of visualizations created, downloaded, and uploaded
  • Product and color selections
  • Aggregated daily statistics for branded visualizers
  • Team member activity (visualizations, downloads, uploads per member per day)

We do not use Google Analytics, advertising pixels, retargeting cookies, or any third-party behavioral tracking tools. All analytics are internal and first-party only.

Camera and Photo Access (Mobile Apps)

Our mobile apps request camera and photo library access so you can capture or select photos for roof visualization. Photos are sent to our servers for AI-powered processing and stored in your account.

3. How We Use Your Information

We use your information to:

  • Provide and operate the roof visualization service
  • Process your subscription payments and manage billing
  • Manage your account, organization, and team memberships
  • Generate AI-powered roof visualizations from your uploaded photos
  • Store and deliver your uploaded images and generated visualizations
  • Send transactional emails (account confirmations, password resets, team invitations, lead notifications)
  • Enforce rate limits, prevent abuse, and protect against bots
  • Improve our AI algorithms and enhance the user experience
  • Respond to your customer support requests
  • Comply with legal obligations

4. Data Sharing and Third-Party Services

We do not sell your personal information. We share data only with the following service providers, each of which is contractually bound to protect your data:

  • Supabase: Authentication, database, and user data storage
  • Stripe: Payment processing and subscription management (all platforms)
  • Google (Gemini API): AI-powered roof visualization generation. Uploaded photos are sent to Google's Gemini API for processing. Google's data usage policies apply to this processing.
  • Cloudflare: Website hosting and CDN (Cloudflare Pages), image storage (R2), bot protection (Turnstile), and caching (Workers KV)
  • Resend: Transactional email delivery (confirmations, notifications, team invitations, lead alerts)
  • Google Play / Apple App Store: Mobile app distribution only (no payment processing)
  • Legal authorities: When required by law, court order, or to protect our rights

5. Cookies and Local Storage

We use a minimal set of cookies and browser local storage — only what is necessary to operate the Service. We do not use advertising, retargeting, or third-party tracking cookies. For a full breakdown of every cookie and storage mechanism we use, please see our Cookie Policy.

6. Data Storage and Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS) enforced by Cloudflare
  • Encryption at rest for stored data
  • Passwords hashed using industry-standard algorithms (never stored in plaintext)
  • Role-based access controls for team and organization features
  • Bot protection via Cloudflare Turnstile on all public forms
  • Regular security reviews and dependency updates

Your uploaded photos and visualizations are stored securely in Cloudflare R2 and are not shared with third parties except as necessary to generate visualizations (via Google Gemini API).

7. Data Retention

  • Account data: Retained while your account is active and for up to 30 days after deletion to allow recovery
  • Photos and visualizations: Retained while your account is active. Upon account deletion, user-facing access is removed; however, we may retain archived copies for abuse prevention, fraud investigation, legal compliance, and service integrity
  • Payment records: Retained for 7 years to comply with tax and accounting requirements
  • Lead capture data: Retained until the contractor deletes it or upon request from the data subject
  • Usage analytics: Aggregated data retained indefinitely; identifiable data deleted after 12 months

8. International Data Transfers

Our Service and sub-processors are primarily located in the United States. If you are located outside the United States — including in the European Union, United Kingdom, Australia, New Zealand, or Canada — your personal data will be transferred to and processed in the United States. We rely on appropriate safeguards, including the EU-U.S. Data Privacy Framework, UK Extension to the DPF, Standard Contractual Clauses (SCCs), and equivalent mechanisms recognized by applicable data protection authorities to ensure adequate protection during transfer.

9. Your Rights

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal data:

  • Access your personal data stored in our systems
  • Request correction of inaccurate or incomplete data
  • Request deletion of your account and all associated data
  • Request restriction of processing
  • Object to processing based on legitimate interests
  • Receive your data in a portable, machine-readable format
  • Withdraw consent at any time (where processing is based on consent)
  • Opt out of marketing communications
  • Lodge a complaint with your local data protection authority

Jurisdiction-Specific Rights

  • EU/EEA (GDPR): Full rights under Articles 15–21. See our GDPR Compliance page for details.
  • United Kingdom (UK GDPR / DPA 2018): Equivalent rights to EU GDPR. You may lodge complaints with the Information Commissioner's Office (ICO).
  • Canada (PIPEDA): Right to access, correct, and challenge our compliance. You may file a complaint with the Office of the Privacy Commissioner of Canada.
  • Australia (Privacy Act 1988): Right to access, correct, and complain. You may contact the Office of the Australian Information Commissioner (OAIC).
  • New Zealand (Privacy Act 2020): Right to access, correct, and complain. You may contact the Office of the Privacy Commissioner.

To exercise any of these rights, visit our Account Deletion page or contact us at privacy@roofvisualizerpro.com. We will respond to all requests within 30 days (or sooner where required by law).

10. Children's Privacy

Roof Visualizer Pro is designed for business professionals and is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our website. The "Last updated" date at the top of this page indicates when it was last revised. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us at:

Email: privacy@roofvisualizerpro.com

Company: Roof Visualizer Pro LLC

Google Play App Store