Privacy Policy

1. Overview

HoloCloset is an AI-powered virtual closet and try-on service. You can create an avatar, upload or capture clothing items, build outfits, and generate AI-powered try-on and scene images. We also offer a Chrome extension that lets you capture clothing images from third-party websites and send them to your HoloCloset account.

This Privacy Policy explains what information we collect, how we use and share it, and the choices you have. It applies to the HoloCloset web app, our APIs, and the HoloCloset browser extension (together, the "Service").

2. Information We Collect

We collect the following types of information when you use HoloCloset:

2.1 Account and profile data

• Email address and password when you create an account.
• Profile information such as your display name, avatar images, and account preferences.

2.2 Subscription, credits, and payment data

• Your subscription tier (for example, free, plus, pro) and whether your subscription is active.
• Credit balances, monthly credit limits, and related timestamps that track how many AI actions (try-ons, scene generations, etc.) you can perform.
• Billing information and subscription identifiers used to manage your subscription and process payments. Our payment processor handles your payment card details directly; HoloCloset does not store full card numbers.
• Subscription management data used to validate your subscription and manage your account access.

2.3 Closet content and media

• Avatar images you upload or generate, including photos of yourself and AI-generated avatars.
• Clothing and outfit images you upload manually or capture via the Chrome extension, including any tags, names, brands, sizes, prices, notes, or other metadata you choose to add.
• AI-generated try-on images, scene images, and related metadata (for example, prompts, session names, and tags).

2.4 Chrome extension data

When you use the HoloCloset Chrome extension, we and the extension collect additional information:

• Screenshots of selected regions of web pages (for example, a product image you select on a retailer’s website), which are cropped and sent to our servers as clothing images.
• The URL of the page you captured from, the page title, and product metadata that the extension can detect (such as product name, brand, or price).
• Tags and capture options you choose (for example, whether to request background removal for a captured item).
• Authentication information stored locally on your device so the extension can communicate with your HoloCloset account.
• A small recent capture history stored locally in your browser to show you recent captures. This local history is separate from the clothing items saved in your HoloCloset account.

2.5 Technical and usage data

• IP address, device and browser type, and basic request metadata used for security, rate-limiting, fraud detection, and diagnosing service issues.
• Service logs that may include account information, actions performed, and error messages for troubleshooting and security purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing and maintaining the Service, including creating and securing your account, syncing data between the web app and extension, and storing your closet content.
• Generating AI results, such as try-on and scene images, based on your avatar, clothing items, and prompts.
• Managing subscriptions and payments, including processing payments, validating subscriptions, allocating and deducting credits, and providing access to billing portals.
• Moderating content and protecting safety, including screening images for explicit or inappropriate content and enforcing our content and usage policies.
• Improving reliability and security, including rate-limiting abusive or automated traffic, monitoring service health, preventing fraud, and debugging issues.
• Communicating with you about your account, subscription, security alerts, and important product updates. We may also send you optional product tips or announcements, which you can opt out of where applicable.

3.1 Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with similar data protection laws, we process your personal information based on the following legal bases under the General Data Protection Regulation (GDPR):

• Contract (Article 6(1)(b)) – We process your account data, profile information, subscription and payment data, and closet content because it is necessary to perform our contract with you and provide the Service you requested. This includes creating and managing your account, processing payments, generating AI try-on and scene images, and storing your closet content.
• Legitimate Interests (Article 6(1)(f)) – We process technical and usage data (such as IP addresses, device information, and service logs) for security, fraud prevention, rate-limiting, and service reliability based on our legitimate interests in protecting the Service and our users. We also process data for content moderation to ensure a safe environment for all users.
• Consent (Article 6(1)(a)) – Where we send optional product tips, marketing communications, or promotional announcements, we rely on your consent. You can withdraw this consent at any time by unsubscribing or contacting us. Essential service communications (such as account security alerts and important product updates) are sent based on our legitimate interests and do not require consent.
• Legal Obligation (Article 6(1)(c)) – We retain certain payment and billing records for periods required by tax, accounting, and financial regulations.

You have the right to object to processing based on legitimate interests (see Section 9 for details on your rights). Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

4. AI & Image Processing

HoloCloset relies on third-party AI and image-processing services to power avatars, try-ons, scene changes, background removal, and content moderation. When you use these features, we may send images and prompts to:

• AI model providers that generate try-on and scene images based on your avatar and clothing/outfit images and text prompts.
• Background removal services that remove backgrounds from clothing images (typically items captured via the extension or manual uploads).
• Content moderation providers that assess images for explicit or otherwise disallowed content according to our policies.

We use these providers solely to operate and provide the Service to you, including safety and moderation. We do not sell your images to third parties. We do not use your closet content to train any HoloCloset-owned models.

AI Provider Data Usage: We configure our AI providers to process your images and prompts only for the purpose of generating the specific results you request (such as try-on images or scene changes). We select providers that offer options to prevent your data from being used to train their general models. However, some AI providers may have their own data usage policies that could allow limited use of your data for service improvement or research purposes. We work with providers that prioritize user privacy and will update this policy if our AI provider relationships or their data usage policies change in a material way.

AI-generated images are stored in your HoloCloset account (for example, as try-on sessions or scene generations) so that you can view them again. You can delete these images at any time by deleting the corresponding item, outfit, try-on session, scene generation, or your account.

5. Chrome Extension

When you use the HoloCloset Chrome extension, it collects and processes the following data:

• Screenshots of selected regions of web pages, which are sent to our servers as clothing images.
• The URL of the page you captured from, the page title, and product metadata (such as product name, brand, or price) that the extension can detect.
• An authentication token stored locally in your browser’s extension storage to keep you signed in.
• A small recent capture history stored locally in your browser to show recent captures. This local data is not synchronized to other devices by HoloCloset.

The extension only accesses pages you choose to interact with and sends data only when you actively capture content. All captured images and metadata are stored in your HoloCloset account as described in Section 2.4.

6. Cookies and Local Storage

6.1 Authentication cookies (Strictly Necessary)

The HoloCloset web app uses secure httpOnly cookies to keep you signed in. These cookies are strictly necessary for the Service to function and do not require consent under GDPR:

• Set only when you sign in or when your session is refreshed.
• Marked as httpOnly, meaning they are not accessible to JavaScript in the browser.
• Used solely to authenticate requests and enforce access controls.
• These cookies are essential for providing the Service you requested and cannot be disabled without affecting functionality.

6.2 Local storage and extension storage

• The web app may use local storage to cache non-sensitive UI state or preferences for a smoother experience. This data is stored locally on your device and is not transmitted to our servers except as necessary for the Service.
• The Chrome extension stores an auth token, basic configuration, and recent capture thumbnails locally on your device. This local data is not synchronized to other devices by HoloCloset.

6.3 Analytics and advertising

At this time, we do not use third-party advertising networks, analytics cookies, or cross-site tracking cookies in the HoloCloset app or extension. We only use strictly necessary authentication cookies as described above.

If we add analytics, advertising, or other non-essential cookies in the future, we will update this Privacy Policy, implement a cookie consent mechanism where required by law (including GDPR), and obtain your consent before setting such cookies.

7. Third-Party Services & Data Processors

We rely on several third-party providers to deliver the Service. These providers act as data processors and process your data only on our behalf and under appropriate safeguards, including Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) where required:

• Cloud service providers – For authentication, database storage, and media storage (including your account data, closet content, and images). Data may be stored in the United States or other regions outside the EEA.
• Payment processors – For handling payments and billing. These providers handle your payment card details and associated billing information. Data may be processed in the United States or other regions outside the EEA.
• Subscription management services – For validating subscriptions and managing account access. Data may be processed in the United States or other regions outside the EEA.
• AI model providers – Services for generating avatars, try-ons, and scenes. Data may be processed in the United States or other regions outside the EEA.
• Image processing services – Background removal services for clothing images. Data may be processed outside the EEA.
• Content moderation providers – Services for detecting explicit or disallowed content in images. Data may be processed outside the EEA.
• Infrastructure and hosting providers – For rate limiting, logging, and service delivery. Data may be processed in the United States or other regions outside the EEA.
• Email service providers – For sending account, security, and service-related communications. Data may be processed outside the EEA.

International Data Transfers: Some of our processors are located outside the European Economic Area (EEA). When we transfer your personal data to processors in countries that do not have an adequacy decision from the European Commission, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms. These safeguards ensure that your data receives an adequate level of protection consistent with GDPR requirements.

We do not sell your personal information. We may disclose information if required by law or in response to valid legal process, or to protect our rights, users, or the public.

8. Data Retention & Deletion

We retain your personal information only for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. In general:

• Account and profile data are kept while your account is active. When you delete your account, we permanently delete or anonymize all personal data associated with your account, including your profile, avatars, clothing items, outfits, try-on sessions, scene generations, and all related images stored in our systems. This deletion is subject to necessary retention periods for legal and operational requirements (such as billing records).
• Closet content (avatars, clothing items, outfits, try-on sessions, scene generations) is stored until you delete individual items or delete your account. When you delete your account, all closet content is permanently removed.
• Payment and billing records are retained for periods required by tax, accounting, and financial regulations (typically 7 years from the date of the transaction, but this may vary by jurisdiction). These records may be anonymized where possible while still meeting legal requirements.
• Service logs and technical data (including IP addresses, request metadata, and error logs) are retained for limited periods (typically 30-90 days) for security, troubleshooting, and service reliability purposes, and then deleted or anonymized as part of routine maintenance.
• Backup copies may contain your data for a limited period after deletion (typically up to 90 days) as part of our disaster recovery procedures, after which they are permanently removed.

If you request deletion of your account or personal data, we will process your request within 30 days, subject to any legal obligations that require us to retain certain information. You can delete your account directly in the app through the Security Settings page, or contact us at support@holocloset.com to request deletion.

9. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. Subject to applicable law, these may include:

• Access – You can request a copy of the personal data we hold about you.
• Correction – You can ask us to correct inaccurate or incomplete data.
• Deletion – You can request that we delete your personal data. You can also delete your account directly in the app, which will remove or anonymize associated data, subject to necessary retention.
• Restriction or objection – You may have the right to restrict or object to certain processing in specific circumstances.
• Data portability – You may request a copy of your data in a structured, commonly used format where technically feasible.
• Consent withdrawal – Where we rely on consent, you can withdraw it at any time (for example, unsubscribing from non-essential emails).

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with data-protection laws, you also have the right to lodge a complaint with your local supervisory authority.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know – You have the right to request that we disclose what personal information we collect, use, disclose, and sell (if applicable). You can request information about the categories of personal information, specific pieces of personal information, categories of sources, purposes for collection, and categories of third parties with whom we share information.
• Right to Delete – You have the right to request that we delete your personal information, subject to certain exceptions (such as when we need to retain information for legal or business purposes).
• Right to Correct – You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing – We do not sell your personal information as that term is defined under CCPA. We do not share your personal information for cross-context behavioral advertising purposes. If this changes in the future, we will update this policy and provide you with an opt-out mechanism.
• Right to Limit Use of Sensitive Personal Information – You have the right to limit our use of sensitive personal information (such as precise geolocation, biometric data, or certain account credentials) to that which is necessary to provide the Service. We use sensitive personal information only as necessary to provide the Service and do not use it for purposes beyond what is reasonably expected.
• Right to Non-Discrimination – We will not discriminate against you for exercising your privacy rights. We will not deny you goods or services, charge you different prices, or provide you with a different level or quality of services because you exercise your rights.

Categories of Personal Information We Collect: As described in Section 2 above, we collect identifiers (email, account information), commercial information (subscription and payment data), internet or network activity (usage data, IP address), geolocation data (if provided), audio/visual information (images you upload), and inferences (preferences, tags). We do not collect sensitive personal information beyond what is necessary to provide the Service.

Categories of Personal Information We Disclose: We may disclose personal information to service providers (cloud storage, payment processors, AI providers) as described in Section 7. We do not sell personal information or share it for cross-context behavioral advertising.

To exercise any of these California privacy rights, please contact us at support@holocloset.com. We may need to verify your identity before fulfilling your request. We will respond to your request within 45 days, or as otherwise required by law.

11. Children's Privacy

HoloCloset is not intended for children under the age of 13, or under the minimum age of digital consent in your jurisdiction. We do not knowingly collect personal information from children under these ages. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. In some cases we may provide additional notice (such as in-app messages or email). Your continued use of HoloCloset after an update means you accept the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at support@holocloset.com.