Privacy Policy

1. Introduction

Welcome to TryOn AI ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

By using TryOn AI, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

• Photos: Face and full-body photographs you upload to create your virtual model
• Clothing Images: Photos of clothing items you upload or select from connected services
• Account Information: Email address and password (if you choose to create an account)
• Preferences: App settings, theme preferences, and notification settings

2.2 Information Automatically Collected

• Device Information: Device type, operating system, unique device identifiers, mobile network information
• Usage Data: App features accessed, time spent in the app, interaction patterns, session duration
• Log Data: IP address, browser type, access times, pages viewed, crash reports
• Performance Data: Processing times, error rates, app performance metrics

2.3 Information from Third-Party Services

When you connect third-party services (such as Pinterest) to TryOn AI, we may collect:

• Pinterest Data: Access to your saved boards, pins, and associated images (read-only access only)
• OAuth Tokens: Authentication tokens to maintain your connection to third-party services
• Profile Information: Basic profile information from connected services (if applicable)

Please note: We only access data that you explicitly authorize. We never post to your Pinterest account or access private information beyond what you permit.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Core Service Functionality

• Process your photos to create virtual try-on images
• Apply AI-powered clothing visualization to your photos
• Store your session data to enable continued use during your session
• Retrieve clothing items from your connected Pinterest boards
• Organize and categorize your virtual closet

3.2 Service Improvement

• Analyze usage patterns to improve app performance
• Develop new features based on user needs
• Train and improve our AI models for better results
• Optimize image processing algorithms
• Fix bugs and technical issues

3.3 Communication

• Send service-related notifications (if enabled)
• Respond to your support requests and inquiries
• Provide updates about new features or changes to the Service
• Send administrative information about your account

3.4 Security and Compliance

• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and enforce our Terms of Service
• Protect the rights, property, and safety of TryOn AI, our users, and the public

4. How We Store and Protect Your Information

4.1 Data Storage

• Images: Stored securely on Cloudinary's cloud infrastructure with encryption at rest
• Session Data: Stored in MongoDB Atlas with industry-standard security measures
• OAuth Tokens: Encrypted before storage using AES-256 encryption
• Location: Data is primarily stored in secure data centers in the United States

4.2 Data Retention

• Session-Based Users: Your photos and data are automatically deleted 48 hours after your last activity (unless you create an account)
• Account Users: Data is retained until you delete your account or request data deletion
• Generated Images: Try-on results are kept for 30 days unless saved to your account
• Usage Analytics: Aggregated, anonymized data may be retained indefinitely for statistical purposes

4.3 Security Measures

We implement industry-standard security measures to protect your information:

• HTTPS/TLS encryption for all data transmission
• Encrypted storage for sensitive data
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements
• Secure API authentication using session tokens
• Rate limiting to prevent abuse
• Regular backups with encryption

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

5. How We Share Your Information

We do NOT sell your personal information or photos to third parties.

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Service:

• Cloudinary: Image hosting and processing (SOC 2 Type II certified)
• MongoDB Atlas: Database hosting and management (GDPR compliant)
• Google (Gemini AI): AI-powered image generation for try-on functionality
• Analytics Providers: App performance monitoring and crash reporting

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, etc.)
• Governmental or regulatory requests
• Protection of our legal rights and property
• Investigation of potential violations of our Terms of Service
• Protection of personal safety or prevention of illegal activity

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice in the app of any such change in ownership.

5.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing (e.g., when you choose to share your try-on results on social media).

6. Your Privacy Rights and Choices

6.1 Access and Portability

You have the right to:

• Access the personal information we hold about you
• Request a copy of your data in a portable format
• View your uploaded photos and generated try-on results

6.2 Correction and Deletion

You can:

• Update your account information at any time in the app settings
• Delete individual photos or try-on results
• Request complete deletion of your account and all associated data
• Clear your session data at any time through the app

6.3 Disconnect Third-Party Services

You can disconnect Pinterest or other third-party services at any time through the app settings. This will:

• Revoke our access to your third-party account
• Delete stored OAuth tokens
• Remove imported clothing items from your closet (optional)

6.4 Opt-Out Rights

• Marketing Communications: Opt out of promotional emails through unsubscribe links or app settings
• Push Notifications: Disable through your device settings or app preferences
• Analytics: Limit data collection through app settings (may affect functionality)

6.5 Do Not Sell My Personal Information (CCPA)

We do not sell personal information. If our practices change, we will update this policy and provide you with opt-out rights as required by law.

6.6 How to Exercise Your Rights

To exercise any of these rights, you can:

• Use the in-app settings and privacy controls
• Contact us at privacy@tryonai.app
• Submit a request through our support portal

We will respond to your request within 30 days.

7. Children's Privacy (COPPA Compliance)

TryOn AI is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@tryonai.app. We will take steps to delete such information from our systems.

Users aged 13-17 should have parental or guardian consent before using our Service.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

We ensure appropriate safeguards are in place for international transfers, including:

• Standard contractual clauses approved by the European Commission
• Privacy Shield certification (where applicable)
• Adequacy decisions by relevant authorities

By using our Service, you consent to the transfer of your information to the United States and other countries where we operate.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

9.1 Right to Know

• Categories of personal information collected
• Categories of sources from which information is collected
• Business or commercial purpose for collecting information
• Categories of third parties with whom we share information
• Specific pieces of personal information we hold about you

9.2 Right to Delete

You can request deletion of your personal information, subject to certain exceptions.

9.3 Right to Opt-Out

You have the right to opt out of the "sale" of personal information. We do not sell personal information.

9.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

9.5 Authorized Agent

You may designate an authorized agent to make requests on your behalf. The agent must provide written authorization.

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

10.1 Legal Basis for Processing

We process your personal data based on:

• Consent: When you provide explicit consent for specific processing activities
• Contract: To provide the services you request
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws

10.2 Your GDPR Rights

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

10.3 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at dpo@tryonai.app.

11. Third-Party Links and Services

Our Service may contain links to third-party websites, applications, or services that are not operated by us:

• Pinterest: We integrate with Pinterest's API but are not affiliated with Pinterest, Inc.
• Social Media: Sharing features may redirect you to social media platforms
• Shopping Links: Affiliate links to retailer websites (if applicable)

We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies before providing any information.

Important: When you connect your Pinterest account, you are subject to Pinterest's Terms of Service and Privacy Policy. We only access information you authorize and cannot control Pinterest's data practices.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

12.1 Types of Cookies We Use

• Essential Cookies: Required for app functionality and security
• Session Cookies: Maintain your session and preferences
• Analytics Cookies: Help us understand app usage and performance
• Preference Cookies: Remember your settings and choices

12.2 Managing Cookies

You can control cookie preferences through your device settings. However, disabling certain cookies may limit app functionality.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of any material changes by:

• Posting the updated policy in the app
• Sending an email notification (if you have an account)
• Displaying a prominent notice in the app
• Requiring acceptance of the new policy before continued use

The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

14. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify you within 72 hours of becoming aware of the breach
• Provide details about what information was affected
• Explain the steps we are taking to address the breach
• Offer guidance on how to protect yourself
• Notify relevant authorities as required by law

15. Contact Us

We will respond to all legitimate requests within 30 days.