Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account information: Your name, email address, and profile photo when you sign in with Google OAuth.
• Photos you upload: Venue photos, selfies, and inspiration images you provide for AI-powered virtual try-on and venue visualization features.
• Pinterest data: When you connect a Pinterest board by sharing its URL, we access publicly available pin images and board metadata solely to display inspiration options within the Services. We do not access private boards, followers, or profile data beyond what is publicly available on the board you share.
• Bridal look data: Dress images, virtual try-on results, and venue composites generated through the Services, stored in association with your account.

1.2 Information Collected Automatically

• Usage data: Information about your interactions with the Services, including pages visited, features used, and actions taken within the try-on and venue visualization workflows.
• Device and browser information: Technical information including device type, browser type, operating system, and screen resolution, collected through analytics tooling.
• Log data: Server logs that may include your IP address, access times, and pages viewed.

2. How We Use Your Information

• To provide AI-powered virtual try-on and venue visualization features.
• To display Pinterest board pins you choose to import as style inspiration.
• To save your generated bridal looks, try-on results, and venue composites to your account.
• To communicate booking confirmations, tour scheduling, and service-related updates.
• To improve, maintain, and secure the Services.
• To detect and prevent fraud, abuse, and unauthorized access.
• To comply with applicable laws, regulations, and legal processes.

3. Pinterest Data Usage

We use the Pinterest API to fetch publicly available pin images from boards you explicitly share with us. By using the Pinterest integration, you agree to the following:

• We only access board and pin data when you deliberately provide a Pinterest board URL.
• We do not store Pinterest access tokens beyond the current authenticated session unless you opt in to persistent connection.
• We do not post, modify, pin to, or delete any content on your Pinterest account.
• We do not sell, trade, or share Pinterest-sourced data with third parties outside of what is needed to deliver the Services to you.
• Pin images are used solely to display inspiration options within Glamm and are not used to train artificial intelligence or machine learning models.
• Your use of Pinterest content through Glamm must comply with Pinterest’sTerms of Service and Acceptable Use Policy.

Pinterest, Inc. is not affiliated with, endorsed by, or a sponsor of Glamm. Pinterest content accessed through the Services is the responsibility of the respective pin creator and board owner.

4. AI Processing

Photos you upload may be processed by third-party AI services to generate virtual try-on images and venue composites. Specifically:

• Replicate and Google Gemini are used to generate virtual try-on images and venue composites on our behalf.
• These providers process images solely for the purpose of generating your results and do not retain your photos after processing is complete.
• Uploaded photos are not used to train, fine-tune, or improve AI models by Replicate, Google, or any other third party.

5. Data Security

We implement industry-standard measures to protect your data:

• Encryption in transit: All communication between your device, our servers, and third-party services is encrypted via TLS (HTTPS).
• Encryption at rest: Sensitive data, including OAuth tokens, is encrypted at rest using AES-256 or equivalent encryption before storage.
• Session security: User sessions are secured with HTTP-only cookies that cannot be accessed by client-side scripts.
• Access controls: Access to user data is restricted to authorized personnel on a need-to-know basis.

While we implement robust security measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Sharing

We do not sell, rent, or trade your personal information with third parties. We may share your information only in the following circumstances:

• AI service providers: Photos you upload are shared with Replicate and Google Gemini solely for the purpose of generating virtual try-on and composite images.
• Pinterest:When you use the Pinterest board import, the board URL you provide is transmitted to Pinterest’s API solely to fetch the pins you have chosen to import.
• Analytics provider: We use analytics tooling to understand how users interact with the Services. Data shared is anonymized or pseudonymized where possible.
• Email service provider: Your email address may be shared with our email delivery provider solely for the purpose of sending transactional and service-related communications.
• Cloudflare: Our website and content delivery is powered by Cloudflare, which processes data in accordance with its own privacy policy.
• Legal requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

7. Data Retention

• Account data: Retained for the lifetime of your account.
• Bridal looks and composites: Retained for the lifetime of your account for your reference.
• Activity logs: Retained for a limited period, then automatically deleted.
• Deletion: When you delete your account, all personal data is permanently removed from our systems and backups within a commercially reasonable period, except where we are required by law to retain certain records.

8. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct any inaccurate personal data.
• Deletion: Delete your account at any time, which permanently removes all your personal data from our systems.
• Data portability: Request a copy of your data in a machine-readable format within 30 days of your request.
• Withdraw consent: Where we rely on your consent to process personal data, you may withdraw that consent at any time.

To exercise any of these rights, contact us at developer@getkoe.com. We will respond within 30 days.

9. Cookies & Tracking Technologies

• Session cookie: An HTTP-only cookie used for authentication. This is essential for the Services to function and cannot be disabled.
• Analytics: We may use analytics tools to understand how users interact with the Services and to improve our product. You can opt out of analytics tracking through your browser settings or by using a Do Not Track header.

We do not use third-party advertising cookies or sell data to advertisers.

10. Children’s Privacy

The Services are not intended for individuals under 16 years of age. We do not knowingly collect or solicit personally identifiable information from children under 16. If you are under 16, please do not use the Services or send us any personal information. If we learn that we have collected personal information from a child under 16, we will delete that information promptly. Contact us at developer@getkoe.com if you believe a child under 16 has provided us personal information.

11. Third-Party Services

The Services integrate with third-party services, including Pinterest, AI image generation providers, analytics, and hosting. These third parties have their own privacy policies. We encourage you to review them. We are not responsible for the privacy practices of third-party services.

Key third-party service providers:

• Pinterest, Inc.: Board API access (Pinterest Privacy Policy)
• Replicate: AI image generation (Privacy Policy)
• Google Gemini: AI image generation (Privacy Policy)
• Cloudflare: Content delivery and security (Privacy Policy)
• Vercel: Frontend hosting (Privacy Policy)

12. International Data Transfers

Our servers and service providers are primarily located in the United States. If you access the Services from outside the United States, your personal data may be transferred to, stored, and processed in the United States or other countries where our service providers operate, where data protection laws may differ from those of your country.

By using the Services, you consent to the transfer of your data to the United States and other countries where we operate.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. If we make material changes, we will notify you by placing a notice on our website or sending you an email. Your continued use of the Services after any changes constitutes acceptance of the revised policy.

14. Contact

For questions, concerns, or requests regarding this Privacy Policy:

Arc Telos Labs Inc.
Email: developer@getkoe.com