Privacy Policy

Last updated: November 4, 2025

At iTryOn AI, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered virtual try-on service for Shopify stores.

1. Information We Collect

1.1 Merchant Information

When you install our Shopify app, we collect:

• Shopify store information (store name, URL, contact email)
• OAuth authentication tokens for secure access
• Product data (names, images, descriptions, collections, tags)
• Usage analytics (try-on counts, conversion rates, popular products)
• Billing information (processed securely through Shopify)

1.2 Customer Information

When end customers use the virtual try-on feature:

• Photos: Temporarily processed to generate try-on images. Photos are never stored on our servers after processing is complete.
• Anonymous analytics: We track try-on events and product interactions without collecting personally identifiable information.
• Browser data: Standard web data (IP address, browser type, device type) for security and performance optimization.

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Service Delivery

• Process virtual try-on requests and generate AI images
• Integrate the try-on widget with your Shopify product pages
• Provide analytics and reporting on try-on performance
• Monitor usage limits and billing

2.2 Service Improvement

• Improve AI model accuracy and processing speed
• Optimize widget performance and user experience
• Develop new features and capabilities

2.3 Customer Support

• Respond to support inquiries
• Troubleshoot technical issues
• Send service-related notifications

3. Photo Privacy and Security

We prioritize the privacy of customer photos:

• No Storage: Customer photos are processed in real-time and deleted immediately after generating the try-on image
• Secure Processing: Photos are transmitted and processed using end-to-end encryption
• No Tracking: We do not link photos to any personal identifiers
• No Sharing: Photos are never shared with third parties or used for any purpose other than generating the requested try-on image
• No Training Data: Customer photos are not used to train our AI models

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information only in the following limited circumstances:

4.1 Service Providers

We work with trusted third-party service providers who assist in:

• Cloud hosting and computing (AWS, Google Cloud)
• Payment processing (Shopify Billing)
• Analytics and monitoring

All service providers are bound by strict confidentiality agreements and process data only as instructed.

4.2 Legal Requirements

We may disclose information if required by law or in response to valid legal requests (subpoenas, court orders, legal processes).

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will notify you of any such change.

5. Data Retention

• Customer Photos: Deleted immediately after processing (typically within seconds)
• Analytics Data: Retained for the duration of your subscription plus 90 days
• Merchant Data: Retained while your account is active and for 2 years after termination
• Billing Records: Retained for 7 years for accounting and tax purposes

6. Your Rights and Choices

You have the following rights regarding your data:

6.1 Access and Portability

You can request a copy of your data through your dashboard or by contacting us at privacy@itryon.ai.

6.2 Correction and Deletion

You can update or delete your information at any time through your merchant dashboard or by uninstalling the app.

6.3 Opt-Out

You can opt out of marketing communications at any time by clicking "unsubscribe" in emails or contacting us.

6.4 Data Protection Rights (GDPR/CCPA)

If you are located in the EU/EEA or California, you have additional rights including:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

7. Security Measures

We implement industry-standard security measures to protect your data:

• End-to-end encryption for data transmission
• Secure OAuth authentication for Shopify integration
• Regular security audits and penetration testing
• Access controls and authentication for internal systems
• Secure data centers with SOC 2 compliance
• Automated monitoring for security threats

8. Cookies and Tracking

We use essential cookies and tracking technologies to:

• Maintain user sessions and authentication
• Track anonymous usage analytics
• Improve service performance

You can control cookies through your browser settings. Disabling cookies may affect functionality.

9. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children. If we discover we have collected information from a child under 13, we will delete it immediately.

10. International Data Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place, including:

• EU-US Data Privacy Framework compliance
• Standard Contractual Clauses for EU data transfers
• Adequacy decisions where applicable

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice in your dashboard

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: privacy@itryon.ai
Support: support@itryon.ai
Dashboard: dashboard.itryon.ai

Data Protection Officer: If you have concerns about how we handle your data and wish to escalate, you may contact our Data Protection Officer at dpo@itryon.ai.

13. Complaints

If you are located in the EU/EEA, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data appropriately.