OutfitLive AI Privacy Policy

Privacy Policy

Last Updated: 10 JULY 2025

OutfitLive AI Privacy Policy

This Privacy Policy describes how OutfitLive AI (“we,” “our,” or “us”) collects, uses, and protects your personal information when you use our mobile application and services (the “Service”). We are committed to protecting your privacy and ensuring the security of your personal data.

1. Information We Collect

1.1 Personal Information

  • Account Information: Email address, username, and account preferences
  • Payment Information: Billing information for token purchases (processed securely through third-party payment processors)
  • Profile Information: Any information you voluntarily provide in your user profile

1.2 Usage Data

  • App Usage Analytics: How you interact with our app, features used, time spent, and navigation patterns
  • Device Information: Device type, operating system version, unique device identifiers, and mobile network information
  • Performance Data: App performance metrics, crash reports, and error logs
  • Location Data: General location information (country/region level) for service optimization

1.3 Image and Content Data

  • Uploaded Images: Photos you upload for virtual try-on services
  • Processed Images: Results generated by our AI virtual try-on technology
  • User-Generated Content: Any content you create, save, or share within the app

1.4 Communication Data

  • Support Communications: Messages you send to our customer support team
  • Notifications: Push notification preferences and delivery confirmations
  • Feedback: Reviews, ratings, and feedback you provide about our services

1.5 Automatically Collected Information

  • Log Files: Server logs including IP addresses, browser type, and access times
  • Cookies and Tracking: Analytics cookies and similar tracking technologies
  • Network Information: Connection type, carrier information, and network performance data

2. How We Use Your Information

2.1 Service Provision

  • Core Functionality: Providing virtual try-on services and AI-powered features
  • Account Management: Creating and maintaining your user account
  • Payment Processing: Processing token purchases and managing billing
  • Content Delivery: Storing and delivering your processed images and results

2.2 Service Improvement

  • Analytics and Insights: Understanding user behavior to improve our services
  • Performance Optimization: Optimizing app performance and user experience
  • Feature Development: Developing new features based on user needs and feedback
  • Quality Assurance: Testing and improving our AI algorithms and processing quality

2.3 Communication

  • Customer Support: Responding to your inquiries and providing technical support
  • Service Updates: Notifying you about important changes to our services
  • Marketing Communications: Sending promotional content (with your consent)
  • Push Notifications: Delivering relevant notifications about your account and usage

2.4 Legal and Security

  • Fraud Prevention: Detecting and preventing fraudulent activities
  • Security Monitoring: Monitoring for security threats and unauthorized access
  • Legal Compliance: Complying with applicable laws, regulations, and legal processes
  • Terms Enforcement: Enforcing our Terms of Service and other agreements

3. Information Sharing and Disclosure

3.1 Third-Party Service Providers

We may share your information with trusted third-party service providers who assist us in operating our business:

  • Cloud Infrastructure: Google Firebase, Google Cloud Platform for data storage and processing
  • Payment Processors: RevenueCat, Apple App Store, Google Play Store for payment processing
  • Analytics Services: Firebase Analytics for usage analytics and performance monitoring
  • AI/ML Services: External APIs for image processing and virtual try-on functionality
  • Customer Support: Support platforms for handling customer inquiries
  • Push Notifications: Firebase Cloud Messaging for delivering notifications

3.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

3.3 Legal Requirements

We may disclose your information when required by law, court order, or government request, or when we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights and property
  • Prevent fraud or security threats
  • Protect the safety of users or the public

3.4 Aggregated Data

We may share aggregated, anonymized data that cannot identify individual users for research, marketing, or business development purposes.

4. Data Retention

4.1 Account Data

  • Active Accounts: We retain account information while your account remains active
  • Inactive Accounts: Account data may be retained for up to 2 years after last activity
  • Deleted Accounts: Most data is deleted within 30 days of account deletion

4.2 Image Data

  • Uploaded Images: Original uploaded images are automatically deleted after processing (within 24-48 hours)
  • Processed Results: Stored for up to 90 days unless you choose to save them permanently
  • Cache Data: Temporary cached images are deleted within 7 days

4.3 Usage and Analytics Data

  • Analytics Data: Retained for up to 3 years for service improvement purposes
  • Log Files: Server logs are retained for up to 1 year for security and performance monitoring
  • Error Reports: Crash reports and error logs are retained for up to 2 years

4.4 Communication Data

  • Support Communications: Retained for up to 3 years for quality assurance and legal compliance
  • Marketing Communications: Preference data retained until you opt out or account deletion

5. Data Security

5.1 Technical Safeguards

  • Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
  • Access Controls: Strict access controls and authentication mechanisms for all systems
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Regular Updates: Regular security updates and patches for all systems

5.2 Operational Safeguards

  • Employee Training: Regular security training for all employees with data access
  • Background Checks: Comprehensive background checks for employees with data access
  • Access Limitation: Data access limited to employees who need it for their job functions
  • Audit Logs: Comprehensive logging of all data access and modifications

5.3 Physical Safeguards

  • Data Centers: Data stored in secure, certified data centers with physical access controls
  • Redundancy: Multiple backup systems and disaster recovery procedures
  • Environmental Controls: Climate control and power management systems

5.4 Incident Response

  • Monitoring: 24/7 monitoring for security incidents and data breaches
  • Response Plan: Comprehensive incident response plan with defined procedures
  • Notification: Users will be notified of any significant data breaches within 72 hours
  • Investigation: Thorough investigation and remediation of any security incidents

6. Your Privacy Rights

6.1 Access and Portability

  • Data Access: Request a copy of all personal data we hold about you
  • Data Export: Export your data in a machine-readable format
  • Account Information: View and update your account information at any time

6.2 Correction and Updates

  • Data Correction: Request correction of inaccurate or incomplete personal data
  • Profile Updates: Update your profile information and preferences within the app
  • Contact Information: Update your contact information and communication preferences

6.3 Deletion and Erasure

  • Account Deletion: Delete your account and associated data at any time
  • Selective Deletion: Request deletion of specific types of data
  • Right to be Forgotten: Request complete erasure of your personal data (subject to legal requirements)

6.4 Control and Consent

  • Consent Withdrawal: Withdraw consent for data processing at any time
  • Marketing Opt-out: Opt out of marketing communications
  • Notification Settings: Control push notification preferences
  • Analytics Opt-out: Opt out of analytics data collection (may limit functionality)

6.5 Objection and Restriction

  • Processing Objection: Object to certain types of data processing
  • Processing Restriction: Request restriction of data processing under certain circumstances
  • Automated Decision-Making: Opt out of automated decision-making processes

7. International Data Transfers

7.1 Cross-Border Transfers

  • Global Infrastructure: Our services may involve data transfers across international borders
  • Adequacy Decisions: We rely on adequacy decisions where available
  • Safeguards: Appropriate safeguards are in place for all international transfers

7.2 Data Processing Locations

  • Primary Storage: Data primarily stored in secure data centers in the United States and European Union
  • Backup Locations: Backup data may be stored in additional regions for redundancy
  • Processing Centers: AI processing may occur in various global locations for optimal performance

7.3 Legal Frameworks

  • Standard Contractual Clauses: Use of approved Standard Contractual Clauses for EU data transfers
  • Privacy Shield: Compliance with applicable privacy frameworks
  • Local Laws: Compliance with local data protection laws in all operating jurisdictions

8. Children’s Privacy

8.1 Age Restrictions

  • Minimum Age: Our service is not intended for children under 13 years of age
  • Parental Consent: Users between 13-18 require parental consent
  • Age Verification: We may implement age verification mechanisms

8.2 Data Collection from Minors

  • Limited Collection: Minimal data collection from users under 18
  • Parental Rights: Parents can request access, correction, or deletion of their child’s data
  • Educational Use: Special protections for any educational use cases

8.3 Compliance

  • COPPA Compliance: Full compliance with Children’s Online Privacy Protection Act
  • International Standards: Compliance with international children’s privacy laws
  • Regular Review: Regular review of practices related to minor users

9. Cookies and Tracking Technologies

9.1 Types of Cookies

  • Essential Cookies: Required for basic app functionality
  • Analytics Cookies: Used to understand user behavior and improve services
  • Preference Cookies: Store user preferences and settings
  • Performance Cookies: Monitor app performance and user experience

9.2 Third-Party Tracking

  • Analytics Providers: Firebase Analytics and other analytics services
  • Advertising Partners: Limited advertising-related tracking (with consent)
  • Social Media: Social media integration features (with explicit consent)

9.3 Cookie Management

  • Consent: Clear consent mechanisms for non-essential cookies
  • Opt-out: Options to opt out of certain types of tracking
  • Browser Controls: Information about browser-based cookie controls
  • Mobile Settings: Information about mobile device tracking settings

10. Updates to This Privacy Policy

10.1 Policy Changes

  • Regular Updates: This privacy policy may be updated periodically
  • Material Changes: Users will be notified of material changes
  • Effective Date: Changes become effective on the date specified in the updated policy
  • Continued Use: Continued use of the service constitutes acceptance of updated terms

10.2 Notification Methods

  • In-App Notifications: Notifications within the mobile application
  • Email Notifications: Email notifications to registered users
  • Website Updates: Updates posted on our website
  • Push Notifications: Important changes may be communicated via push notifications

10.3 Version Control

  • Version History: Maintain version history of all policy changes
  • Archive Access: Previous versions available upon request
  • Change Log: Detailed change log for significant updates

11. Regional Privacy Laws

11.1 European Union (GDPR)

  • Legal Basis: Clear legal basis for all data processing activities
  • Data Protection Officer: Designated Data Protection Officer for GDPR compliance
  • Supervisory Authority: Right to lodge complaints with supervisory authorities
  • Privacy by Design: Privacy considerations integrated into system design

11.2 California (CCPA/CPRA)

  • Consumer Rights: Full compliance with California Consumer Privacy Act rights
  • Do Not Sell: Option to opt out of data sales (we do not sell personal data)
  • Sensitive Information: Special protections for sensitive personal information
  • Third-Party Disclosure: Detailed disclosure of third-party data sharing

11.3 Other Jurisdictions

  • Local Compliance: Compliance with applicable privacy laws in all operating jurisdictions
  • Legal Updates: Regular monitoring of changes in privacy laws
  • Jurisdiction-Specific Rights: Additional rights may apply based on your location

12. Business Contacts and Data Protection

12.1 Business Users

  • B2B Data: Special considerations for business user data
  • Enterprise Features: Additional privacy protections for enterprise customers
  • Data Processing Agreements: Separate data processing agreements for business customers

12.2 Marketing and Communications

  • Consent-Based Marketing: All marketing communications require explicit consent
  • Segmentation: Responsible use of data for marketing segmentation
  • Opt-out Mechanisms: Easy opt-out mechanisms for all communications
  • Frequency Controls: Controls to manage communication frequency

13. Data Breach Notification

13.1 Detection and Assessment

  • Monitoring Systems: Continuous monitoring for potential data breaches
  • Risk Assessment: Rapid assessment of breach severity and user impact
  • Investigation: Thorough investigation of all potential security incidents

13.2 Notification Procedures

  • Regulatory Notification: Notification to relevant authorities within 72 hours
  • User Notification: Direct notification to affected users without undue delay
  • Public Disclosure: Public disclosure when required by law or when risk is high
  • Stakeholder Communication: Communication with business partners and vendors as needed

13.3 Remediation

  • Immediate Response: Immediate steps to contain and mitigate breaches
  • System Updates: Security updates and improvements following incidents
  • User Support: Dedicated support for users affected by data breaches
  • Follow-up: Regular follow-up and monitoring after breach resolution

14. Contact Information

Email: info@incistudio.com

15. Definitions

15.1 Key Terms

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data, including collection, storage, and use
  • Data Controller: The entity that determines the purposes and means of processing personal data
  • Data Processor: The entity that processes personal data on behalf of the data controller
  • Consent: Freely given, specific, informed, and unambiguous indication of agreement
  • Data Subject: The individual to whom personal data relates

15.2 Technical Terms

  • Encryption: The process of encoding data to prevent unauthorized access
  • Anonymization: The process of removing personally identifiable information from data
  • Pseudonymization: Processing data in a way that identifies individuals only with additional information
  • Data Breach: A security incident resulting in unauthorized access to personal data

16. Effective Date and Acceptance

This Privacy Policy is effective as of 15-Jul-2025 and applies to all users of the OutfitLive AI service. By using our service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Note: This Privacy Policy is designed to be comprehensive and protective. Please consult with legal counsel to ensure all local laws and regulations are properly addressed for your specific jurisdiction and business model. Update bracketed placeholders with your actual company information before implementation.