Privacy Policy

hejmae is operated by Emilia Studio LLC, a California limited liability company. Contact: privacy@hejmae.com. When this policy says “we” or “us,” it means Emilia Studio LLC, operating hejmae.

1. Account information

When you create a hejmae account (via hejmae.com/sign-up), we collect your email address, name, and the studio name you provide. Authentication is handled by Clerk; sign-in events and email verification records are stored by Clerk on our behalf. If you enable multi-factor authentication, Clerk also stores the factor you chose (authenticator app, SMS, or backup codes); SMS factors require a mobile number, which Clerk uses solely to send verification codes.

2. Studio data you enter

hejmae stores whatever you put into it. That includes:

• Clients — name, email, phone, address, notes. Entered by you about the people you do work for.
• Projects — names, locations, budgets, notes, status. Linked optionally to a client.
• Vendors — trade-account details, contact information, payment terms, shipping notes. For 1099-eligible vendors, also legal name, address, and tax ID (encrypted at rest; only the last four digits are shown to you after save).
• Items, clippings, and catalog products — product names, brands, prices, descriptions, source URLs, and product images.
• Floor plans you upload — images of physical floor plans.
• Purchase orders, proposals, and invoices — line items, prices, and totals built from your catalog data.
• Time entries — durations, optional notes, billable status, hourly rates.
• Financial records — expenses, mileage logs, ledger entries, estimated taxes, period locks, journal entries, sales-tax reports, and bank-statement CSVs you upload for matching.
• Inspiration-deck uploads — images you (or your client) drop into a project to seed sourcing, including ZIP archives that we unpack to extract their images. Original ZIPs are discarded after unpack; only the extracted images persist.
• Receipts you forward or upload — image and PDF attachments are OCR’d into structured expense entries (see AI sub-processors below).
• hejgent settings — your studio mobile number (for SMS/WhatsApp conversations with hejgent), quiet-hours, per-operation confirmation thresholds, and the categories of email you allow hejgent to act on.

3. Clippings from the hejmae Clipper extension

The hejmae Clipper Chrome extension uploads the URL, page title, and rendered HTML (capped at 1.5 MB) of a product page when you click Save. We use that HTML to extract the product’s name, brand, price, and image. The raw HTML is not retained after extraction; only the extracted product fields are stored. The clipper has its own short-form privacy policy at /legal/clipper-privacy.

4. Payment information

hejmae supports two payment processors for your client invoices — Stripe Connect and Helcim. Each studio chooses which (or both) to enable. In both cases the payment flows directly to your own merchant account, not through hejmae. We see only the metadata the processor shares with the connected application: payment status, amount, currency, and the linked invoice. We never see card numbers, bank credentials, or full customer payment details. The processor takes its own fee; hejmae does not take a platform fee on processed volume (currently 0%).

hejmae’s own subscription billing — what you pay for hejmae itself — runs through Stripe Billing. Stripe stores your billing details and shares only subscription status, plan, and seat count back to hejmae.

5. Connected accounts you authorize

If you choose to connect external services, hejmae stores the encrypted access tokens needed to talk to them on your behalf:

• Google / Gmail — if you turn on hejgent’s email assistant, hejmae stores per-user OAuth tokens (encrypted at rest with AES-256-GCM) for the gmail.readonly, gmail.modify, and gmail.send scopes so the assistant can read incoming threads, archive or label them, and send replies you have approved. You can revoke at any time from Settings → hejgent; revoking deletes the stored tokens.
• QuickBooks Online — if you connect QuickBooks, hejmae stores encrypted OAuth tokens for the accounting scope so the bookkeeping module can push journal entries and pull chart-of-accounts and trial-balance data. Disconnecting from Settings → Bookkeeping revokes and deletes the tokens.

6. Usage and operational data

Like any web application, our hosting provider records standard HTTP request metadata (timestamp, URL path, response status, IP address) for operational and security purposes. We do not use tracking pixels, advertising cookies, or third-party analytics libraries that profile users across sites.

We use the data you and your collaborators enter to:

• Render the dashboards you signed in to use.
• Extract structured product information from clippings, OCR receipts you upload, and generate inspiration briefs from images you provide (see AI sub-processors below).
• Generate proposals, purchase orders, and invoices as PDFs and send them to clients or vendors via email when you ask us to.
• Process client payments through your connected Stripe or Helcim account, and bill your hejmae subscription through Stripe Billing.
• Power optional hejgent features — classify incoming Gmail threads, draft replies for your approval, run morning briefings, and converse with you over SMS, WhatsApp, or the in-app chat (see the “hejgent” section below).
• Operate, secure, and improve the service — debug errors, monitor for abuse, fix bugs.
• Communicate with you about your account when necessary.

We do not sell user data. We do not use your data to train AI models, and our AI sub-processors are bound by their commercial terms not to train on it either (see below).

A sub-processor is a third-party service that handles data on our behalf. Each one below is bound by contract to use the data only to deliver its service to hejmae.

hejgent is an opt-in feature. Until a studio owner explicitly enables it from Settings → hejgent, none of the data flows in this section happen.

Gmail integration

When you connect a Gmail account, hejmae stores encrypted OAuth tokens for that account and registers a Gmail watch against a Google Cloud Pub/Sub topic owned by hejmae. New incoming mail triggers a webhook to hejmae; the webhook is verified against Google’s OIDC signing keys before any message body is fetched. hejmae then reads only the threads the watch describes (subject, body, headers, attachments) and classifies them with Claude. Threads that touch the categories you have allowed may be archived, labelled, or drafted into a reply for your approval; all other threads are left untouched.

SMS, WhatsApp, and in-app chat

If you opt into the conversational assistant, hejmae sends and receives SMS/WhatsApp messages through Twilio at the mobile number you provide. Inbound messages are signature-verified, classified by Claude Haiku, and routed to a tool-using Claude Sonnet assistant. The in-app chat panel (Cmd+J) uses the same Claude Sonnet assistant against your in-app data only — it can read your studio data and save clippings, but it cannot send email, charge a client, or modify accounting records without your explicit approval.

Sourcing & inspiration

Inspiration images and the briefs hejgent derives from them are stored in your studio. When the in-app catalog can’t satisfy a brief, hejgent runs a web search through Tavily and evaluates results with Claude Haiku to recommend products. Queries sent to Tavily are derived from the brief and exclude client names or studio identifiers.

Cost monitoring & tripwires

hejmae tracks per-studio AI and SMS spend month-to-date for cost control. If a studio crosses configured thresholds, automated features may pause until the next billing cycle. We retain aggregate counters; we do not retain the contents of individual messages beyond what is described above.

How to turn it off

You can disable hejgent at any time from Settings → hejgent. Disconnecting Gmail revokes the OAuth tokens with Google and deletes them from our database. Disabling SMS clears the registered mobile number from the assistant’s configuration (Clerk-side MFA numbers, if any, are managed separately under Account).

If you invite collaborators to your studio, they can see the data inside the studio according to the role you grant them (owner, admin, or member). Roles and per-permission flags are configurable under Settings → Team. When you remove a teammate, their access ends immediately, but their prior activity (time entries, clippings they created) remains attributed to them in the studio history so reports stay accurate.

The hejmae catalog is the one piece of data shared across studios: when any designer clips a product, the product itself (name, brand, price, image, source URL) is added to a platform-wide catalog so the next designer to clip the same product doesn’t pay the AI extraction cost again. The catalog is anonymized — it does not reveal which studio first clipped a product or who else has used it.

hejmae’s primary data is stored in Supabase’s US-region infrastructure. Vercel serves the application from edge locations worldwide. Email delivery (Resend), authentication (Clerk), and SMS/WhatsApp delivery (Twilio) run in the US. AI sub-processors (Anthropic, OpenAI, Tavily) process requests in the US. Google, Intuit, Stripe, and Helcim handle data in the regions described in their own policies. If you are outside the US, your data will be transferred to and processed in the US.

We retain studio data for as long as your account is open. You can delete any record from inside the application:

• Clippings, items, projects, clients, vendors, time entries, expenses, invoices, and POs each have a delete action in the dashboard. Most deletions are soft (recoverable within a short window); some, like clippings, are hard-deleted after a brief grace period.
• Floor plan and product image files are removed from storage when their parent record is hard-deleted.
• To delete your entire account and all studio data, email privacy@hejmae.com. We will confirm and complete account deletion within 30 days. Backups containing your data roll off our retention window (currently 30 days) after that.

We may retain a minimal record of the deletion request itself (timestamp, account identifier) for legal and audit purposes.

All traffic to hejmae.com runs over TLS. Application secrets and API keys are stored in Vercel’s encrypted environment variable store, not in source control. Tax IDs entered for 1099 vendors are encrypted at rest before they hit the database; only the last four digits are displayed back to you.

No system is perfectly secure. If you believe you have found a vulnerability, please email privacy@hejmae.com with the details. We will respond within five business days.

You can view, export, and delete data inside the application at any time. If you are in a jurisdiction that grants formal data subject rights (GDPR, UK GDPR, CCPA, etc.), you can additionally request:

• A copy of the personal data we hold about you.
• Correction of any inaccurate personal data.
• Deletion of your account and all associated data.
• A complaint to your local supervisory authority. We will cooperate with any lawful inquiry.

Send any of these requests to privacy@hejmae.com. We may need to verify your identity before acting.

hejmae uses a small number of strictly-necessary cookies to keep you signed in (managed by Clerk) and to remember your in-app preferences. We do not set advertising cookies or share cookies with third-party advertising networks.

hejmae is built for professional interior designers and is not directed at children under 13. We do not knowingly collect information from children.

If this policy changes materially, we will update the Effective date at the top of the page and notify studio owners by email. The current version is always available at this URL.

Questions, deletion requests, or security disclosures: privacy@hejmae.com.