Privacy Policy

Last Updated: January 1, 2026 Version 1.0

Your privacy is important to us. This policy explains how MyWear collects, uses, and protects your personal information.

1. Introduction

MyWear ("we," "our," or "us") operates the MyWear mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring you have a positive experience when using our Service. This policy applies to all users of our Service, regardless of how you access it.

Key Points

  • We collect only the data necessary to provide our Service
  • Your clothing photos are stored securely and never shared without consent
  • You can delete your account and all associated data at any time
  • We use industry-standard security measures to protect your data

Data Controller Information

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, the data controller is:

MyWear
Email: [email protected]

2. Information We Collect

2.1 Information You Provide Directly

Data Type Examples Purpose Required
Account Information Email address, display name, profile photo Account creation and authentication Email: Yes
Clothing Photos Images of your garments Digital wardrobe management, AI analysis Yes (core features)
Outfit Photos Combined clothing images, styling photos Outfit creation and planning No
Virtual Try-On Photos Your photos for AI try-on feature Virtual clothing visualization No
Location Data City, country, or precise location Weather-based outfit suggestions No
Payment Information Processed by Apple, not stored by us Subscription processing For paid features
Preferences Language, temperature units, notifications Service personalization No

2.2 Information Collected Automatically

Device Information

  • Device type and model
  • Operating system and version
  • Unique device identifiers
  • App version
  • Time zone setting

Usage Information

  • Features used and frequency
  • Screens viewed
  • Actions taken within the app
  • Crash reports and performance data
  • Session duration and timestamps

Location Information

We collect location information in two ways:

  1. Automatic Location (with your explicit permission): We use your device's GPS to determine your precise location for accurate weather forecasts.
  2. Manual Location: You can manually select your city without granting location permissions.

You can change your location settings at any time in the app's Settings menu.

2.3 Information from Third Parties

Authentication Providers

  • Google Sign-In: Email, name, profile photo (if public)
  • Apple Sign-In: Email (may be anonymized), name

Payment Processors

  • Apple App Store: Transaction confirmations, subscription status
  • RevenueCat: Subscription management data (no payment card details)

3. How We Use Your Information

3.1 Core Service Functionality

Purpose Data Used Legal Basis (GDPR)
Account creation and management Email, name, profile Contract performance
Digital wardrobe management Clothing photos, categories Contract performance
AI-powered clothing analysis Clothing photos Contract performance
Outfit recommendations Wardrobe data, preferences, location Legitimate interest
Weather-based suggestions Location data Consent
Virtual try-on User photos, clothing images Contract performance
Outfit calendar planning Outfit data, calendar selections Contract performance

3.2 Service Improvement

Purpose Data Used Legal Basis (GDPR)
Analytics and usage patterns Anonymized usage data Legitimate interest
Bug fixes and performance Crash reports, device info Legitimate interest
Feature development Aggregated usage statistics Legitimate interest

3.3 Communication

Purpose Data Used Legal Basis (GDPR)
Service notifications Email, push token Contract performance
Customer support Contact info, inquiry details Contract performance
Marketing communications Email (with consent) Consent

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

4.1 Contract Performance (Article 6(1)(b) GDPR)

We process data necessary to fulfill our contract with you, including:

  • Creating and maintaining your account
  • Providing the digital wardrobe features
  • Processing your subscription
  • Delivering the services you requested

4.2 Consent (Article 6(1)(a) GDPR)

For certain processing activities, we rely on your explicit consent:

  • Precise location data collection
  • Marketing communications
  • Analytics cookies (on web)

You can withdraw consent at any time through Settings → Privacy → Manage Consent.

4.3 Legitimate Interests (Article 6(1)(f) GDPR)

We process certain data based on our legitimate interests, balanced against your rights:

Legitimate Interest Safeguards
Improving our Service Data minimization, anonymization
Preventing fraud Limited access, security measures
Direct marketing to existing customers Easy opt-out, frequency limits
Analytics Anonymization, no profiling

4.4 Legal Obligation (Article 6(1)(c) GDPR)

We may process data when required by law:

  • Tax and accounting requirements
  • Response to legal requests
  • Regulatory compliance

5. Information Sharing and Disclosure

⚠️ Important: We do NOT sell your personal data. We do NOT share your clothing photos with advertisers. Your wardrobe is private.

5.1 Service Providers

We share data with trusted service providers who assist in operating our Service:

Provider Purpose Data Shared Location
Supabase Inc. Database hosting, authentication Account data, wardrobe data EU/US
Google Cloud AI image analysis Clothing photos (processed, not stored) US
Bunny CDN Image storage and delivery Clothing and outfit photos EU
RevenueCat Subscription management Subscription status, user ID US
Mixpanel Analytics Anonymized usage events EU
Apple Inc. Authentication, payments Auth tokens, transaction data US
Open-Meteo Weather data Location coordinates only EU

5.2 AI Processing Disclosure

When you add clothing items, your photos are sent to Google's AI services for:

  • Object detection (identifying clothing type)
  • Color analysis
  • Style classification
  • Pattern recognition

Important:

  • Photos are processed in real-time and are NOT stored by Google for training purposes
  • We use Google's "Data Processing Terms" which prohibit Google from using your data for their own purposes
  • Processing occurs via encrypted channels

5.3 Legal Requirements

We may disclose your information if required by law:

  • In response to valid legal process (subpoena, court order)
  • To protect our rights, privacy, safety, or property
  • To investigate potential violations of our Terms
  • In connection with a merger, acquisition, or sale of assets

6. Data Storage and Security

6.1 Where We Store Your Data

Data Type Storage Location Provider
Account information EU (Frankfurt) Supabase
Clothing photos EU (multiple regions) Bunny CDN
Usage analytics EU Mixpanel
Subscription data US RevenueCat

6.2 Security Measures

Technical Safeguards

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Secure authentication with session management
  • Regular security audits and penetration testing
  • Automated vulnerability scanning
  • DDoS protection

Organizational Safeguards

  • Limited employee access on a need-to-know basis
  • Security awareness training
  • Incident response procedures
  • Regular access reviews

Photo Security

  • Photos are stored with unique, non-guessable URLs
  • Signed URLs expire after 1-24 hours
  • No public directory listing
  • Server-side access controls

6.3 Data Breach Notification

In the event of a data breach affecting your personal data, we will:

  1. Notify affected users within 72 hours (as required by GDPR)
  2. Notify relevant supervisory authorities
  3. Document the breach and remediation steps
  4. Provide guidance on protective measures you can take

7. International Data Transfers

7.1 Transfer Mechanisms

When we transfer personal data from the EEA, UK, or Switzerland to countries without adequate data protection laws, we use:

Standard Contractual Clauses (SCCs):

  • EU Commission-approved SCCs with all US-based providers
  • UK International Data Transfer Agreement where applicable

Additional Safeguards:

  • Encryption in transit and at rest
  • Access controls and audit logging
  • Regular compliance assessments

8. Your Privacy Rights

8.1 Rights for All Users

Regardless of your location, you have the right to:

Right Description How to Exercise
Access Request a copy of your data Settings → Privacy → Download My Data
Deletion Delete your account and data Settings → Account → Delete Account
Correction Update inaccurate information Edit in app or contact support
Opt-out Unsubscribe from marketing Email preferences or Settings

8.2 Additional Rights for EEA/UK Residents (GDPR)

Right Description How to Exercise
Right to be Forgotten Complete erasure of your data Settings → Account → Delete Account
Data Portability Receive data in machine-readable format Settings → Privacy → Export Data
Restriction of Processing Limit how we use your data Contact [email protected]
Object to Processing Object to legitimate interest processing Contact [email protected]
Withdraw Consent Revoke previously given consent Settings → Privacy → Manage Consent

8.3 Additional Rights for California Residents (CCPA/CPRA)

Right Description
Right to Know Categories and specific pieces of personal information collected
Right to Delete Request deletion of personal information
Right to Opt-Out Opt-out of sale/sharing of personal information
Right to Non-Discrimination No different treatment for exercising rights
Right to Correct Correct inaccurate personal information

Note: MyWear does NOT sell personal information as defined by CCPA. See our California Privacy Notice for full details.

8.4 How to Exercise Your Rights

In-App

  1. Open MyWear app
  2. Go to Settings → Privacy
  3. Select the relevant option (Download Data, Delete Account, Manage Consent)

By Email

Send your request to: [email protected]

Include:

  • Your registered email address
  • Specific right you wish to exercise
  • Any relevant details

Response Time

  • We will respond within 30 days
  • Complex requests may take up to 90 days with notice
  • No fee for reasonable requests

9. Children's Privacy

⚠️ Important: MyWear is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

9.1 Age Restrictions

Region Minimum Age Legal Basis
United States 13 years COPPA
European Union 16 years (or member state minimum) GDPR Article 8
United Kingdom 13 years UK GDPR
Other regions 13 years Our policy

9.2 Parental Rights

If you are a parent or guardian and believe your child under 13 has provided personal information to us:

  1. Contact us immediately at: [email protected]
  2. We will verify your identity as parent/guardian
  3. We will delete all data associated with the child's account within 48 hours

10. Cookies and Tracking Technologies

This section applies primarily to the MyWear website. The mobile app uses different tracking mechanisms described in Section 2.

10.1 Types of Cookies We Use

Category Purpose Examples Duration
Strictly Necessary Essential for site operation Session management, security Session
Functional Remember preferences Language, theme 1 year
Analytics Understand usage patterns Page views, traffic sources 2 years
Marketing (Not currently used) N/A N/A

10.2 Mobile App Tracking

The MyWear mobile app uses:

  • Mixpanel: For analytics (EU server, GDPR compliant)
  • Device identifiers: For crash reporting and analytics

You can opt-out of analytics in: Settings → Privacy → Analytics

For full details, see our Cookie Policy.

11. Third-Party Services

11.1 Integrated Services

Service Purpose Privacy Policy
Google Sign-In Authentication policies.google.com/privacy
Apple Sign-In Authentication apple.com/legal/privacy
Google Cloud AI Image analysis cloud.google.com
Supabase Backend services supabase.com/privacy
RevenueCat Subscriptions revenuecat.com/privacy
Mixpanel Analytics mixpanel.com/legal

11.2 Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to read their privacy policies before providing any personal information.

12. Data Retention

12.1 Retention Periods

Data Category Retention Period Reason
Account information Until account deletion + 30 days Service provision, legal compliance
Clothing photos Until item/account deletion Core service functionality
Outfit data Until deletion or account deletion Core service functionality
Usage analytics 24 months (anonymized) Service improvement
Support communications 3 years Legal compliance
Transaction records 7 years Tax and legal requirements
Security logs 90 days Security monitoring

12.2 Deletion Process

When you delete your account:

  1. Immediate: Account disabled, cannot log in
  2. Within 24 hours: Personal data removed from active systems
  3. Within 30 days: Data purged from backups
  4. Retained: Anonymized analytics data (cannot identify you)

13. Changes to This Policy

13.1 How We Notify You

We may update this Privacy Policy periodically. When we make changes:

Material Changes:

  • Email notification to registered users
  • In-app notification
  • Prominent notice on our website
  • 30 days advance notice before changes take effect

Minor Changes:

  • Updated "Last Modified" date
  • Changes reflected on this page

13.2 Your Continued Use

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy. If you do not agree with changes, you should stop using the Service and delete your account.

14. Contact Us

General Privacy Inquiries:

Data Protection Officer:

For GDPR Requests:

  • Subject line: "GDPR Request - [Your Request Type]"

For CCPA Requests:

  • Subject line: "CCPA Request - [Your Request Type]"

Questions about this policy? Contact us at [email protected]