Privacy Policy

This Privacy Policy explains how FLOOR 1 LTD (registered in Scotland under company number SC620538, trading as Floori) collects, uses, retains and shares personal data when you visit flooronepro.com, create a Floori account, upload material photographs, or generate AI material previews and reveal reels. It applies globally and is written to comply with the EU and UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, CCPA), and equivalent laws in other jurisdictions where you use the service.

1. Who we are

FLOOR 1 LTD is the data controller for the personal data described in this policy. Our registered office is at 9 Newton Place, Office 1, Technology House, Glasgow G3 7PR, Scotland, United Kingdom. You can reach our privacy team at support@flooronepro.com. We do not currently appoint a Data Protection Officer because we are below the thresholds in Article 37 GDPR; nevertheless, every privacy-related request is reviewed by a named team member, not an automated mailbox.

2. Personal data we collect

We process the following categories:

• Account data: email address, hashed password (or single sign-on identifier), display name, country of residence, and the language you read the interface in.
• Billing data: Stripe customer ID, the last four digits of your card, billing country, the plan and credits attached to your account, invoice history. Full card numbers are handled by Stripe; we never see or store them.
• Content you upload: photographs of your room or surface, optional reference images, the natural-language brief you type into chat, any captions and notes you add to candidate previews.
• AI outputs we generate for you: candidate material renders, reveal reels (mp4), texture close-ups, decision PDFs.
• Usage data: credit consumption events, feature interactions, error logs, the device class and browser you use to reach us.
• Support data: the content of email tickets, screenshots you send us, refund and dispute correspondence.
• Cookies and similar identifiers: see our Cookie Policy for the categories and the consent controls you have.

3. Why we process it (lawful bases)

• Performance of contract (Art. 6(1)(b) GDPR): authenticating you, storing your photographs long enough to render previews, generating outputs, processing your subscription or credit pack, and providing customer support.
• Legitimate interests (Art. 6(1)(f) GDPR): preventing fraud and abuse, securing the service against misuse of AI generation, analysing aggregate usage so we can decide what to improve, sending essential transactional notices.
• Consent (Art. 6(1)(a) GDPR): non-essential analytics and marketing cookies, optional product newsletters, and any processing of special categories of data you choose to disclose in your room photographs.
• Legal obligation (Art. 6(1)(c) GDPR): tax and accounting record retention, responding to lawful requests from authorities.

4. AI processing and training

Floori uses a combination of in-house and third-party AI models to analyse your photos and generate previews. We do not use the photographs, briefs or outputs we create for you to train any general-purpose model. Aggregated, anonymised signals — for example "how often a sample brief mentions herringbone" — may be used to tune prompts and inform product priorities, but no information from those signals identifies you or your room.

When we send your inputs to a third-party AI provider, we do so under a written data processing addendum that prohibits the provider from training their foundation models on your content and that requires deletion within thirty days of the request. The current list of sub-processors is published on request.

5. Retention

• Photographs you upload: retained in active storage for up to 30 days after generation, then automatically deleted unless you save the project to a workspace; saved projects are retained for the lifetime of your account.
• AI outputs: available in your workspace for the lifetime of your account; deleted within 30 days of account closure.
• Account and billing records: retained for up to 7 years after the last invoice in line with UK and EU tax record obligations, then deleted.
• Support tickets: retained for up to 24 months for quality and dispute purposes.
• Server and access logs: retained for up to 90 days for security investigations, then rotated.

6. Who we share data with

We share personal data only with vetted processors operating under binding contracts. Categories include: Stripe (billing), our AI providers (preview generation), our cloud hosting and storage providers, our analytics provider where you have consented, and our customer support tooling. We never sell or rent personal data, and we do not share data for cross-context behavioural advertising — this position applies whether you are a Californian "consumer" under CCPA or a data subject anywhere else.

7. International transfers

Some of our processors are located in the United States and other jurisdictions. Where personal data leaves the UK or EEA, we rely on the UK International Data Transfer Addendum and the European Commission's Standard Contractual Clauses, supplemented by encryption in transit and at rest, and by access controls scoped to the minimum needed.

8. Your rights

You have the following rights, exercisable free of charge:

• Access a copy of the personal data we hold about you.
• Rectify inaccurate data, or complete incomplete data.
• Erase your data ("right to be forgotten") where we have no overriding legal reason to keep it.
• Restrict or object to certain processing.
• Receive your data in a portable format.
• Withdraw consent at any time, without affecting prior processing.
• Lodge a complaint with the Information Commissioner's Office (UK), the competent EEA supervisory authority, or — if you are a California resident — with the California Privacy Protection Agency.

California residents additionally have the right to know what we collect, the right to delete, the right to correct, the right to limit use of sensitive personal information, and the right not to be retaliated against for exercising these rights. We honour Global Privacy Control (GPC) signals as opt-out requests where applicable.

To exercise any right, email support@flooronepro.com. We respond within thirty days; complex requests may extend this by a further sixty days, in which case we tell you.

9. Security

We protect personal data with industry-standard measures: TLS in transit, encryption at rest for storage buckets and database backups, scoped access controls based on least privilege, mandatory MFA for every employee and contractor with access to production, regular third-party penetration tests, and a written incident response runbook. No system is impenetrable; if a security incident affects you we will notify you and the relevant supervisory authority within 72 hours of becoming aware of it.

10. Children and minors

Floori is not directed to children under 13, and we do not knowingly collect personal data from anyone under 13. Users between 13 and 17 must have a parent or legal guardian's consent before creating an account. If you believe a child has provided personal data without consent, contact us and we will delete the account and the associated content.

11. Changes to this policy

We may update this policy as the product, our processors or applicable law change. The "Effective" date at the top of the page reflects the most recent revision. Material changes are announced by email to active account holders at least 30 days before they take effect.

12. Contact

Email: support@flooronepro.com
Postal: FLOOR 1 LTD, 9 Newton Place, Office 1, Technology House, Glasgow G3 7PR, Scotland, United Kingdom.