Privacy Policy
Last updated: May 2026
1. Personal data and privacy
In compliance with Colombian Law 1581/2012, the GDPR (EU Regulation 2016/679), Brazil's LGPD (Lei 13.709/2018), California's CCPA/CPRA, Mexico's LFPDPPP, and other applicable data protection regulations: • Data controller: Anddress (soporte@anddress.com). • Data collected: name, email, garment images, try-on model photo, style preferences, country, preferred language, and usage data. • Purpose: personalize the virtual wardrobe experience; enable virtual garment try-on; generate AI outfit suggestions; and display relevant store, price, fashion news and trend recommendations based on your country and language. • Automatic country and language detection: if you do not provide your country, we attempt to infer it from your browser's language setting or timezone (e.g., "America/Bogota" → Colombia). This data is indicative and you can correct or remove it from Settings → My profile. We do not use geolocation APIs or external services for this inference. • Optional fields: country and language are optional. Not providing them does not limit the app's core features; it only reduces the regional personalisation of recommendations. • Legal basis (GDPR/LGPD): explicit consent given at registration and when using specific features such as photo upload or AI avatar. • Your rights: access, rectification, erasure ("right to be forgotten"), portability, objection, and restriction of processing. Exercise them via Settings in the app or by writing to soporte@anddress.com. • International transfers: data stored on Supabase (AWS infrastructure, Virginia, USA). Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework are used as transfer safeguards. • We do not share personally identifiable data with third parties without your explicit consent, except as required by law.
2. Try-on model photo (Pro plan)
If you use the virtual try-on feature with your real photo (Pro plan): • Your full-body photo is stored encrypted on secure cloud servers (Supabase / AWS, Virginia, USA). • Google Gemini Vision transiently analyzes it solely to validate technical requirements (full body, no glasses). This analysis is not used to train AI models and is not stored by Google. • The photo is transmitted to Fashn.ai exclusively to generate virtual garment try-ons. • You can delete your photo at any time from Settings → Delete model photo. After deletion, the photo is removed from our servers within 30 days. By uploading your photo, you grant express consent for this processing under Colombian Law 1581/2012, CCPA/CPRA (California), the GDPR, and the LGPD.
3. AI-generated avatar (Pro plan)
If you use the AI photorealistic avatar feature: • You configure your traits via dropdowns (skin tone, body type, hair color, etc.). This data is stored in your profile. • Google Gemini generates a synthetic image (avatar) based on that configuration. Only the generated avatar is stored if you choose to keep it. • The generated avatar is a synthetic image, not a real photograph. If it bears visual resemblance to you, that derived image is stored with your express consent. • You can delete your generated avatar at any time from Settings.
4. Cloud storage
Garment images, your model photo (if uploaded), and your profile data are stored on secure servers operated by Supabase (AWS infrastructure, Virginia, USA) with TLS encryption in transit and encryption at rest. By accepting these terms, you authorize such international transfer with the safeguards described in section 3.
5. Sub-processors
To provide the service, we use the following sub-processors that may access your data: • Supabase Inc. (database and file storage · AWS Virginia, USA) • Google LLC / Google Cloud (Gemini and Vertex AI for garment analysis, photo validation, avatar generation and suggestions; reCAPTCHA Enterprise for anti-fraud security) • Fashn.ai (virtual try-on engine — receives model photo and garment image) • Paddle.com Market Ltd. and/or Stripe Inc. (payment processing as Merchant of Record, depending on region) • Resend Inc. (transactional email delivery) • PostHog Inc. (product analytics and usage metrics) • SerpAPI LLC (visual product search for shopping recommendations) All operate under Data Processing Agreements (DPAs) compatible with GDPR/LGPD and SCCs for international transfers.
6. Data retention and deletion
• Active account: data is retained while the account is active. • Account deletion: personal data and images are deleted within 30 days, unless retention is required by law. EU and Brazil users may request a shorter timeframe. • Model photo: deleted immediately upon request in Settings (or within 30 days of account deletion). • Access logs: retained 90 days for security purposes. To exercise the right to erasure or request a data export, write to soporte@anddress.com.
7. Cookies, analytics and advertising
Anddress uses cookies and similar technologies for: (a) strictly necessary cookies (session, security), which require no consent; (b) product analytics (PostHog) to understand usage and improve the app; and (c) advertising (Google AdSense) on the free plan only. • Consent: in the EU, UK and regions with equivalent laws, we show a cookie banner and only enable analytics and ads after your consent (Google Consent Mode v2). You can change your choice anytime from the banner or Settings. • Personalized ads: if you accept, ads may be personalized. If you decline, you will see NON-personalized ads. • Minors: users identified as minors are shown only non-personalized ads, in line with COPPA and GDPR-K. • See our Cookie Policy for details.
8. AI assistant memory (optional)
You can optionally (opt-in) enable "Assistant memory": Anddress remembers durable style preferences (likes, fit, occasions) you reveal, to better personalize suggestions. • Legal basis: your explicit consent, off by default. • Only style preferences are stored; never sensitive or health data. • Transparency and control: you can view everything the assistant remembers and delete individual facts or all memory from Profile → Assistant memory. • Turning consent off stops learning; deleting the memory removes the data.