Privacy Policy

Last updated: July 2, 2026

This policy explains what data Fitting Room ("we", "us", operated by [BUSINESS NAME]) collects, how we use it, and the choices you have. The short version: we collect as little as we can, your photos are yours, and we never sell your data.

1. What we collect

Account data. Your email address and a hashed password, managed by our authentication provider, Supabase.

Photos you upload. Photos of yourself and of garments are transmitted to our servers and to OpenAI to generate your try-on. Uploads are processed in memory and are not stored — with one exception: if you tick "Remember my photo", that single photo is stored in your private storage space until you remove it.

Generated looks. The try-on images we generate for you are stored privately in your wardrobe (on Cloudflare R2) until you delete them.

Purchase data. When you buy credits, Stripe processes your payment. We receive and store a record of the purchase (pack, amount, date, Stripe session ID) but never your card details.

Technical data. Standard server logs (IP address, timestamps, errors) kept briefly for security and debugging. We do not use advertising trackers or analytics cookies. Your login session is kept in your browser's local storage by Supabase; it is essential for the Service to function.

2. How we use your data

We use your data only to operate the Service: authenticating you, generating try-ons, storing your wardrobe, crediting purchases, preventing abuse, and responding to support requests. We do not sell or rent personal data, and we do not use your photos for advertising or to train AI models.

3. Who processes your data

We share data with four processors, each only receiving what it needs: OpenAI (receives your photos to generate images; per OpenAI's API policies, API data is not used to train their models), Supabase (account and database hosting), Stripe (payments), and Cloudflare (private image storage). We may disclose data if required by law.

4. Retention

Uploads: processed transiently, not retained. Saved photo: until you remove it or delete your account. Generated looks: until you delete them or delete your account. Account and purchase records: for as long as your account exists, plus what bookkeeping and tax law require for transaction records. Server logs: up to 30 days.

5. Your rights

You can access, download, and delete your looks and saved photo directly from your wardrobe at any time. You may also request a copy of your data, correction, or full account deletion by emailing fashiontryon25@gmail.com. If you are in the EU/UK, these rights are backed by the GDPR (including the right to lodge a complaint with your supervisory authority); if you are in California, by the CCPA. We respond to requests within 30 days.

6. Security

All traffic is encrypted in transit (TLS). Stored images live in a private bucket accessible only through short-lived signed URLs generated for your session. Passwords are hashed by Supabase. Payment credentials never touch our servers. No system is perfectly secure — if a breach affects your data, we will notify you as required by law.

7. Children

The Service is for adults 18 and over. We do not knowingly collect data from minors, and uploading photos of minors is prohibited. If you believe a minor's data has been submitted, contact us and we will delete it.

8. International transfers

Our processors may store data in the United States and other countries. Where required, transfers rely on appropriate safeguards such as standard contractual clauses maintained by our processors.

9. Changes and contact

We will post any changes to this policy here with an updated date. Questions or requests: fashiontryon25@gmail.com.