TryOn.live

Privacy Policy

Last Updated: January 21, 2026

1. Introduction

Welcome to TryOn.live ("we," "our," or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered virtual try-on service (the "Service").

TryOn.live provides merchants with virtual try-on technology that allows their customers to visualize garments on their own bodies using artificial intelligence. This policy applies to both merchants who install our app and end-users (shoppers) who use the virtual try-on feature.

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information from Merchants

When you install our app on your Shopify or WooCommerce store, we collect:

  • Store Information: Store name, domain, email address, and store owner contact details
  • Product Data: Product names, images, descriptions, SKUs, and pricing information
  • Authentication Data: OAuth tokens and API credentials to connect with your store
  • Usage Data: Analytics on how many try-ons are performed, which products are tried, and conversion metrics
  • Billing Information: Payment details processed securely through our payment processor (Shopify Billing API or Stripe)

2.2 Information from End-Users (Shoppers)

When shoppers use the virtual try-on feature, we collect:

  • User Photos: Images uploaded by shoppers to see how garments look on them
  • Generated Images: AI-generated virtual try-on results
  • Technical Data: IP address, browser type, device information, operating system, and referring URLs
  • Email Addresses (Optional): If shoppers opt-in to save their try-on results, we collect their email address
  • Cookie Data: Session identifiers and analytics cookies (see Section 8)

2.3 Automatically Collected Information

  • Log Data: Server logs including request timestamps, API endpoints accessed, and response codes
  • Analytics Data: Aggregated usage statistics, feature adoption metrics, and performance data
  • Error Reports: Crash logs and error messages to improve service reliability

3. How We Use Your Information

3.1 For Merchants

  • To provide and maintain the virtual try-on service
  • To sync product catalogs and display relevant products in the dashboard
  • To process billing and manage subscriptions
  • To provide analytics and insights on try-on performance
  • To send service-related notifications and updates
  • To provide customer support and respond to inquiries
  • To improve our Service based on usage patterns

3.2 For End-Users (Shoppers)

  • To generate AI-powered virtual try-on images
  • To display personalized try-on results
  • To enable downloading and sharing of try-on images
  • To send saved try-on results via email (if opted-in)
  • To improve AI model accuracy and image quality
  • To prevent fraud and ensure security

3.3 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and UK, we process your data based on:

  • Consent: You have given explicit consent for specific processing activities (e.g., uploading photos for try-on)
  • Contract Performance: Processing is necessary to provide the Service you've requested
  • Legitimate Interests: We have legitimate business interests (e.g., analytics, fraud prevention) that do not override your rights
  • Legal Obligation: We must process data to comply with legal requirements

4. AI Processing and Third-Party Services

4.1 Google Vertex AI

We use Google Vertex AI (Gemini 3 Pro Image Preview) to process virtual try-on requests. When you upload a photo:

  • Your photo and the product image are sent to Google's servers in the US or EU (depending on your location)
  • Google processes the images using AI to generate the try-on result
  • Google does not store your images or use them to train their models (as per Google Cloud's data processing terms)
  • We maintain a Data Processing Agreement (DPA) with Google Cloud

Google's privacy practices are governed by their Cloud Privacy Notice.

4.2 Google Cloud Storage

We store uploaded photos and generated images on Google Cloud Storage (GCS) with:

  • Encryption: AES-256 encryption at rest and TLS 1.3 in transit
  • Access Control: Temporary signed URLs with 24-hour expiry
  • Automatic Deletion: All images are automatically deleted after 90 days
  • Regional Storage: Data is stored in the region closest to you (US, EU, or Asia)

4.3 Other Service Providers

  • Shopify: For merchants using Shopify, we access your store data via Shopify's API under their security standards
  • Payment Processors: Stripe and Shopify Billing for secure payment processing (we do not store credit card information)
  • Analytics: Google Analytics 4 for aggregate usage statistics (anonymized)
  • Email Service: SendGrid or similar for transactional emails (e.g., saved try-on results)
  • Error Tracking: Sentry for monitoring and debugging issues

5. Data Retention

We retain different types of data for varying periods:

Data TypeRetention PeriodReason
User uploaded photos90 daysPrivacy protection, automatic cleanup
Generated try-on images90 daysAllow retrieval, then auto-delete
Email addresses (leads)Until deletion requestedMerchant's marketing purposes
Analytics data (aggregated)3 yearsBusiness analytics, trend analysis
Merchant account dataUntil account deleted + 30 daysService provision, billing disputes
Transaction records7 yearsLegal and tax compliance

6. Data Sharing and Disclosure

6.1 We Share Data With:

  • Merchants: End-user data (email addresses if opted-in, anonymized analytics) is shared with the merchant whose store the shopper is using
  • Service Providers: Third parties who assist in operations (see Section 4.3) under strict data protection agreements
  • Legal Authorities: When required by law, court order, or to protect our rights and safety
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred (you will be notified)

6.2 We Do NOT:

  • Sell your personal data to third parties
  • Use your photos for advertising or marketing purposes
  • Share your data with data brokers
  • Train AI models on your uploaded photos (beyond the immediate try-on generation)
  • Share identifiable user data with other merchants

7. Your Rights and Choices

7.1 For All Users

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request corrections to inaccurate or incomplete data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Opt-Out: Unsubscribe from marketing emails using the link in any email we send
  • Data Portability: Receive your data in a machine-readable format

7.2 For EEA/UK Users (GDPR Rights)

In addition to the above, you have the right to:

  • Withdraw Consent: Withdraw consent for processing at any time (without affecting lawful processing before withdrawal)
  • Object to Processing: Object to processing based on legitimate interests
  • Restrict Processing: Request restriction of processing in certain circumstances
  • Lodge a Complaint: File a complaint with your local data protection authority

7.3 For California Users (CCPA Rights)

California residents have additional rights:

  • Know: What personal information is collected, used, shared, or sold
  • Delete: Request deletion of personal information
  • Opt-Out of Sale: We do not sell personal information, so no opt-out is necessary
  • Non-Discrimination: We will not discriminate against you for exercising your rights

7.4 How to Exercise Your Rights

To exercise any of these rights, please:

  • Email us at: privacy@tryon.live
  • Use the "Delete My Data" link in the virtual try-on widget (for end-users)
  • Access the Privacy Settings in the merchant dashboard (for merchants)

We will respond to verified requests within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

8. Cookies and Tracking Technologies

8.1 What Cookies We Use

  • Essential Cookies: Required for authentication and session management (cannot be disabled)
  • Analytics Cookies: Google Analytics 4 to understand usage patterns (can be disabled)
  • Functional Cookies: Remember your preferences like widget customizations

8.2 Cookie Consent

For users in the EU/UK, we display a cookie consent banner on first visit. You can manage cookie preferences at any time through your browser settings or our cookie preference center.

8.3 Do Not Track

Our Service does not respond to Do Not Track (DNT) signals. However, you can disable cookies in your browser settings.

9. Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication for internal systems
  • Regular Audits: Periodic security assessments and penetration testing
  • Data Minimization: We only collect data necessary for the Service
  • Incident Response: We have procedures to detect, respond to, and notify users of security breaches

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@tryon.live.

If we become aware that we have collected data from children under 16 without parental consent, we will take steps to delete that information immediately.

11. International Data Transfers

TryOn.live operates globally. Your data may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from your jurisdiction.

For transfers from the EEA/UK to the US or other countries, we rely on:

  • Standard Contractual Clauses (SCCs): Approved by the European Commission
  • Data Processing Agreements (DPAs): With all service providers handling EEA/UK data
  • Adequacy Decisions: Where available (e.g., EU-US Data Privacy Framework)

By using our Service, you consent to the transfer of your data as described in this Privacy Policy.

12. Shopify-Specific Provisions

12.1 Shopify App Permissions

Our Shopify app requests the following permissions:

  • read_products: To fetch your product catalog and images
  • read_product_listings: To identify which products are available for try-on
  • read_content: To access product descriptions and metadata

We only access data necessary to provide the virtual try-on service. We do not access customer personal information, order details, or payment information from your Shopify store.

12.2 GDPR Compliance for Shopify

We comply with Shopify's GDPR requirements:

  • Data Deletion: We respond to Shopify's customers/redact webhook to delete end-user data
  • Shop Deletion: We respond to Shopify's shop/redact webhook to delete all merchant data within 48 hours
  • Data Request: We respond to Shopify's customers/data_request webhook to provide customer data exports

12.3 Shopify's Privacy Policy

When using our Shopify app, Shopify's own Privacy Policy also applies to data they collect.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • For material changes, we will notify you via email (for merchants) or via a notice in the widget (for end-users)
  • We will provide at least 30 days' notice before the changes take effect

Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@tryon.live

Data Protection Officer: dpo@tryon.live

Mailing Address:
TryOn.live
Attn: Privacy Team
[Your Company Address]
[City, State, ZIP Code]

Response Time: We aim to respond to all privacy inquiries within 5 business days.

For EEA/UK residents, you also have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.

15. Compliance and Certifications

TryOn.live is committed to maintaining the highest standards of data protection:

  • GDPR Compliant: We comply with the EU General Data Protection Regulation
  • CCPA Compliant: We comply with the California Consumer Privacy Act
  • Shopify App Store Approved: Our app meets Shopify's privacy and security requirements
  • SOC 2 Type II: [In progress - if applicable] We are working toward SOC 2 certification
  • ISO 27001: [If applicable] Our data security management systems follow ISO 27001 standards
← Back to TryOn.live Home