Privacy Policy
Effective May 2, 2026
Contents
- Overview
- Information we collect
- Mobile app: device permissions and local data
- How we use your information
- Automated processing and AI
- Third-party service providers
- Data storage and security
- Data retention
- Your rights
- Cookies and tracking
- Children's privacy
- International transfers
- AB 723 disclosure
- Changes to this policy
- Contact
1. Overview
Luster AI ("Luster," "we," "our," "us") operates a real estate photo enhancement platform delivered through our iOS mobile application and the website at https://lusterapp.ai (the "Service"). This Privacy Policy describes the personal data we collect, how we use and share it, how long we keep it, and your rights regarding your data.
By using the Service you confirm you have read this Privacy Policy. If you disagree with these practices, please do not use the Service.
2. Information We Collect
2.1 Account & authentication
When you create an account or sign in we collect:
- Email address — provided by you or by Google / Apple / Facebook when you sign in via OAuth.
- Display name (optional) — if shared by your social-login provider.
- User identifier — a UUID generated by Supabase, our authentication provider.
- Authentication tokens — short-lived access and refresh tokens that keep you signed in. On mobile these are stored in iOS Keychain via the Supabase SDK.
We support sign-in via Google OAuth, Apple Sign In, and Facebook OAuth. We never receive your social-account password.
2.2 Photos and image data
When you use the enhancement service we collect:
- Original photos you upload, stored in private Cloudflare R2 buckets accessible only via short-lived signed URLs.
- Enhanced output photos generated by our AI pipeline.
- File metadata — original filename, file size in bytes, MIME type.
EXIF and location: We strip all metadata (GPS, camera model, timestamps, device identifiers) from every enhanced output before storing it. Original uploaded images retain whatever EXIF metadata was present when you uploaded them; you can delete originals at any time.
HEIC conversion: iPhone HEIC photos are automatically converted to JPEG before processing.
Ownership: You retain full ownership of your original photos and any enhanced outputs we produce.
2.3 Payment information
We sell credit packs that you redeem for photo enhancements:
- iOS: Payments are processed by Apple and managed by RevenueCat. We never see card numbers, billing addresses, or other financial account information.
We store only your credit balance (an integer count) and transaction identifiers (used for de-duplication and audit).
2.4 Device and technical information
- IP address — captured in server access logs for security and rate-limiting.
- User agent — captured in server access logs.
- App version and OS — captured in server logs and crash diagnostics.
- Push notification token — if you opt in to push notifications, we store an Expo push token so we can notify you when enhancements complete.
2.5 Usage and service data
- Job records — status (queued, processing, succeeded, failed), timestamps, enhancement style, and processing duration.
- Audit events — status transitions for each job (created, started, completed, failed, refunded).
- Credit ledger — records of credit deductions and refunds.
- Project organization — names and groupings you create for your photos.
We do not use advertising trackers, do not sell your data, and do not perform behavioral profiling.
2.6 Crash and error diagnostics
Server-side errors and stack traces are captured in our log infrastructure (hosted by Railway) and used solely for debugging. The mobile app does not currently transmit crash data to a third-party crash-reporting service.
3. Mobile App: Device Permissions and Local Data
3.1 Device permissions
The iOS app may request:
- Camera — to capture photos in-app.
- Photo Library (read) — to select existing photos for enhancement.
- Photo Library (write) — to save enhanced photos back to your camera roll.
- Push notifications (optional) — to alert you when enhancements complete.
All permissions are requested at the point of first use and can be revoked in iOS Settings at any time.
3.2 Data stored on your device
- Authentication tokens — encrypted in iOS Keychain via the Supabase SDK.
- Listings cache — a local cache of your projects in AsyncStorage so the app loads quickly. Cleared on sign-out.
- Temporary image files — selected or captured photos may be cached briefly in the app's private cache directory and removed automatically.
When you sign out we clear locally cached listings and session tokens. Photos you have saved to your camera roll remain under your control.
4. How We Use Your Information
- Operate the Service — authenticate you, process enhancements, manage credits, deliver outputs.
- AI image processing — your photo pixels and a generic style prompt (e.g. "bright neutral interior") are sent to OpenAI for enhancement. No name, email, or user identifier is sent.
- Process payments — verify purchases, credit your account, refund failed jobs.
- Maintain reliability — monitor performance, diagnose errors, prevent abuse.
- Security — verify authentication, rate-limit traffic, detect fraud.
- Communicate with you — send transactional notifications related to your account. We do not send marketing email unless you explicitly opt in.
5. Automated Processing and AI
Our core service uses automated AI (OpenAI's gpt-image-1.5 model) to enhance real estate photos:
- Your photo pixels and a pre-defined style prompt are transmitted to OpenAI.
- OpenAI returns an enhanced version. No human reviews your photos during processing.
- We strip metadata from the enhanced output before storing it.
OpenAI's API data-usage policy states that API inputs and outputs are not used to train OpenAI models. OpenAI may retain API data for up to 30 days for abuse monitoring.
This automated processing does not perform profiling, scoring, or decisions producing legal effects. The sole purpose is image enhancement.
6. Third-Party Service Providers
We share data with the following providers solely to operate the Service. We do not sell, rent, or trade your personal information.
| Provider | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Supabase | Authentication and Postgres database hosting | Email, user ID, session tokens | supabase.com/privacy |
| OpenAI | AI image enhancement | Photo pixels, generic style prompt (no PII) | openai.com/policies |
| Cloudflare R2 | Photo storage (private buckets, signed URLs) | Original and enhanced photo files | cloudflare.com/privacypolicy |
| RevenueCat | iOS in-app purchase management | User ID, email, product IDs, transaction IDs, entitlement status | revenuecat.com/privacy |
| Superwall | Paywall rendering and A/B testing | User ID, paywall impression and conversion events | superwall.com/privacy |
| Expo Push Service | Mobile push notifications | Expo push token, notification payloads | expo.dev/privacy |
| Railway | Application hosting (API, worker, web) | Server logs (IP, request metadata) | railway.com/legal/privacy |
| Google / Apple / Facebook OAuth | Optional sign-in | Email, display name (only what the provider passes to us) | Google · Apple · Facebook |
Each provider has its own privacy commitments. We rely on their compliance programs (SOC 2, ISO 27001, GDPR Standard Contractual Clauses) where applicable.
7. Data Storage and Security
- Encryption in transit: all client–server traffic uses HTTPS / TLS.
- Encryption at rest: Cloudflare R2 storage is encrypted at rest by default.
- Authenticated access: every API endpoint requires a valid JWT. Photos are accessible only via short-lived signed URLs.
- Webhook verification: payment webhooks from RevenueCat are authenticated using a shared secret with constant-time comparison.
- Token security: mobile session tokens are stored in iOS Keychain.
- Rate limiting: API endpoints are rate-limited to deter abuse.
- Per-resource ownership checks: every read or mutation verifies the authenticated user owns the target resource.
Our primary infrastructure is hosted in the United States. Cloudflare R2 may replicate data across regions for durability. If you access the Service from outside the United States, your data will be transferred to and processed in the United States.
8. Data Retention
| Data type | Retention | Deletion |
|---|---|---|
| Account information | Until you delete your account | Use the Delete Account flow in Settings, or email us |
| Original photos | Until you delete them or your account | Delete individual photos or projects in-app |
| Enhanced photos | Until you delete them or your account | Delete in-app |
| Job records and audit events | Until account deletion | Deleted with account |
| Credit balance and ledger | Until account deletion | Deleted with account |
| Server access logs (IP, UA) | Rolling 30-day window | Automatic |
| Server error logs | Rolling 30-day window | Automatic |
| Local device cache | Until sign-out or app uninstall | Sign out or uninstall |
Account-deletion requests propagate to all storage layers (Postgres, R2, push tokens) within 30 days.
9. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access — request a copy of the personal data we hold about you.
- Correction — request that we correct inaccurate data.
- Deletion — request that we delete your personal data and photos. You can delete individual photos and projects in-app; full account deletion is available in Settings or by email.
- Data portability — request your data in a machine-readable format.
- Restriction — limit how we process your data.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent.
To exercise any right contact privacy@lusterapp.ai. We respond within 30 days.
9.1 California (CCPA / CPRA)
- We do not sell your personal information.
- We do not share your personal information for cross-context behavioral advertising.
- You have the right to know what personal information we collect, use, and disclose, and to request deletion.
- You will not be discriminated against for exercising your privacy rights.
9.2 European Economic Area (GDPR)
Our legal bases are:
- Contract performance — processing photos and managing your account.
- Legitimate interest — error monitoring, security, fraud prevention.
- Consent — where required (e.g. push notifications, optional marketing).
You have the right to lodge a complaint with your local data protection authority. International transfers are covered by Standard Contractual Clauses where required.
10. Cookies and Tracking
We do not use:
- Advertising or marketing cookies
- Third-party analytics cookies (e.g. Google Analytics)
- Cross-site tracking pixels
- Behavioral profiling tools
The mobile app's iOS Privacy Manifest declares NSPrivacyTracking: false. Our marketing site (lusterapp.ai) uses no tracking cookies; it relies solely on Caddy access logs.
11. Children's Privacy
The Service is intended for professional and commercial use and is not directed to children under 16 (under 13 in the United States). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
12. International Transfers
The Service is operated from the United States. If you access it from elsewhere your data is transferred to and processed in the United States, where data-protection laws may differ. Our sub-processors (listed in Section 6) operate in multiple jurisdictions; we rely on their compliance programs and Standard Contractual Clauses where applicable.
13. AB 723 — California Real Estate AI Disclosure
We support California licensees subject to AB 723 by hosting an unaltered original of every enhanced photo at a stable, scannable URL embedded in the QR code we burn into the exported image. Buyers scanning the code see the unaltered source photo and the date of upload. The licensee remains the regulated party under AB 723; Luster provides the technical disclosure surface.
14. Changes to This Policy
We may update this Privacy Policy. When we make material changes we will:
- Update the "Effective" date above.
- Notify you in-app or by email for significant changes.
Your continued use of the Service after changes constitutes acceptance of the updated policy.
15. Contact
Luster AI
Email: privacy@lusterapp.ai
Website: https://lusterapp.ai
We aim to respond to all privacy inquiries within 30 days.