Privacy Policy

How we collect, use, and protect your information.

Last updated: May 25, 2026

This Privacy Policy explains how Masas Technologies, LLC ("Casora", "we", "us", or "our") collects, uses, and shares information when you use the Casora mobile application, our website, and any related services (together, the "Service").

By using the Service, you agree to the practices described here. If you do not agree, please stop using the Service.

1. Who we are

Masas Technologies, LLC operates Casora, an AI-powered interior design product.

For privacy questions, including requests to access or delete your data, write to privacy@casora.app.

2. Information we collect

2.1 Account information

When you create an account we collect basic identifying information:

  • A verified user identifier from your authentication provider when you sign in with Apple or Google, plus the optional name and email address those providers share with us.
  • Your email address and name, plus a securely hashed password, if you sign up with email and password.

2.2 Content you create

When you generate a design, you provide photos of a space, a text prompt, and any optional inputs such as references, masks, or selections. We store your inputs along with the generated output and basic metadata about the design (such as style and timestamps) so you can view and re-open your designs.

2.3 Subscription information

If you subscribe, the mobile platform (Apple App Store or Google Play) processes the payment. We do not receive your full payment-card details. We receive a record of your subscription status and identifiers needed to keep your account in sync with your purchases.

2.4 Technical, usage, and advertising information

When you use the Service we automatically receive limited technical information typical of any internet service, such as request metadata, device type, and information needed to operate, secure, and debug the Service. The app may store authentication data and a small operational cache locally on your device.

If you allow tracking on iOS or where otherwise permitted by law, we and our advertising partners may receive device identifiers and app event information used to measure ad performance, attribute installs and subscriptions, prevent fraud, and show more relevant ads.

2.5 Communications

If you contact us, we keep your message and our response so we can help you and improve our support.

2.6 Information we do not collect

We do not collect biometric data, contacts, calendar, location, or microphone data. The app requests access to your camera and photo library only when you choose a photo to use in a design.

3. How we use information

We use information to:

  1. Operate the Service — authenticate you, deliver features, generate and store your designs, prevent abuse.
  2. Improve and develop the Service — diagnose issues, understand aggregate usage, and design new features.
  3. Communicate with you — send transactional messages such as receipts, security notifications, and important product updates.
  4. Protect the Service — detect, prevent, and address fraud, abuse, security incidents, and Terms or Acceptable Use violations.
  5. Measure advertising — understand whether our ads lead to app installs, trials, subscriptions, or other activity.
  6. Comply with law — meet our legal obligations, respond to lawful requests, and enforce our agreements.

We process personal data on the legal bases of (a) performance of a contract with you, (b) our legitimate interests in operating and securing the Service, (c) your consent where required, and (d) compliance with legal obligations.

4. AI processing

Generating a design requires sending your inputs to a generative AI model operated by a third party. The first time you generate a design, the app shows you an in-app consent screen describing this processing, and you must explicitly agree before any inputs are sent. You can review or revoke this consent at any time from Settings → Privacy → AI processing in the mobile app.

4.1 Who receives your inputs

We use OpenAI, L.L.C.'s API (the "OpenAI API") to perform the model inference that generates your design. OpenAI processes your inputs on its servers and returns the generated image to Casora. OpenAI's processing of API inputs is governed by the OpenAI Services Agreement, Service Terms, and platform data controls.

4.2 What we send

When you start a generation, we send the following to the OpenAI API:

  • The room or space photo you select.
  • Any reference photo you upload (for example, an inspiration image).
  • The text prompt or description you write.
  • Any structured selections you make in the app, such as room type, design mode, color palette, paint color, flooring material, garden style, or selected style preset.
  • For brushed-mask features, the mask you draw on the photo and any associated description.

We do not send your account email, name, sign-in identifiers, payment information, device identifiers, contacts, location, or any other data not described above.

4.3 How your inputs are used

Your inputs are used solely to generate the design you requested. Specifically:

  • We do not authorize OpenAI or any other AI provider to use your inputs to train, fine-tune, or improve their public or general-purpose models.
  • We do not use your photos or prompts to train AI models for the purpose of generating content for other users.
  • OpenAI may retain inputs for a limited period for abuse monitoring, safety enforcement, and service operation as described in its terms.

4.4 Your choices

If you do not consent to the AI processing described above, you cannot generate new designs in the app. You can still sign in, view and delete existing designs, and use account-management features. Revoking consent does not delete designs that have already been generated; you can delete those individually from the app.

5. How we share information

We share personal information only as described below.

5.1 Service providers

We rely on a limited set of trusted vendors to operate the Service, including:

  • Authentication providers when you sign in with Apple or Google.
  • Payment and subscription processors (Apple App Store, Google Play, and RevenueCat) to handle in-app purchases and keep your subscription state in sync.
  • AI service providers, currently OpenAI, L.L.C. via the OpenAI API, to perform the model inference that generates designs (see Section 4 for full details).
  • Advertising and measurement providers, such as Meta, to measure installs, app activity, campaign performance, and subscription attribution, subject to your device privacy choices and applicable law.
  • Hosting and storage providers to run our backend and store your content securely.
  • Communications providers for transactional email and customer support.

Each provider receives only the information needed to perform its role and is contractually required to handle personal information consistently with this policy and applicable law, including providing protection at least equal to what is described here. If we change AI service providers in the future, we will update this policy and prompt you for fresh consent in the app before any of your inputs are sent to a different provider.

5.2 Legal and safety

We may disclose information if we believe in good faith that disclosure is necessary to comply with the law, enforce our Terms of Service or Acceptable Use Policy, or protect the rights, property, or safety of Casora, our users, or the public.

5.3 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction.

5.4 With your consent

We may share information for any other purpose with your consent.

5.5 Sale and sharing for advertising

We do not sell your personal information for money. We may share limited advertising identifiers and app event information with advertising platforms for measurement, attribution, fraud prevention, and ad relevance where permitted by law and your device settings. You can limit this by denying App Tracking Transparency permission on iOS, changing your device privacy settings, or contacting us at privacy@casora.app.

6. Data retention

We keep personal information only as long as we need it for the purposes described in this policy.

  • Designs and the photos used to create them are retained while your account is active. You can permanently delete a design at any time from the app.
  • Account information is retained while your account is active. You can request account deletion at any time (see Section 7).
  • Subscription records are retained for the period required to operate the subscription and to comply with tax and accounting laws.
  • Operational and security logs are retained for a limited period sufficient for diagnostics and security.
  • Backups may include personal information for a short additional period until the backup is rotated out.

After the applicable retention period, we delete or de-identify the information.

7. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, port, or object to processing of your personal information, or to withdraw consent where processing is based on consent.

7.1 How to exercise your rights

Email privacy@casora.app from the address associated with your account, or with information that lets us identify your account. We may need to verify your identity before completing a request, and will respond within the time required by applicable law.

7.2 Account deletion

To delete your account and the data tied to it, write to privacy@casora.app with the subject line "Delete my account". Deleting your account does not cancel a paid subscription on the App Store or Google Play; you must cancel that separately.

7.3 California residents

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you the rights listed above and the right not to be discriminated against for exercising them. Contact us at privacy@casora.app to exercise these rights.

7.4 EEA, UK, and Switzerland

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the GDPR or UK GDPR as listed above. You may also lodge a complaint with your local supervisory authority. Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

8. Security

We use reasonable administrative, technical, and physical safeguards to protect personal information, including encryption in transit, encryption at rest where supported by our providers, and access controls based on the principle of least privilege.

No method of transmission or storage is perfectly secure. We work hard to protect your information, but cannot guarantee absolute security.

9. International transfers

Casora is operated from the United States. If you use the Service from outside the United States, your information will be transferred to and processed in the United States and any country where our service providers operate.

10. Children

The Service is not directed to children under 13 (or under 16 in the European Economic Area and the United Kingdom). We do not knowingly collect personal information from children under those ages. If you believe a child has provided us with personal information, please contact privacy@casora.app and we will delete it.

11. Third-party links

The Service may contain links to third-party websites or services. We are not responsible for their privacy practices. Please review the privacy policies of any third party you interact with.

12. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If the change is material, we will provide a more prominent notice. Your continued use of the Service after the update means you accept the updated policy.

13. Contact

Masas Technologies, LLC
Email: privacy@casora.app
Website: masastechnologies.com