Privacy Policy
Effective date: 2026-05-23 Last updated: 2026-05-23 (version 1.0)
This Privacy Policy describes how Stailist ("we," "us," "our") collects, uses, shares, and protects personal data when you use the Stailist mobile application (the "App") and related services (collectively, the "Service").
We have written this policy in plain language. If anything is unclear, contact us at privacy@stailist.io.
1. Controller and contact
1.1 Data controller
Stailist (legal entity name to be configured) Mailing address: to be configured Email: privacy@stailist.io (MX configuration in progress — if delivery fails, retry via support channels listed in the App)
1.2 EU/UK representative
If required under GDPR Art. 27 or UK GDPR, an EU/UK representative will be designated and listed here.
1.3 Scope
This policy applies to personal data collected through the App on iOS and Android, and through our backend services that support the App. It does not apply to third‑party apps, websites, or services that we link to but do not operate.
2. Data we collect
We collect only the data we need to deliver the Service. Categories below are exhaustive for the current version of the App.
2.1 Account data
- Email address (from your Google or Apple sign‑in)
- Authentication provider identifier (Google sub claim, or Apple sub claim — a stable, pseudonymous user ID)
- Session token (JWT) stored on your device for authenticated requests
We do not store passwords. We rely on Google Sign‑In and Sign in with Apple.
2.2 Subscription data
- RevenueCat customer ID (a pseudonymous identifier)
- Plan tier (Free, Lite, Standard, Pro)
- Billing reset date (next renewal anchor)
- Webhook event identifiers (for idempotency)
Receipts themselves are held by Apple and Google. We do not see your payment card or bank details.
2.3 Photos
When you add a clothing item or run a try‑on:
- Your photo is sent over TLS to our backend.
- Our backend forwards it to OpenAI Vision (for item analysis) or fal.ai (for try‑on and mannequin generation).
- The processed result is returned to your device.
- Photos are not persisted on our backend. They pass through in memory and are discarded after the response is returned.
- Your wardrobe (the list of items, with their AI metadata and local image URIs) lives in a SQLite database on your device only.
If you delete an item from your wardrobe, it is deleted from your device. There is nothing for us to delete on the backend because we never stored it.
2.4 Advertising identifiers
Free‑tier users see interstitial ads served by Google AdMob. We collect:
- Advertising identifier (IDFA on iOS, AAID on Android) — only if you grant App Tracking Transparency consent on iOS, and only after the Google User Messaging Platform (UMP) consent form has been resolved on Android in the EU/EEA/UK.
- Approximate ad‑interaction events (impression, click) via AdMob.
If you decline ATT on iOS or refuse UMP consent in the EU, you will still see ads, but non‑personalized.
2.5 Diagnostics
- Crash reports via Sentry: stack traces, app version, device model, OS version, anonymized user identifier (only after consent).
- We do not collect message bodies, photo bytes, or other content in crash reports.
Sentry collection is gated on consent. If you decline, no crash data is sent.
2.6 Analytics
- Anonymous funnel events via PostHog: install, onboarding completion, first item added, first outfit generated, first try‑on, paywall shown, purchase outcomes.
- Events are linked to a pseudonymous user identifier only after consent. Without consent, only anonymous device‑level distinct IDs are used, and we initialize PostHog only after UMP/ATT consent resolves.
2.7 Support correspondence
If you write to support@stailist.io or privacy@stailist.io, we keep your message and our reply for as long as needed to resolve the issue and for a reasonable record period thereafter (typically 24 months).
2.8 What we do not collect
We do not collect: location, contacts, calendar, microphone audio, health data, biometrics, financial account details, browsing history outside the App, or photos other than those you explicitly add to your wardrobe or use for try‑on.
3. Purposes and legal bases
We process the categories above for the following purposes. Under GDPR Art. 6, the legal basis is shown next to each purpose.
| Purpose | Data categories | Legal basis (GDPR) |
|---|---|---|
| Deliver AI styling features | Photos, prompts | Contract (Art. 6(1)(b)) |
| Authenticate you and bind subscriptions | Account, subscription | Contract (Art. 6(1)(b)) |
| Process subscription renewals and entitlements | Subscription | Contract (Art. 6(1)(b)) |
| Show personalized ads (free tier) | Advertising IDs | Consent (Art. 6(1)(a)) via ATT/UMP |
| Show non‑personalized ads (free tier) | Coarse signals only | Legitimate interest (Art. 6(1)(f)) — funding free access |
| Detect fraud and abuse | Account, subscription, rate‑limit data | Legitimate interest (Art. 6(1)(f)) |
| Diagnose crashes and improve stability | Sentry events | Consent (Art. 6(1)(a)) |
| Understand product usage | PostHog events | Consent (Art. 6(1)(a)) |
| Respond to support requests | Correspondence | Contract / legitimate interest |
| Comply with legal obligations | As required | Legal obligation (Art. 6(1)(c)) |
We do not use your data for profiling that produces legal or similarly significant effects, and we do not make automated decisions of that kind.
4. AI processing and training
4.1 AI subprocessors
We use OpenAI for item analysis, outfit generation, and stylist conversations, and fal.ai for image generation (try‑on and mannequin rendering). Your photo and any prompt context are sent to these providers when you trigger the relevant feature.
4.2 Training opt‑out
- OpenAI: API content is not used to train OpenAI models by default (effective since March 1, 2023, per OpenAI's API data usage policy). We do not opt in.
- fal.ai: We do not consent to model training on customer inputs. fal.ai's standard API terms cover this.
We will update this section if a subprocessor changes its training policy.
4.3 AI output is not advice
AI outputs are generated by statistical models and may contain inaccuracies, omissions, or unexpected results. Stailist does not provide professional fashion advice, and you should not rely on AI outputs for any decision with material consequence (including but not limited to purchases). You assume all risk in decisions made based on AI outputs.
5. Subprocessors
We rely on the following subprocessors to deliver the Service. A full table with links is published at stailist.io/subprocessors.
| Vendor | Purpose | Region |
|---|---|---|
| OpenAI | Text + vision AI | United States |
| fal.ai | Image generation | United States |
| RevenueCat | Subscription state and receipts | United States |
| Google (AdMob, Sign‑In, Play Billing) | Advertising, auth, IAP | United States / EU |
| Apple (Sign in with Apple, StoreKit) | Auth, IAP | United States / EU |
| Hetzner Online GmbH | Hosting (Postgres + Node app) | Germany (Falkenstein / Nuremberg) |
| Sentry | Crash and error reporting | United States (EU host available) |
| PostHog | Product analytics | EU host (eu.i.posthog.com) preferred |
We notify users at least 30 days before adding a new subprocessor via an in‑app banner.
6. International data transfers
Several subprocessors are based in the United States. Where personal data of EU/UK/EEA/Swiss residents is transferred to the United States or other jurisdictions without an EU adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs), together with the supplementary measures recommended by the European Data Protection Board, to safeguard the transfer.
DPAs and SCCs with each subprocessor are available on request.
7. Retention
| Data | Retention |
|---|---|
| Photos sent for AI processing | Not stored on backend — discarded after response |
| Wardrobe (items, metadata, local image URIs) | On your device only; deleted when you delete the item or uninstall |
| Account row (User table) | While your account exists, plus up to 30 days for technical wind‑down |
| Subscription row (UserSubscription) | While account exists, plus 6 months after termination (billing dispute window) |
| Stylist entitlements (UserStylistEntitlement) | Same as account |
| Processed webhook events (ProcessedWebhookEvent) | 12 months (idempotency / fraud trail) |
| Crash and error events (Sentry) | 30–90 days per Sentry's default plan retention |
| Analytics events (PostHog) | 12 months |
| Support correspondence | 24 months after resolution |
| Server access and security logs | 30 days |
When you delete your account in the App (Settings → Account → Delete Account), we cascade‑delete the User row, subscription row, stylist entitlements, and dedup history within 24 hours. The cascade is atomic — we either delete everything or none of it.
8. Your rights
8.1 If you are in the EU, UK, or EEA (GDPR / UK GDPR)
You have the rights to:
- Access your personal data (Art. 15)
- Rectification of inaccurate data (Art. 16)
- Erasure of your personal data (Art. 17) — exercise in‑app via Settings → Account → Delete Account, or by emailing us
- Restriction of processing (Art. 18)
- Portability of your data in a structured, machine‑readable format (Art. 20) — request via privacy@stailist.io
- Objection to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time where processing is based on consent (Art. 7(3)) — for ads via system ATT settings on iOS or by re‑running the UMP form on Android; for analytics/diagnostics via in‑app settings
- Lodge a complaint with your local supervisory authority
We respond to rights requests within 30 days. We may extend by up to 60 days for complex requests and will tell you if we do.
8.2 If you are in California (CCPA / CPRA)
You have the rights to know, delete, correct, opt out of "sale" or "sharing," and not be discriminated against for exercising your rights.
- Sale: we do not sell personal information for monetary consideration.
- Sharing (CPRA‑defined): we share advertising identifiers with Google AdMob to serve personalized ads. You can opt out at any time by disabling ATT (iOS) or refusing UMP consent (Android EU). On iOS, you can also limit ad tracking globally via system settings.
- Sensitive personal information: we do not collect sensitive personal information under CPRA.
To exercise CCPA/CPRA rights, email privacy@stailist.io. Authorized agents are accepted with appropriate written authorization.
8.3 If you are elsewhere
Where local privacy laws give you rights, we honor them. Contact us at privacy@stailist.io.
9. Security
- All client–backend traffic is encrypted with TLS 1.2+.
- Backend is hosted on Hetzner in Germany.
- Sessions use HMAC‑SHA256 JWTs with a 30‑day expiry.
- Webhook authenticity is verified with a bearer token and constant‑time comparison.
- Webhook idempotency is enforced via a database dedup table.
- Database connections use TLS where supported.
- Secrets are stored as environment variables, not in source code.
- npm dependencies are kept current and audited.
No security program eliminates risk. If you discover a vulnerability, please email security@stailist.io.
10. Children
Stailist is not directed to, and not intended for, children under 13. The App stores enforce minimum ages, and our Terms of Service require that you be at least 13 to use the Service. We do not knowingly collect personal data from children under 13. If you believe a child has provided personal data to us, contact privacy@stailist.io and we will delete it.
11. Cookies and similar technologies
The App is a native mobile app and does not use HTTP cookies. We use the following SDK‑based tracking technologies, all disclosed elsewhere in this policy:
- Google AdMob (advertising)
- Sentry (crash diagnostics)
- PostHog (product analytics)
- RevenueCat (subscription state)
There is no separate cookie banner because there are no cookies; consent is managed via ATT on iOS and UMP on Android, plus in‑app analytics toggles.
12. Russia (152‑FZ)
Russia's Federal Law 152‑FZ requires that the personal data of Russian citizens be initially recorded on servers located in Russia. Photographs may, depending on interpretation, qualify as biometric personal data, which carries stricter requirements.
To avoid ambiguity, Stailist is not actively targeted at, or made available in, the Russian Federation storefront until we have finalized our 152‑FZ compliance approach. If you access the Service from Russia outside of the official storefronts, you do so at your own risk and the App may not function as intended. This section will be updated when our approach is finalized.
13. Changes to this policy
We may update this policy from time to time. Material changes will be notified via an in‑app banner at least 30 days before the new version takes effect. Non‑material changes (clarifications, contact details, broken links) may be made without advance notice; the "Last updated" date at the top will always reflect the current version.
Historical versions are retained on request.
14. Contact
- Privacy questions and rights requests: privacy@stailist.io
- Security disclosure: security@stailist.io
- General support: support@stailist.io
- Mailing address: to be configured
If we cannot resolve your concern, EU/UK residents may complain to their local data protection authority. California residents may contact the California Privacy Protection Agency or the California Attorney General.
This policy was prepared in plain English to maximize comprehension. It is not a substitute for legal advice in your jurisdiction. If you need a binding interpretation, consult counsel.
← Back to home