Privacy Policy

This section outlines our handling of Face Data when you upload photos of yourself:

• Collection: We collect standard 2D user-uploaded photographs containing your face and body when you upload a Profile Photo or Virtual Try-On Avatar. We do not collect, extract, or store biometric data, facial recognition maps, or depth data.
• Uses: The face data/photos are used for our virtual styling features.
• Sharing and third parties: Your photos are transmitted securely via API to our third-party AI partner (Google Gemini API) strictly for the purpose of editing the photo and processing the image. Google's enterprise API terms prohibit them from using your images to train their foundational models.
• Storage and access: The images are stored securely on your device and backed up to our private cloud backend servers hosted by Supabase. Only you have access to your profile photos via your authenticated account.
• Retention: Your avatar and profile photos are retained on our Supabase servers only as long as you maintain an active account, so you can continuously use the Virtual Try-On feature. If you delete your avatar photo or delete your account entirely, the associated images are immediately and permanently wiped from our servers.

• Photos: We collect photos of your clothing items, accessories, and other wardrobe pieces that you upload.
• Storage: Item photos are stored securely on your device and backed up to private cloud storage.
• Usage: Item photos are used for organizing your wardrobe, generating outfit suggestions, and AI styling.

• Style photos: When you upload style photos (photos of yourself wearing outfits), we collect and store these photos on your device and in private cloud storage.
• Storage: Style photos are stored securely on your device and backed up to private cloud storage (Supabase) for cross-device synchronization.
• Usage: Style photos are used to save and organize your favorite outfit looks. If you choose to use our AI image-editing features, the relevant photo is sent to our AI partner (see AI Processing below).
• Access: Only you have access to your style photos. They are stored in a private cloud bucket associated with your account.

• What we collect: With your permission, we access your device's approximate GPS location (latitude and longitude) on the Home screen so we can fetch the local weather forecast. Alternatively, you may choose a city manually in Profile → Personalisation, in which case we store only the city name and its coordinates locally on your device.
• Permission: Location access is optional and foreground-only. We only request location while the app is open, never in the background, and you can decline or revoke this permission at any time in your device settings. If you decline, the app falls back to a default city (London) or to your manually-chosen city, and all other features continue to work normally.
• How we use it: Your coordinates are used solely to retrieve current weather and a short-range forecast, which informs outfit suggestions (e.g., recommending warmer layers when it's cold or avoiding delicate materials when it's raining). Location is not used to render Virtual Try-On images, to track your movements, for advertising, or for analytics.
• Sharing and third parties: Coordinates are sent through our Supabase Edge Function proxy to a weather data provider (OpenWeather) strictly to retrieve forecast data. We do not share your location with any other third party.
• Storage and retention: Weather results, the queried coordinates, and the resolved city name are cached locally on your device for up to 3 hours to reduce network usage, and are refreshed when you move more than ~5 km. Your raw GPS coordinates are not stored on our backend servers beyond the in-flight request to fetch weather.
• Legal basis: We process location data based on your consent, which you grant via the OS permission prompt and may withdraw at any time.

• Authentication: We use Supabase Authentication to manage user accounts. This includes your email address and authentication credentials.
• Account data: We store minimal account data necessary to provide our services.

• App usage: We may collect anonymous usage data to improve app performance and user experience.
• Error logs: We may collect error logs and crash reports to diagnose and fix technical issues.

We use Google's Gemini AI service to process your photos for the AI styling and image-editing features you choose to use. We use Google's commercial APIs, and per Google's enterprise data terms, your content is not used to train Google's foundation models. Our lawful basis is your consent, which you may withdraw at any time by not using the AI features.

Under the UK General Data Protection Regulation (UK GDPR), our lawful bases for processing your personal data are:

1. Contract: We process your account information and wardrobe items to fulfill our contract with you—specifically, to provide the Arvoa app services you have requested.
2. Consent: We process your photos for AI styling and background removal based on your explicit consent when you use these features. You may withdraw this consent at any time.
3. Legitimate interests: We process usage data and error logs to improve our app's performance, security, and user experience.

• Wardrobe organization: We use your item photos and metadata (categories, colors, seasons, brands) to organize and manage your wardrobe.
• Outfit suggestions: We use your wardrobe data and (with your permission) local weather to provide outfit suggestions.
• Cross-device sync: We sync your data (profile photos, wardrobe items, styles) across your devices using cloud storage.

• Device storage: Your photos and data are stored locally on your device in secure directories.
• User isolation: Each user has separate, isolated caches. Your data is never mixed with other users' data, even on shared devices.
• Privacy: Local files are only accessible to the app and cannot be accessed by other apps or users.
• Automatic cleanup: When you log out, all your cached data is automatically removed from the device.

• Provider: We use Supabase (supabase.com) for cloud storage and database services.
• Security: All data is stored in private cloud buckets with authentication and access controls.
• Encryption: Data is transmitted and stored using industry-standard encryption.
• Access control: Only authenticated users can access their own data.

We use trusted third-party service providers to help us deliver our services. These processors are contractually bound to protect your data:

• Supabase (USA/EU): Provides authentication, database, and secure cloud storage.
• Google Gemini (USA): Provides AI image processing for styling and background removal.
• OpenWeather (Global): Provides weather forecast data; receives only the latitude/longitude needed to fetch the forecast.

• You can access all your data through the app.
• Profile photos, wardrobe items, and styles are visible in your account.
• You have the right to request a copy of all personal data we hold about you.

• You can update or correct your data at any time through the app.
• You can edit item details, update your profile photo, or modify account information.
• Contact us if you need assistance correcting any data.

• Delete items: You can delete individual wardrobe items and styles at any time.
• Delete profile photo: You can delete or update your profile photo at any time.
• Delete account: You can delete your account, which will permanently delete all your data (profile photos, wardrobe items, styles, and account information).
• You have the right to request deletion of your personal data at any time.

• Your data is stored in a format that allows you to export or transfer it if needed.
• Contact us if you need assistance exporting your data.
• You have the right to receive your data in a structured, commonly used format.

• You have the right to object to processing of your personal data for certain purposes.
• You can opt out of AI styling features by not using them.
• Contact us if you wish to object to specific data processing activities.

• You have the right to request restriction of processing of your personal data.
• Contact us if you wish to restrict how we process your data.