Privacy policy.

Outfit AI is an iPhone app that lets you build a private digital closet, virtually try clothes on a photo of yourself, and save the looks that work. This Privacy Policy explains what personal data we collect, why we collect it, how we protect it, and the rights you have over it. It applies to the Outfit AI iOS application and the outfitai.app website.

The data controller is Outfit AI, based in the United Kingdom. You can reach us at info@ijr-apps.com for any privacy question, subject access request, or complaint.

We operate globally. The law that applies to you depends on where you are. If you are in the UK we apply the UK GDPR and the Data Protection Act 2018. If you are in the EEA we apply the EU GDPR. If you are elsewhere we still follow UK-GDPR-grade standards as a baseline.

We only collect what is necessary to run the app and improve it:

• 01Account info. Name, email address, profile picture, username.
• 02Fit-model photo. The full-length photo you choose to use as your virtual try-on body. Used only to render outfits for you; never shown to other users.
• 03Closet pieces. Photos of garments you snap, upload, or import from product links, together with the metadata you add (name, category, colour, brand, swatches, wear count).
• 04Generated try-on images. The composite images Outfit AI produces when you render a look. Stored privately in your archive until you delete them or your account.
• 05Style preferences. Onboarding answers (body type, sizes, aesthetic preferences, goals) used to tailor recommendations.
• 06Subscription & purchase data. Subscription status, entitlements, purchase history (received from Apple / RevenueCat). We do not see your payment card details.
• 07Device data. Device type, iOS version, app version, push notification token, crash logs.
• 08Usage data. Basic in-app events that help us fix bugs and improve features. No third-party advertising or cross-app tracking.

Under Articles 6 and 9 of the UK GDPR every use of your data has a specific legal basis. Ours are:

• 01Running the app. Storing your closet, rendering try-on images, syncing across devices, processing subscriptions, providing customer support. Basis: performance of our contract with you (Art. 6(1)(b)).
• 02Processing your fit-model photo and body data. A photograph that lets you be identified is personal data; combined with body measurements it warrants extra care. Basis: your explicit consent, given when you upload it (Art. 6(1)(a)). You can withdraw consent at any time by deleting the photo or your account.
• 03Security, fraud prevention, and abuse detection. Spotting suspicious activity and keeping the service reliable. Basis: our legitimate interests in running a secure service (Art. 6(1)(f)).
• 04Improving the product. Understanding which features are used, fixing bugs, making the app better. Basis: our legitimate interests; balanced against your right to privacy.
• 05Legal obligations. Retaining tax and accounting records, responding to lawful law-enforcement requests. Basis: compliance with legal obligations (Art. 6(1)(c)).

We use a small, carefully chosen set of service providers ("sub-processors") to run Outfit AI. They only process your data on our instructions and under written contracts that meet UK GDPR requirements.

• 01Supabase Inc. Database, authentication, and secure backend infrastructure. Stores your account, closet metadata and saved looks. Hosted in the United States.
• 02DigitalOcean LLC (Spaces). Encrypted object storage for your fit-model photo, closet piece photos, and generated try-on images. United States.
• 03Replicate, Inc. Runs the AI image model that renders garments onto your fit model. When you request a try-on, the relevant images are sent to Replicate for the few seconds it takes to generate the result, then discarded by them. United States.
• 04RevenueCat, Inc. Subscription management and receipt validation. Receives your App Store user ID and subscription status. United States.
• 05Apple Inc. App Store distribution, In-App Purchase, Apple Push Notification service (APNs), and, if you opt in, Sign in with Apple. Global.
• 06Vercel Inc. Hosting for the outfitai.app website and the API that talks to the iOS app. Serves traffic; does not retain your closet content.

We may also share data where required by law (for example, a valid court order), to enforce our Terms of Service, or to protect the rights and safety of users and the public.

International transfers. Several of our sub-processors are based in the United States. Transfers outside the UK / EEA are made under the UK International Data Transfer Addendum (IDTA) or the EU Standard Contractual Clauses (SCCs), with supplementary technical safeguards (encryption in transit and at rest).

Photos are the heart of Outfit AI, so it's important you know exactly what we do with them.

• 01Private by default. Your fit-model photo, every piece in your closet, and every generated try-on image are visible only to your account. They are never shown to other users, never used for marketing, and never published.
• 02Encrypted storage. All photos are stored on encrypted cloud infrastructure (DigitalOcean Spaces) and protected in transit (TLS 1.2+) and at rest (AES-256).
• 03No human review. Outfit AI staff do not view your photos unless required by law, to investigate a reported violation of our Terms, or with your explicit permission when you request support.
• 04Replace or delete any time. You can replace your fit model, delete individual pieces or looks, or wipe everything by deleting your account from You → Settings → Delete Account.
• 05Permanent deletion. Deleted photos are removed from our live systems immediately and from encrypted backups within 30 days.

You should not upload sensitive, explicit, or illegal content, nor photographs of other people without their consent. See our Terms of Service for full rules on acceptable content.

The try-on feature uses an AI image model, hosted by Replicate, to render a chosen garment onto your fit model. The result is an estimate, a prediction of how the piece might look on you. Fabric drape, fit, colour accuracy and proportion are approximated, not measured.

Style suggestions and outfit recommendations are likewise generated. They are taste, not authority; you remain the final decision-maker on what you wear.

These outputs do not produce legal or similarly significant effects for you, so Article 22 of the UK GDPR (automated individual decision-making) is not engaged. You can ignore any generated suggestion and build looks manually from the Look Builder instead.

We don't keep data longer than we need to:

• 01While your account is active. We keep your data for as long as you use Outfit AI.
• 02After account deletion. Personal data and photos are deleted from our live systems within 30 days. Encrypted backups rotate out within a further 90 days.
• 03Legal & financial records. Subscription and tax records are kept for up to 7 years where required by UK law, even after account deletion.
• 04Aggregated, anonymised statistics. May be kept indefinitely; these cannot be used to re-identify you.

Your data is encrypted in transit (TLS 1.2+) and at rest using industry-standard AES-256 encryption. Access to production systems is restricted, authenticated, and logged. Our backend is built on Supabase, a secure open-source platform with row-level security policies enforced server-side.

No system is perfect. If a personal data breach affects your rights and freedoms, we will notify the UK Information Commissioner's Office within 72 hours of becoming aware, and notify you directly where the risk is high, as required by Articles 33 and 34 of the UK GDPR.

The outfitai.app website uses a minimal amount of local browser storage required for the page to function. It does not set third-party advertising or analytics cookies. The iOS app does not use web cookies.

You have the following rights in relation to your personal data. We will respond to any request within one month (Article 12(3)).

• 01Right of access. Ask for a copy of the personal data we hold about you.
• 02Right to rectification. Ask us to correct data that is inaccurate or incomplete.
• 03Right to erasure ("right to be forgotten"). Ask us to delete your data. You can also do this yourself from You → Settings → Delete Account.
• 04Right to data portability. Receive your data in a structured, machine-readable format.
• 05Right to restrict processing. Ask us to pause certain uses of your data.
• 06Right to object. Object to processing based on our legitimate interests.
• 07Right to withdraw consent. Where we rely on your consent (including for your fit-model photo), you can withdraw it at any time.
• 08Right not to be subject to solely automated decisions. We do not make decisions that have legal or similarly significant effects on you using only automated processing.

To exercise any of these, email info@ijr-apps.com. We may need to verify your identity before we act.

Outfit AI is not directed at children under the age of 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, email info@ijr-apps.com and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect legal changes or new features. When we do, we will update the "Last updated" date at the top. If the changes are material we will notify you in-app or by email before they take effect. Continued use of Outfit AI after an update means you accept the updated policy.

Data controller: Outfit AI, United Kingdom.
Privacy contact: info@ijr-apps.com

We have not appointed a Data Protection Officer, as we are not required to do so under Article 37 of the UK GDPR, but all privacy enquiries are handled personally and taken seriously.