Privacy Policy

Last Updated: February 4, 2024

Effective Date: February 4, 2024

1. Introduction

AI Stylist ("Company", "we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered fashion analysis service ("Service").

This policy is designed to comply with:

GDPR (General Data Protection Regulation) - European Union
CCPA/CPRA (California Consumer Privacy Act) - California, USA
PIPA (Personal Information Protection Act) - Republic of Korea
LGPD (Lei Geral de Proteção de Dados) - Brazil
Other applicable international privacy regulations

By using our Service, you consent to the collection and use of your information as described in this Privacy Policy.

2. Data Controller Information

Data Controller: AI Stylist

Contact Email: privacy@aistylist.com

Data Protection Inquiries: dpo@aistylist.com

For EU residents, we act as the data controller for personal data collected through the Service.

3. Information We Collect

3.1 Information You Provide Directly

Photographs: Images you upload for AI analysis (processed in real-time, not stored)
Physical Attributes: Height information for styling recommendations
Style Preferences: Your selected fashion style preferences
Contact Information: Email address if you contact support

3.2 Information Collected Automatically

Device Information: Browser type, operating system, device type
Usage Data: Pages visited, features used, interaction patterns
IP Address: For security and approximate geographic location
Cookies: Essential session cookies (see Section 10)

3.3 Information from Third Parties

Payment Processor (Polar): Transaction confirmation, order ID (no payment card details)

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data based on the following legal grounds:

Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service you purchased
Legitimate Interests (Art. 6(1)(f)): Service improvement, fraud prevention, security
Consent (Art. 6(1)(a)): Where you have given explicit consent for specific processing
Legal Obligation (Art. 6(1)(c)): Compliance with applicable laws and regulations

5. How We Use Your Information

Service Delivery: To generate your personalized AI style analysis report
Payment Processing: To verify and complete your purchase
Customer Support: To respond to your inquiries and provide assistance
Service Improvement: To analyze usage patterns and improve the Service
Security: To detect and prevent fraud, abuse, and security incidents
Legal Compliance: To comply with applicable laws and regulations

We do NOT:

Sell your personal data to third parties
Use your photos for purposes other than providing the Service
Share your data for third-party marketing
Make automated decisions that significantly affect you without human oversight

6. Data Storage and Retention

6.1 Photo Data

Photos are NOT permanently stored. They are:

Transmitted securely to OpenAI's API for real-time processing
Deleted immediately after the analysis is complete
Not retained on our servers or databases

6.2 Analysis Reports

Generated and displayed in your browser session
Not stored on our servers
You may save locally using the "Save Image" feature

6.3 Transaction Data

Order IDs and transaction records: Retained for 7 years (legal/tax requirements)
Payment details: Handled exclusively by Polar (we never receive card numbers)

6.4 Support Communications

Retained for 2 years after resolution for quality assurance

7. Third-Party Services and Data Sharing

We share data with the following third-party service providers:

7.1 OpenAI (AI Processing)

Purpose: AI image analysis and generation
Data Shared: Uploaded photos, text prompts
Location: United States
Privacy Policy: openai.com/privacy

7.2 Polar (Payment Processing)

Purpose: Merchant of Record, payment processing
Data Shared: Transaction data, email (if provided)
Privacy Policy: polar.sh/legal/privacy

7.3 Cloudflare (Hosting & CDN)

Purpose: Website hosting, content delivery, security
Data Shared: IP address, usage data
Privacy Policy: cloudflare.com/privacy

8. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including:

United States: OpenAI, Cloudflare
European Union: Polar

For transfers from the EEA/UK, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Binding Corporate Rules of our service providers

9. Data Security

We implement industry-standard security measures:

Encryption: TLS 1.3 for all data in transit; AES-256 for data at rest
Access Control: Role-based access, principle of least privilege
API Security: Secure authentication, rate limiting
Infrastructure: Cloudflare DDoS protection, WAF
Monitoring: Continuous security monitoring and logging

While we strive to protect your data, no method of transmission over the Internet is 100% secure.

10. Cookies and Tracking Technologies

10.1 Cookies We Use

Essential Cookies: Required for Service functionality (session management)

10.2 Cookies We Do NOT Use

Third-party advertising cookies
Social media tracking pixels
Cross-site tracking technologies

10.3 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

11. Your Privacy Rights

11.1 Rights for All Users

Access: Request a copy of your personal data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your data ("Right to be Forgotten")
Portability: Request your data in a portable format
Objection: Object to certain processing activities
Withdrawal: Withdraw consent at any time

11.2 Additional Rights for EU/EEA Residents (GDPR)

Right to restriction of processing
Right not to be subject to automated decision-making
Right to lodge a complaint with a supervisory authority

11.3 Additional Rights for California Residents (CCPA/CPRA)

Right to Know: Categories and specific pieces of personal information collected
Right to Delete: Request deletion of personal information
Right to Opt-Out: Opt-out of sale/sharing of personal information (Note: We do NOT sell your data)
Right to Non-Discrimination: Not be discriminated against for exercising your rights
Right to Correct: Request correction of inaccurate information

11.4 Rights for Korean Residents (PIPA)

개인정보 열람 요구권
개인정보 정정·삭제 요구권
개인정보 처리정지 요구권
개인정보 이용·제공 내역 통지 요구권

12. How to Exercise Your Rights

To exercise any of your privacy rights, contact us:

Email: privacy@aistylist.com
Subject Line: "Privacy Rights Request - [Your Request Type]"

We will respond to your request within:

GDPR: 30 days (extendable by 60 days for complex requests)
CCPA: 45 days (extendable by 45 days)
PIPA: 10 days

We may request verification of your identity before processing your request.

13. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected data from a child under 18, we will delete it immediately.

If you believe a child has provided us with personal information, please contact us at privacy@aistylist.com.

14. Do Not Track Signals

Our Service does not currently respond to "Do Not Track" browser signals. However, we do not engage in cross-site tracking.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

Update the "Last Updated" date at the top of this policy
Notify you of material changes via email or Service notification
Obtain new consent where required by law

16. Contact Us

For privacy-related questions, concerns, or requests:

Privacy Inquiries: privacy@aistylist.com
Data Protection Officer: dpo@aistylist.com
General Support: saraintt@gmail.com

EU Representative

For EU residents, you may also contact your local data protection authority.

Back to Home