Privacy Policy
Effective: January 1, 2025 · Last updated: June 2025
TryOnLive is committed to full transparency and user control over personal data. This policy explains what we collect, why, how long we keep it, and the rights you have — including all rights granted under the EU General Data Protection Regulation (GDPR).
1. Data Controller
TryOnLive is the data controller for personal data processed through this platform.
Contact: privacy@tryonlive.shop
2. What We Collect & Why
| Data | Purpose | Legal Basis (GDPR Art. 6) |
|---|---|---|
| Name, email address | Account creation & authentication | Art. 6(1)(b) — contract |
| Google account ID | Social login (optional) | Art. 6(1)(b) — contract |
| Instagram page data (access token, page ID, profile picture) | Connect shop to Instagram for automation | Art. 6(1)(b) — contract |
| Customer photos submitted via Instagram DM for virtual try-on | AI try-on processing only. Not used for model training. Deleted from active system within 10 minutes; temporary cache files purged within 24 hours. | Art. 6(1)(b) — contract · Art. 9(2)(a) explicit consent via DM submission |
| Usage data (credits, requests, transactions) | Billing and service delivery | Art. 6(1)(b) — contract |
| IP address, browser/device information | Security and fraud prevention | Art. 6(1)(f) — legitimate interests |
| Contact form messages | Customer support | Art. 6(1)(f) — legitimate interests |
3. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 30-day grace period |
| Try-on user photos (active) | Deleted from active processing within 10 minutes of result generation |
| Temporary cached processing files | Auto-deleted within 24 hours (retained briefly for abuse prevention and system stability) |
| Transaction / billing records | 7 years (legal obligation) |
| Server logs | 90 days |
| Account deletion records | 3 years (fraud prevention) |
4. Third-Party Processors
- Meta / Instagram: Graph API for messaging and media. Governed by Meta's Privacy Policy.
- Google: OAuth 2.0 login. Governed by Google's Privacy Policy.
- AI Processing Provider (KieAI): User photos are transmitted to our AI processing partner solely to generate the try-on result image. The provider processes images under a data processing agreement and is contractually prohibited from using them for model training, profiling, or any secondary purpose.
- Supabase: Media storage for product images. Data stored in EU region.
- Cloud hosting (EU): Servers located within the European Union.
AI Training Policy
We do not use uploaded user photos to train, fine-tune, or improve any AI model — ours or any third party's. Photos are used exclusively to generate the requested try-on result and then deleted on the schedule described in Section 3.
Requesting Deletion of Your Data
To request deletion of any personal data, including uploaded images, email privacy@tryonlive.shop with the subject line "Data Deletion Request." We will confirm and complete the deletion within 30 days.
5. International Data Transfers
We primarily process data within the EU. Where data is transferred outside the EEA (e.g., via Meta's infrastructure), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. You may request a copy of the applicable safeguards by contacting privacy@tryonlive.shop.
6. Your GDPR Rights
| Right | What It Means |
|---|---|
| Access (Art. 15) | Request a copy of all personal data we hold about you |
| Rectification (Art. 16) | Correct inaccurate or incomplete data |
| Erasure (Art. 17) | Request deletion of your data ("right to be forgotten") |
| Restriction (Art. 18) | Restrict how we process your data |
| Portability (Art. 20) | Receive your data in a machine-readable format |
| Object (Art. 21) | Object to processing based on legitimate interests |
| Withdraw Consent (Art. 7) | Withdraw consent at any time where processing is consent-based |
| Lodge Complaint | File a complaint with your national data protection supervisory authority |
To exercise any right, email privacy@tryonlive.shop. We respond within 30 days. Identity verification may be required.
7. Security
- All data in transit is encrypted with TLS 1.2+
- Data at rest is encrypted with AES-256
- Access to production systems is restricted to authorised personnel only
- In the event of a personal data breach, we will notify affected users and the relevant supervisory authority within 72 hours as required by GDPR Art. 33
8. Children's Privacy
Our service is not directed to children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has submitted data to us, please contact privacy@tryonlive.shop and we will delete it promptly.
9. Cookies
The landing site (tryonlive.shop) does not use tracking or advertising cookies. The panel (api.tryonlive.shop) uses strictly necessary session cookies for authentication only — no third-party tracking.
10. Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email and/or a notice on the platform at least 14 days before taking effect. The "Last updated" date at the top of this page always reflects the current version.
11. Contact Us
- Email: privacy@tryonlive.shop
- Instagram: @tryonlive
We acknowledge all requests within 5 business days and resolve them within 30 days.