Privacy Policy

FashUp (“we”, “app”, “service”) provides a digital wardrobe and AI-assisted outfit experience. We respect your privacy. This policy explains what personal data we collect, why we process it, who we share it with, and how you can exercise your rights.

By using the app or creating an account you acknowledge you have read this policy. You may deny optional permissions (e.g. location, notifications) in device settings or in-app; some features may work in a limited capacity without them.

The data controller under applicable privacy law is FashUp (the operator of fashup.app and the FashUp mobile application).

For privacy requests and data subject rights: privacy@fashup.app

We may process the following categories of data to provide the service:

3.1 Account & identity

• Email address, name / display name
• Password (email sign-up only; stored hashed)
• Google Sign-In: Google account ID and basic profile info shared by Google
• Sign in with Apple (iOS): Apple authentication token; if “Hide My Email” is used, an anonymised relay address. Name/email shared by Apple may be processed; Apple's own privacy policies also apply.
• Session & security: access/refresh tokens, last sign-in time

3.2 Wardrobe & user content

• Clothing photos you upload or capture with the camera
• Item metadata: category, price, brand, colour, wear logs, outfits
• Optional: reference photo / avatar uploaded for try-on
• In-app feedback and preferences (style, outfit settings, etc.)

3.3 Profile & preferences

• City / country, language, currency, theme
• Optional body measurements and style preferences (provided during onboarding)
• Notification preferences and daily outfit time

3.4 Location

With your explicit permission, your device location or selected city is used to provide weather-based outfit suggestions. If you deny location permission you can enter your city manually.

3.5 Device, usage & technical data

• App version, OS, language, general usage events (e.g. screen views, feature usage)
• Crash and error logs (for debugging)
• Device push notification token (FCM)
• URL or image from deep-link / share intent (when you use that feature)

3.6 What we do not collect or sell

We do not sell your personal data to advertising networks. No payment card information is collected in the app (when paid features are added, store payment infrastructure is used and payment data is processed directly by Apple / Google).

• Account creation, authentication, and service delivery
• Wardrobe management, AI item analysis, outfit and daily suggestion generation
• Weather-based personalisation (location or selected city)
• Push notifications (according to your preferences and system rules)
• CPW (cost-per-wear) and wardrobe statistics
• Affiliate product suggestions — click tracking only when you use the link
• Security, fraud prevention, debugging, and performance improvements
• Compliance with legal obligations

We process your personal data on the following legal grounds:

• Contract performance: account, wardrobe, and core app features
• Legal obligation: official requests, accounting retention (where applicable)
• Legitimate interests: security, analytics, error tracking — balanced against your fundamental rights
• Consent: optional permissions (location, notifications, certain analytics) and AI data processing (explicit in-app consent required before first AI action)

Your data may be shared with the following types of partners solely to deliver the service. Each provider is contractually bound to protect your data:

• Hosting & storage: API servers and photo storage (S3-compatible object storage / MinIO).
• Google: Google Sign-In; Firebase Cloud Messaging for push notifications.
• Apple (iOS): Sign in with Apple — authentication occurs on Apple's own servers; only the identity token is passed to FashUp servers.
• OpenAI: Visual and text analysis, outfit suggestions, and related AI features (see Section 7 for full details).
• fal.ai: Virtual try-on — renders an outfit preview from your person photo and a clothing image (see Section 7 for full details).
• Mixpanel: Usage analytics in production (not sent in development mode).
• Sentry: Crash and error reporting (PII sending is disabled).
• Affiliate / retail partners: Redirect and click counting when you tap a recommended product link; the third-party site's own privacy policy applies.
• fashup.app website: Vercel Analytics and Google Analytics (GA4) — for site visits only; in-app wardrobe data is not passed to web analytics.

We may respond to lawful requests from authorities where required by law.

FashUp is designed exclusively for fashion styling and virtual outfit visualisation. AI features may not be used outside this purpose.

7.1 Data sent

AI features transmit the specified data to the following third-party providers:

• Wardrobe analysis (recipient: OpenAI, LLC): Clothing photos you upload or capture, and image derivatives generated for AI analysis — for item category detection, colour analysis, and outfit suggestion generation.
• Outfit & packing-list suggestions (recipient: OpenAI, LLC): Existing wardrobe metadata (category, season, type) — for personalised suggestion text generation (photos are not sent for this operation).
• Virtual try-on (recipient: fal.ai): The person photo you select and the clothing image — sent to fal.ai's image-processing service solely to render an outfit preview on you.
• Background removal: Processed on FashUp's own servers; not sent to any third party.

7.2 Recipients

OpenAI, LLC (San Francisco, CA, USA) — clothing analysis and outfit suggestions. OpenAI Privacy Policy →

fal.ai (Features and Labels, Inc., USA) — virtual try-on preview. fal.ai Privacy Policy →

Data transmitted to these providers is used solely for delivering the relevant service. Your photos and visual data:

• Are not used for ad profiling or targeted marketing
• Are not used to train the providers' models (per API usage terms)
• Are not retained in these providers' systems after processing completes

7.3 Explicit in-app consent (App Store Guideline 5.1.1 / 5.1.2)

On iOS, before the first AI operation is performed, an in-app consent modal is displayed. The modal clearly states:

• What data is being sent (photo type)
• The recipient (OpenAI, LLC for clothing analysis; fal.ai for virtual try-on)
• The purpose of processing (fashion visualization only — clothing analysis, outfit suggestions, and virtual try-on)
• A link to this Privacy Policy

AI features will not run without your acceptance. You can withdraw consent at any time via Settings → Privacy Disclosure → Revoke Consent.

7.4 Content restrictions

FashUp blocks requests intended to generate nudity, underwear, lingerie, swimwear, or erotic content at both the client and server level. Such requests are rejected and a user-friendly error message is shown.

7.5 Disclaimer

AI outputs are suggestions only and do not constitute medical, legal, or professional advice.

• Account data: retained while your account is active; permanently deleted within 30 days of account deletion (except where legal retention is required).
• Wardrobe photos & outfits: removed from servers and object storage upon account deletion.
• AI processing (OpenAI and fal.ai): photos are transmitted to the relevant AI API during processing (OpenAI for clothing analysis, fal.ai for virtual try-on); they are not retained in these providers' systems after completion.
• Logs & analytics: up to 12 months (anonymised); Sentry error logs 90 days.
• Backups: short-lived residual data in technical backups; rotation is applied.

We use HTTPS encryption, access controls, password hashing, and server-side security practices to protect your data. No system is 100% secure; if you notice anything suspicious please contact us.

Depending on your jurisdiction you may have the following rights:

• Access — obtain a copy of your personal data
• Rectification — correct inaccurate data (via profile settings or support)
• Portability: export your data as JSON via Settings → Export My Data
• Erasure: delete your account and all data via Settings → Security → Delete My Account, or by emailing privacy@fashup.app
• Restriction and objection to processing
• Withdrawal of consent for consent-based processing at any time
• Complaint to your local supervisory authority (e.g. ICO in the UK, CNIL in France, KVKK in Turkey)

We aim to respond to requests within 30 days. Identity verification may be required.

FashUp is not directed to persons under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided data, please contact us and we will delete it.

Our servers and service providers (e.g. OpenAI, fal.ai, Mixpanel, Sentry, Google) may be located outside the European Economic Area or Turkey. Transfers are carried out with appropriate safeguards (standard contractual clauses or adequacy decisions).

Visits to fashup.app may use cookies and similar technologies (Google Analytics, Vercel Analytics) for performance and traffic measurement. In-app wardrobe data is not included in this measurement.

You can restrict cookies in your browser settings; some site functionality may be affected.

We may update this policy. For significant changes we will try to notify you via in-app notification or email. The current version is always published on this page — check the “Last updated” date above.

Privacy & data requests (GDPR / KVKK): privacy@fashup.app

General support: support@fashup.app

Support languages: English and Turkish