Who We Are
Timeless Concept Group Limited is a company registered in the United Kingdom, headquartered at Flat 11, 5 Zeus Road, SOUTHEND-ON-SEA, SS2 4GS, United Kingdom, providing professional 3D interior design and architecture software to users worldwide.
This Privacy & Policies document describes how we collect, use, store and protect the personal data of our users, in compliance with the GDPR (EU General Data Protection Regulation – 2016/679), the UK GDPR, the Data Protection Act 2018 and other applicable regulations.
By using our platform or website, you agree to the practices described in this policy. We recommend reading it in full before providing us with any personal data.
Personal Data We Collect
We collect personal data necessary to deliver our 3D design services with quality, security and personalisation:
Content published in our community (projects, renders, comments) is visible to other platform users. Please ensure your publicly shared projects do not contain sensitive personal data.
- Account data — Username, email address, profile photo and login credentials.
- Profile data — Country, language, profession (designer, architect, homeowner) and design style preferences.
- Platform usage data — Projects created, 3D models used, renders generated, session duration and activity history.
- Payment data — Subscription and billing information processed by PCI-DSS certified partners. We do not store raw card data.
- Technical data — IP address, browser type, operating system, screen resolution and performance diagnostics.
- Communication data — Support messages, feedback, community comments and design challenge submissions.
- User-generated content — Design projects, render images, community posts and shared 3D models.
How We Use Your Data
We use your data exclusively for legitimate, specific and informed purposes, with the appropriate legal basis under the GDPR:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Creating and managing your account | Account, Profile | Contract Performance |
| Providing 3D interior design services | Usage, Account, Technical | Contract Performance |
| Processing subscriptions and payments | Account, Payment | Contract Performance |
| Cloud rendering of design projects | Usage, Projects | Contract Performance |
| Improving the platform and user experience | Technical, Usage | Legitimate Interest |
| Sending newsletters and product updates | Account, Profile | Consent |
| Displaying personalised advertising | Usage, Technical | Consent |
| Fraud prevention and platform security | Technical, Account | Legitimate Interest |
| Complying with legal obligations | Account, Payment | Legal Obligation |
Data Sharing & Disclosure
Timeless Concept Group Limited does not sell, rent or trade your personal data. We share information only where strictly necessary and with appropriate contractual safeguards in place:
- Payment processors — Stripe, PayPal and other PCI-DSS certified operators for secure subscription and billing processing.
- Cloud computing providers — AWS, Google Cloud and infrastructure partners for 3D rendering and secure project storage.
- Analytics partners — Google Analytics, Hotjar and similar tools for performance and usage analysis, under appropriate Data Processing Agreements.
- 3D model and furniture brand suppliers — Partner brands whose models are available in our library, for licensing and attribution purposes.
- Legal and regulatory authorities — When required by law, court order or instruction from a competent authority in the UK or EU.
- International data transfers — Where transfers outside the EEA/UK are necessary, we apply appropriate safeguards as required by the GDPR, including Standard Contractual Clauses (SCCs).
Cookies & Tracking Technologies
Our website and platform use cookies and similar technologies to improve your experience, analyse traffic and personalise content and advertising.
| Type | Purpose | Duration |
|---|---|---|
| Essential | Login, session management, security and core platform functionality. Required for the platform to work. | Session |
| Analytics | Traffic analysis, most-used features and platform performance measurement (e.g. Google Analytics). | Up to 2 years |
| Functional | Remembering language preferences, design style settings and user configurations. | Up to 1 year |
| Marketing | Personalised advertising and remarketing campaigns. Activated only with your explicit prior consent. | Up to 90 days |
You can manage your cookie preferences at any time via the consent panel displayed on our platform or through your browser settings. Disabling essential cookies may prevent access to your account and saved projects.
Data Retention
We retain your personal data only for as long as necessary to provide our services and meet our legal obligations:
- Active account data: for the full duration of the account, and for 3 years following account closure.
- Design projects and renders: for the duration of the account, and up to 12 months after cancellation, unless earlier deletion is requested.
- Payment and billing records: 7 years in accordance with UK fiscal and companies legislation (Companies Act 2006, HMRC requirements).
- Access logs and technical data: 90 days for security monitoring and 12 months for platform performance analysis.
- Community-published content: until removal is requested by the user or the account is permanently deleted.
- Marketing data and newsletter consent: 3 years from the last interaction, or until consent is withdrawn.
Your Rights (GDPR / UK GDPR)
Under the GDPR and UK GDPR, you hold the following rights with respect to your personal data, which may be exercised at any time:
- Right of Access — Request a copy of all personal data we hold about you.
- Right of Rectification — Request correction of any inaccurate or incomplete data in our records.
- Right to Erasure — Request deletion of your data ("right to be forgotten"), subject to applicable legal retention obligations.
- Right to Restriction of Processing — Request suspension of processing in certain circumstances defined by the GDPR.
- Right to Data Portability — Receive your data in a structured, commonly used, machine-readable format for transfer to another provider.
- Right to Object — Object to processing based on legitimate interests, or to direct marketing at any time.
- Right to Withdraw Consent — Withdraw any consent previously granted, without affecting the lawfulness of prior processing.
- Rights regarding automated decision-making — Request human review of any decision based solely on automated processing that significantly affects you.
To exercise any of these rights, send your request to [email protected]. We will respond within 30 days as required by the GDPR. Identity verification may be required before we process your request.
Security Measures
We implement robust technical and organisational measures to safeguard your personal data against unauthorised access, loss, alteration or improper disclosure:
- TLS 1.3 / SSL encryption for all data transmission between users and our platform.
- Secure password hashing using bcrypt — passwords are never stored in plain text.
- Role-based access control (RBAC) ensuring only authorised personnel can access user data.
- Multi-factor authentication (MFA) available and strongly recommended for all accounts.
- Regular independent security audits and penetration testing by accredited third parties.
- Incident response plan with mandatory notification to the ICO (Information Commissioner's Office) within 72 hours of any breach posing risk to users, as required by UK GDPR Article 33.
- Encrypted backups with redundant storage to protect project data and account information.
External Links
Our platform may contain links to external websites, 3D model marketplaces, social media platforms and integration partners. By accessing these links, you will be subject to the privacy policies of those third-party platforms.
Timeless Concept Group Limited is not responsible for the privacy practices or content of external websites. This Privacy & Policies document applies exclusively to data collected through our own platform, website and direct communication channels.
Minors
Our services are directed at users aged 16 and over. We do not knowingly collect personal data from individuals under the age of 16 without verifiable parental or guardian consent.
If you believe a minor has provided their data through our platform without appropriate consent, please contact us immediately at [email protected]. We will take prompt action to delete the data in question.
Changes to This Policy
We may update this Privacy & Policies document periodically to reflect changes in our services, legal obligations or business practices. When material changes are made:
- The "Last Updated" date at the top of this page will be revised accordingly.
- Registered users will be notified by email at least 14 days before changes take effect.
- A prominent notice will be displayed on the platform and website for a minimum of 30 days.
- Previous versions of this policy are available upon written request to our privacy team.
Continued use of our services after the effective date of any changes constitutes your acceptance of the updated policy.
Contact & Data Protection Officer (DPO)
For any questions, rights requests or complaints regarding how Timeless Concept Group Limited processes your personal data, please contact our Data Protection Officer through any of the channels below:
Privacy / DPO Email
[email protected]Security Team
[email protected]Organisation Address
Flat 11, 5 Zeus RoadSOUTHEND-ON-SEA
SS2 4GS
United Kingdom
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have not been respected. We encourage you to contact us first so we can address your concerns directly.