Privacy Policy – Tryzo

Last Updated: January 2025

Welcome to Tryzo ("App"). This Privacy Policy explains what data we collect, how we use it, and your rights.

1. What data does Tryzo collect?

Account Information

  • Email address (provided via Apple or Google sign-in)
  • Randomly generated UUID (used to link wardrobe and model images to your account)

User Content

  • Wardrobe photos (images of clothing items)
  • Model photos (image of yourself or chosen model)

We do not store your outfit generation prompts.

2. How does Tryzo use your data?

We process your data to:

  • Authenticate your account and allow access to your wardrobe and model images
  • Generate clothing descriptions (via OpenAI API)
  • Recommend outfits based on your wardrobe (via OpenAI API)
  • Create virtual try-on images (via Replicate API)

3. Data Storage and Location

  • All account data and uploaded images are stored in Supabase (EU-Central, Frankfurt).
  • Data is stored in two tables (clothes and models) linked to your UUID, plus Supabase Storage for images.
  • No analytics or tracking tools are used.

4. Data Sharing

We only share data with:

  • OpenAI, Inc. (USA) — to generate clothing descriptions and outfit recommendations
  • Replicate, Inc. (USA) — to generate try-on images

Your images and clothing data are transmitted to these services only when needed to perform the requested functionality. We do not sell or share your data with any other third parties.

5. Legal Basis for Processing

  • Contract performance — to provide the outfit generation and virtual try-on service you requested
  • Consent — before accessing your camera or photo library to upload images
  • Legitimate interest — to maintain secure and reliable operation of our service

6. Data Retention and Deletion

We retain your images and account data until you no longer use the app or decide to delete your account or request data removal.

You can do so by:

  • Requesting deletion in-app (which sends a removal request to our support email)
  • Requesting deletion via our website’s “Delete Your Account” feature

We will process your request within 30 days. Once deleted, all associated images and account data are permanently removed from Supabase.

7. Data Transfers

Data sent to OpenAI and Replicate may be transferred outside the EU (e.g., to the USA). We ensure such transfers comply with GDPR using appropriate safeguards, such as Standard Contractual Clauses (SCCs).

8. Security Measures

  • All data is transmitted over HTTPS
  • Supabase provides encrypted storage
  • Access to user data is restricted and protected

9. Your GDPR Rights

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Withdraw consent at any time
  • Request data portability
  • Lodge a complaint with your local Data Protection Authority

To exercise your rights, contact us at: puppo.mattia@gmail.com

10. Contact

Controller: Mattia Puppo

Email: puppo.mattia@gmail.com