Privacy Policy

1. Data Controller

TryOnLive is the data controller for personal data processed through this platform.

Contact: privacy@tryonlive.shop

2. What We Collect & Why

Data	Purpose	Legal Basis (GDPR Art. 6)
Name, email address	Account creation & authentication	Art. 6(1)(b) — contract
Google account ID	Social login (optional)	Art. 6(1)(b) — contract
Instagram page data (access token, page ID, profile picture)	Connect shop to Instagram for automation	Art. 6(1)(b) — contract
Customer photos submitted via Instagram DM for virtual try-on	AI try-on processing; image deleted immediately after rendering	Art. 6(1)(b) — contract · Art. 9(2)(a) explicit consent via DM submission
Usage data (credits, requests, transactions)	Billing and service delivery	Art. 6(1)(b) — contract
IP address, browser/device information	Security and fraud prevention	Art. 6(1)(f) — legitimate interests
Contact form messages	Customer support	Art. 6(1)(f) — legitimate interests

3. Data Retention

Data Type	Retention Period
Account data	Until account deletion + 30-day grace period
Try-on photos	Deleted immediately after processing
Transaction / billing records	7 years (legal obligation)
Server logs	90 days
Account deletion records	3 years (fraud prevention)

4. Third-Party Processors

• Meta / Instagram: Graph API for messaging and media. Governed by Meta's Privacy Policy.
• Google: OAuth 2.0 login. Governed by Google's Privacy Policy.
• Supabase: Media storage for product images. Data stored in EU region.
• Cloud hosting (EU): Servers located within the European Union.

5. International Data Transfers

We primarily process data within the EU. Where data is transferred outside the EEA (e.g., via Meta's infrastructure), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. You may request a copy of the applicable safeguards by contacting privacy@tryonlive.shop.

6. Your GDPR Rights

Right	What It Means
Access (Art. 15)	Request a copy of all personal data we hold about you
Rectification (Art. 16)	Correct inaccurate or incomplete data
Erasure (Art. 17)	Request deletion of your data ("right to be forgotten")
Restriction (Art. 18)	Restrict how we process your data
Portability (Art. 20)	Receive your data in a machine-readable format
Object (Art. 21)	Object to processing based on legitimate interests
Withdraw Consent (Art. 7)	Withdraw consent at any time where processing is consent-based
Lodge Complaint	File a complaint with your national data protection supervisory authority

To exercise any right, email privacy@tryonlive.shop. We respond within 30 days. Identity verification may be required.

7. Security

• All data in transit is encrypted with TLS 1.2+
• Data at rest is encrypted with AES-256
• Access to production systems is restricted to authorised personnel only
• In the event of a personal data breach, we will notify affected users and the relevant supervisory authority within 72 hours as required by GDPR Art. 33

8. Children's Privacy

Our service is not directed to children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has submitted data to us, please contact privacy@tryonlive.shop and we will delete it promptly.

9. Cookies

The landing site (tryonlive.shop) does not use tracking or advertising cookies. The panel (api.tryonlive.shop) uses strictly necessary session cookies for authentication only — no third-party tracking.

10. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email and/or a notice on the platform at least 14 days before taking effect. The "Last updated" date at the top of this page always reflects the current version.

11. Contact Us

• Email: privacy@tryonlive.shop
• Instagram: @tryonlive

We acknowledge all requests within 5 business days and resolve them within 30 days.