Who We Are
Timeless Concept Group Limited is a company registered in the United Kingdom, headquartered at Flat 11, 5 Zeus Road, SOUTHEND-ON-SEA, SS2 4GS, United Kingdom, providing 3D interior design and architecture software to users worldwide.
This Privacy Policy describes how we collect, use, store and protect the personal data of our users, in compliance with the GDPR (EU General Data Protection Regulation – 2016/679), the UK GDPR, the Data Protection Act 2018, and other applicable regulations.
By using our platform or website, you agree to the practices described in this policy. We recommend reading it in full before providing us with any personal data.
Personal Data We Collect
We collect personal data necessary to deliver our 3D design services with quality and security:
- Account data — Username, email address, profile photo and login credentials.
- Profile data — Country, language, profession (designer, architect, individual) and design preferences.
- Platform usage data — Projects created, 3D models used, renders generated, usage time and activity history.
- Payment data — Subscription and billing information processed by PCI-DSS certified partners (we do not store raw card data).
- Technical data — IP address, browser type, operating system, screen resolution and performance data.
- Communication data — Support messages, feedback, community comments and challenge participation.
- User-generated content — Design projects, render images, community posts and shared models.
How We Use Your Data
We use your data exclusively for legitimate, specific and informed purposes, with the legal basis provided under the GDPR:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Creating and managing your account | Account, Profile | Contract Performance |
| Providing 3D design services | Usage, Account, Technical | Contract Performance |
| Processing subscriptions and payments | Account, Payment | Contract Performance |
| Cloud rendering | Usage, Projects | Contract Performance |
| Improving the platform and user experience | Technical, Usage | Legitimate Interest |
| Sending newsletters and updates | Account, Profile | Consent |
| Displaying personalised advertising | Usage, Technical | Consent |
| Complying with legal obligations | Account, Payment | Legal Obligation |
Data Sharing & Disclosure
Timeless Concept Group Limited does not sell your personal data. We share information only where necessary and with appropriate contractual safeguards:
Content published in our community (projects, renders, comments) is visible to other platform users. Please ensure you do not include sensitive personal data in publicly shared projects.
- Payment processors — Stripe, PayPal and other PCI-DSS certified operators for secure subscription processing.
- Cloud computing services — AWS, Google Cloud and infrastructure partners for 3D rendering and project storage.
- Analytics partners — Google Analytics, Hotjar and similar tools for performance analysis, under appropriate confidentiality agreements.
- 3D model suppliers — Partner furniture brands and manufacturers whose models are available in our library.
- Legal authorities — When required by law, court order or instruction from a competent authority in the UK or EU.
- International transfers — Where necessary, data transfers outside the EEA/UK are carried out with the safeguards required by the GDPR (Standard Contractual Clauses).
Cookies & Tracking Technologies
Our website and platform use cookies and similar technologies to improve your experience, analyse traffic and personalise content and advertising.
| Type | Purpose | Duration |
|---|---|---|
| Essential | Login, session, security and basic platform functionality. | Session |
| Analytics | Traffic analysis, most-used features and platform performance. | Up to 2 years |
| Functional | Remembering language, design style preferences and user settings. | Up to 1 year |
| Marketing | Personalised advertising and remarketing. Activated only with explicit consent. | Up to 90 days |
You can manage your cookie preferences in the consent panel displayed on the platform or in your browser settings. Disabling essential cookies may prevent access to your account and projects.
Data Retention
We retain your data for as long as necessary to provide our services and comply with legal obligations:
- Active account data: for the duration of the account and for 3 years after closure.
- Projects and renders created: for the duration of the account and up to 12 months after cancellation, unless deletion is requested.
- Payment and billing records: 7 years in accordance with UK fiscal legislation (Companies Act 2006).
- Access logs and technical data: 90 days for security and 12 months for performance analysis.
- Community-published content: until removal is requested by the user or the account is deleted.
- Marketing and newsletter data: 3 years after last contact or until consent is withdrawn.
Your Rights (GDPR / UK GDPR)
Under the GDPR and UK GDPR, you have the following rights regarding your personal data:
- Right of Access — Request a copy of all personal data we hold about you.
- Right of Rectification — Request correction of inaccurate or incomplete data.
- Right to Erasure — Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
- Right to Restriction of Processing — Request suspension of processing in certain circumstances.
- Right to Data Portability — Receive your data in a structured, machine-readable format for transfer.
- Right to Object — Object to processing based on legitimate interests or for direct marketing purposes.
- Right to Withdraw Consent — Withdraw any previously given consent without affecting prior lawful processing.
- Right not to be subject to automated decisions — Request human intervention in decisions based solely on automated processing.
To exercise any of these rights, send your request to [email protected]. We will respond within 30 days as required by the GDPR. We may request identity verification before processing your request.
Security Measures
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or improper disclosure:
- TLS/SSL encryption for all communications between the user and the platform.
- Secure password hashing (bcrypt) — we never store passwords in plain text.
- Role-based access control (RBAC) for internal systems holding user data.
- Multi-factor authentication (MFA) available and recommended for all accounts.
- Regular security audits and penetration testing by independent third parties.
- Incident response plan with mandatory breach notification to the ICO (Information Commissioner's Office) within 72 hours where the breach poses a risk to users.
External Links
Our platform may contain links to external websites, 3D model marketplaces, social networks and integration partners. By accessing these links, you will be subject to the privacy policies of those platforms.
Timeless Concept Group Limited is not responsible for the privacy practices of external websites and services. This Policy applies exclusively to information collected through our own platform and communication channels.
Minors
Our services are directed at users aged 16 and over. We do not knowingly collect personal data from individuals under the age of 16 without verifiable parental consent.
If you believe a minor has provided their data without proper consent, please contact us immediately at [email protected] and we will take immediate action to delete that data.
Changes to This Policy
We may update this Privacy Policy periodically to reflect changes to our services or legal obligations. When material changes are made:
- The "Updated" date at the top of this page will be revised.
- Registered users will be notified by email at least 14 days before changes take effect.
- A prominent notice will be displayed on the platform for a minimum of 30 days.
- Previous versions of this policy are available upon request.
Continued use of our services after the effective date constitutes acceptance of the updated policy.
Data Protection Officer (DPO) & Contact
For any questions, requests or complaints regarding the processing of your personal data by Timeless Concept Group Limited, please contact our Data Protection Officer:
DPO Email
[email protected]Organisation Address
Flat 11, 5 Zeus RoadSOUTHEND-ON-SEA
SS2 4GS
United Kingdom
Compliance
GDPR (EU 2016/679)UK GDPR · DPA 2018
Supervisory Authority
ICO – InformationCommissioner's Office (UK)
You may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you consider that your rights have not been respected.