Privacy Policy

1. Information We Collect

We collect the following categories of information when you use the Service:

Account Data

When you create an account, we collect your email address, display name, and profile information. If you sign in with Google OAuth, we may receive your name, email address, and profile picture from Google as permitted by your Google account settings. If you sign in with Apple, we may receive your name and email address as permitted by your Apple privacy settings.

Body and Style Profile Data

To provide personalized styling recommendations, we may collect body-related data you voluntarily provide, including gender, height, weight, and style preferences. This data is used solely for outfit recommendation purposes and is never shared with third parties for advertising.

User-Uploaded Images

The core function of our Service requires you to upload outfit photographs. These images are transmitted to our servers and to third-party AI processing services (via OpenRouter, which routes requests to underlying AI model providers) for fashion analysis. Uploaded images and AI-generated isolated product images are stored in Supabase Storage with user-scoped access controls.

Camera and Photo Library Access

The app may request access to your device camera or photo library when you choose to take a photo or upload an image. We use this access only to let you select or capture images for the features you request, such as wardrobe creation, fashion analysis, item recognition, or flatlay generation.

AI Analysis Results

We store the results of AI analysis performed on your images, including: detected fashion pieces and their attributes (category, color, brand, material, style), bounding box coordinates within your images, semantic embeddings used for wardrobe search, and styling preferences inferred from your interactions.

Chat History

When you interact with the Nigel AI agent, we store your chat messages and the AI responses. Chat history is retained for as long as your account remains active. If you wish to have your chat history deleted, please contact us and we will process your request manually.

Usage Data

We collect information about how you interact with the Service, including features you use, outfit combinations you explore, looks you save, and search queries within your wardrobe.

Device Information

We may collect technical information about the device you use to access the Service, including device type, operating system version, app version, and general location data (such as country or region) derived from your IP address.

2. How We Use Your Information

We use the information we collect for the following purposes:

• AI Fashion Analysis and Piece Detection: Your uploaded images are processed by AI models to identify individual clothing items, generate isolated product images, and build your digital wardrobe.
• Personalized Styling Recommendations: We use your wardrobe data, body profile, style preferences, and interaction history to provide personalized outfit recommendations through the Nigel AI agent.
• Style Studio and Flatlay Generation: We use selected wardrobe item data and isolated item images to generate editorial flatlay compositions for outfit planning and visual inspiration.
• Wardrobe Management and Organization: Your uploaded and detected fashion items are organized into a searchable digital wardrobe using full-text search and semantic embedding-based retrieval.
• Service Operations: We use your data to operate, maintain, and improve the Service, diagnose technical issues, and ensure service security.
• Communications: We may use your email address to send you service announcements and updates to these policies. We will only send promotional content with your explicit consent.

AI Model Training: We do not use your personal data, images, or content to train our own AI models. Anonymized, aggregated usage statistics (which cannot identify you individually) may be used internally to improve service quality. Third-party AI providers (including Google Gemini, accessed both directly and through the OpenRouter routing layer) process your data according to their own API data usage policies — see Section 5 for details.

3. Lawful Basis for Processing

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

• Performance of Contract (Article 6(1)(b)): Processing necessary to provide the Service you requested, including account management, wardrobe storage, AI fashion analysis, and styling recommendations.
• Consent (Article 6(1)(a)): Where we rely on your consent, such as for promotional communications or optional personalization features. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate interests, such as improving the Service, preventing fraud, and ensuring security. We balance these interests against your rights and freedoms.

4. Data Storage & Security

Infrastructure: Your data is stored using Supabase infrastructure (managed PostgreSQL database and object storage, running on AWS). The backend application runs on Railway.

Access Controls: Image storage is configured with user-scoped access policies, meaning only the authenticated account owner can access their own uploaded and generated images through the app. Authorized infrastructure providers and limited operational access may process this data as needed to provide, secure, debug, or support the Service. We implement row-level security (RLS) policies in our database to help isolate data between users.

Encryption: All data transmitted between your device and our servers is encrypted in transit using TLS (Transport Layer Security). Data stored in our database and object storage is encrypted at rest using industry-standard AES-256 encryption.

Security Limitations: While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data and are not responsible for unauthorized access resulting from factors outside our reasonable control.

5. Third-Party Services

We rely on the following third-party services to provide the Service. By using the Service, you acknowledge that your data may be processed by these providers:

6. Data Retention

Active Accounts: We retain your personal data, uploaded images, and wardrobe data for as long as your account remains active. You can delete individual wardrobe items or entire looks at any time through the application.

Chat History: AI agent chat conversations are retained for as long as your account remains active. If you wish to have your chat history deleted, please contact us and we will process your request manually.

Account Deletion: Upon account termination, we will make commercially reasonable efforts to remove your personally identifiable data, uploaded images, and wardrobe content within a reasonable timeframe. Some data may be retained for a longer period where required by applicable law or for the resolution of disputes.

Aggregated Data: Anonymized, aggregated data derived from your usage (such as aggregate usage statistics that cannot identify you individually) may be retained for up to 3 years after account deletion for service improvement purposes.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal information. These include:

• Access: You have the right to request access to the personal information we hold about you.
• Deletion: You have the right to request deletion of your personal data. You can delete your account from Settings in the iOS app, or contact us at the email address below if you need assistance.
• Data Export: You have the right to request an export of your wardrobe data (including detected piece information and metadata). To request a data export, please contact us at the email address below.
• Correction: You have the right to correct inaccurate personal information we hold about you.
• Portability: You may have the right to receive your personal data in a structured, machine-readable format.
• Restriction of Processing: In certain circumstances, you have the right to request that we restrict the processing of your personal data.
• Objection: Where we process your data based on legitimate interests, you have the right to object to such processing.
• Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at [email protected]. We will respond to verifiable requests within the timeframe required by applicable law.

8. Children's Privacy

The Service is not directed specifically to children. If you are under the age of majority or the applicable age of digital consent in your country or region, you should use the Service only with permission from a parent or legal guardian.

We do not knowingly collect personal information from children where parental consent is required by applicable law. If we become aware that we collected personal information from a child without any required parental consent, we will take reasonable steps to delete that information. If you believe this may have occurred, please contact us at [email protected].

9. International Data Transfers

The Service is operated from Taiwan. Your information may be processed in countries other than your country of residence, including the United States (where our infrastructure providers Supabase, Railway, and OpenRouter operate data centers).

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, please note that your personal data may be transferred to and processed in countries that may not provide the same level of data protection as your home country. Where such transfers occur, we rely on appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to ensure adequate protection for your data.

By using the Service, you acknowledge and consent to the transfer of your information to countries outside your country of residence, including countries that may have different data protection rules.

10. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay. Specifically:

• GDPR: We will notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach, and will notify affected individuals when the breach is likely to result in a high risk to their rights and freedoms.
• Other Jurisdictions: We will comply with applicable data breach notification laws in your jurisdiction, including providing notification within the timeframes required by law.

11. AI Interaction Disclosure

The Service uses artificial intelligence throughout its core functionality. When you interact with Nigel, please be aware of the following:

• The Nigel AI agent is a computer program, not a human stylist. All styling advice is generated by AI models.
• AI-generated responses, outfit recommendations, and fashion analysis results may contain inaccuracies or subjective assessments.
• We do not guarantee the accuracy, completeness, or suitability of any AI-generated content.
• Your conversations with the AI agent are processed by third-party AI services, including Google Gemini (accessed both directly and through the OpenRouter routing layer), as described in Section 5.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we may notify you through the application, by email to the address associated with your account, or by updating the "Last Updated" date at the top of this page, as appropriate and where required by applicable law.

Your continued use of the Service after any changes to this policy constitutes your acceptance of the updated terms. If you do not agree with the updated policy, you should discontinue use of the Service and may request deletion of your account.

13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Taiwan (Republic of China), without regard to its conflict of law provisions. Any disputes arising from or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the Taipei District Court, Taiwan, except where mandatory local laws provide you with the right to bring proceedings in your jurisdiction of residence.

14. Contact Information

If you have questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us at: