Space Copilot
Start free
Legal

Privacy Policy

Last updated: May 29, 2026

This Privacy Policy explains how Space Copilot Inc. (“Space Copilot,” “we,” “us”) collects, uses, stores, and shares personal data when you visit space-copilot.com or use our AI Home Health Score service (the “Service”).

We’ve written this in plain English. Where a section maps to a specific legal requirement (GDPR Articles 6, 9, 13, 22 / CCPA / PIPL), we’ve noted it inline.

1. Who we are

Space Copilot Inc. is the data controller for personal data processed through the Service. Our business address and registration details are on file with our payment processor (Stripe) and tax jurisdiction; you can request a copy at privacy@space-copilot.com.

2. What we collect

We collect the following categories of personal data:

  • Account data — your email address, name (if you provide one), and authentication identifier from Google or Apple Sign In if you use them.
  • Uploaded content — floor plan files, room photos, and any notes you attach to a property. This may incidentally include images of personal belongings or family members captured in photos you upload. We treat this content as confidential.
  • Report data — the AI-generated health scores, callouts, and recommendations we produce from your uploads.
  • Billing data — name, billing address, and the last four digits of your card. Full card numbers are handled exclusively by Stripe and never reach our servers.
  • Technical data — IP address, browser type, device type, and approximate location (city / region) derived from IP, plus standard server logs.

3. Why we process it (GDPR Art. 6 legal basis)

  • To deliver the Service you signed up for — Art. 6(1)(b) performance of a contract. This covers account creation, processing uploads, generating reports, and customer support.
  • To process payments and prevent fraud — Art. 6(1)(b) and 6(1)(f) (legitimate interest in preventing chargebacks).
  • To improve our models — Art. 6(1)(f) legitimate interest. We may use aggregated, de-identified uploads to retrain our scoring model. You can opt out at any time in your account settings or by emailing privacy@space-copilot.com.
  • To send transactional emails — Art. 6(1)(b). Marketing emails are sent only with explicit opt-in (Art. 6(1)(a)).
  • To comply with law — Art. 6(1)(c). Including tax, accounting, and lawful requests from authorities.

4. Automated decision-making (GDPR Art. 22)

The health score itself is an automated assessment produced by computer-vision and language models. It has no legal effect on you and is not used to take legal or similarly significant decisions about you. It’s a decision-support tool. If you’d like a human to review your report, email support@space-copilot.com and we’ll have a team member look at it.

5. Who we share it with

  • Sub-processors — cloud infrastructure (AWS / Cloudflare), payment processing (Stripe), authentication providers (Google, Apple), transactional email (Postmark), and large-language-model providers for report generation (OpenAI, Anthropic). All sub-processors are bound by Data Processing Agreements.
  • Cross-border transfers — some sub-processors are located in the United States. Where required, transfers from the EEA / UK are protected by Standard Contractual Clauses (SCCs).
  • We do not sell your personal data to advertisers or data brokers (CCPA § 1798.120).

6. How long we keep it

  • Account data: while your account is active, plus 90 days after deletion.
  • Uploaded floor plans and photos: 12 months by default, sooner on request.
  • Billing records: 7 years (tax / accounting requirement).
  • Server logs: 30 days.

7. Your rights

If you’re in the EEA, UK, or California you have the right to:

  • Know what personal data we hold about you (access).
  • Get a copy in a portable format.
  • Correct it if it’s wrong.
  • Delete it (subject to legal retention requirements).
  • Object to processing for legitimate-interest purposes.
  • Withdraw consent at any time.
  • Lodge a complaint with your local data protection authority.

To exercise any of these, email privacy@space-copilot.com. We respond within 30 days.

8. Security

We use TLS 1.2+ for all traffic, encrypt uploads at rest, and restrict access to production data to a small, audited group of employees. No system is perfect — if we suffer a breach, we’ll notify affected users within 72 hours where required by law.

9. Children

Space Copilot is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, email privacy@space-copilot.com and we’ll delete it.

10. Cookies

See our separate Cookie Policy for what cookies we set and why.

11. Changes

We may update this policy. Material changes will be announced by email or by a banner on the site at least 14 days before they take effect. The “Last updated” date at the top always reflects the latest version.

12. Contact

Privacy questions: privacy@space-copilot.com
Everything else: support@space-copilot.com