Privacy Policy

Account information — When you create an account we collect your email address and a hashed password. We do not store your password in readable form.

Business information — When you use fAIshion Studio we may collect your boutique or business name as part of your account profile.

Uploaded photos — We store the vendor product photos you upload for processing and the model reference photos you provide. These are stored securely and used only to generate your output images.

Generated images — Output images produced by the FASHN AI service are stored in your account for 60 days, then automatically deleted.

Payment information — We collect billing information through Stripe. fAIshion does not store your credit card number or full payment details. Stripe handles all payment data in compliance with PCI-DSS standards.

Platform connection data — If you connect your Shopify or CommentSold account, we store the access tokens needed to push photos to your store on your behalf.

Usage data — We collect information about how you use the platform, including jobs created, images processed, credits used, and features accessed.

Device and browser data — We automatically collect standard technical information such as your IP address, browser type, operating system, and pages visited. This is used for analytics and platform security.

To provide the service — We use your information to operate fAIshion Studio, process your photos, manage your subscription, and push results to your connected platforms.

To communicate with you — We use your email address to send account notifications, billing receipts, subscription updates, and service announcements.

To improve the platform — We analyze usage patterns in aggregate to understand how features are used and where we can improve.

To prevent fraud and abuse — We monitor usage to detect and prevent unauthorized access, fraud, and violations of our Terms of Service.

You retain full ownership of all photos and content you upload to fAIshion. We do not claim any ownership over your images.

We do not use your uploaded photos or generated images to train AI models — not our own and not any third-party model.

Your photos are processed by the FASHN AI service solely for the purpose of generating your output images. See the Third-Party Services section below for details.

Generated images are automatically deleted from our servers 60 days after creation. Original uploaded photos are deleted when you delete a job or close your account.

Supabase — We use Supabase to store your account data, photos, and results. Supabase servers are located in the United States. Supabase Privacy Policy: supabase.com/privacy

Stripe — We use Stripe to process payments and manage subscriptions. When you enter payment information it is transmitted directly to Stripe and never passes through or is stored on our servers. Stripe Privacy Policy: stripe.com/privacy

FASHN AI — We use the FASHN API to generate model-swapped images. Your garment photos and model photos are transmitted to FASHN for processing. FASHN Privacy Policy: fashn.ai

Shopify — If you connect your Shopify store, product and image data is exchanged between fAIshion and Shopify using your authorized access token. Shopify Privacy Policy: shopify.com/legal/privacy

CommentSold — If you connect your CommentSold account, product and image data is exchanged using your authorized access token. CommentSold Privacy Policy: commentsold.com/privacy

Google Analytics — We use Google Analytics to understand how visitors use our website. Google Analytics collects anonymized usage data through cookies. You can opt out by using the Google Analytics Opt-out Browser Add-on or a browser with tracking protection enabled. Google Privacy Policy: policies.google.com/privacy

Meta Pixel — We use the Meta Pixel (Facebook Pixel) to measure the effectiveness of our advertising and to reach potential customers on Facebook and Instagram. The Meta Pixel may collect anonymized data about your visit to our site. You can manage your ad preferences at facebook.com/ads/preferences. Meta Privacy Policy: facebook.com/privacy/policy

Vercel — Our website and application are hosted on Vercel. Vercel may collect standard server logs including IP addresses. Vercel Privacy Policy: vercel.com/legal/privacy-policy

We use cookies and similar technologies to keep you logged in, remember your preferences, and collect analytics data.

Essential cookies are required for the platform to function. These cannot be disabled.

Analytics cookies (Google Analytics, Meta Pixel) help us understand how the platform is used. You can opt out of these through your browser settings or the opt-out tools provided by those services.

Most browsers allow you to block or delete cookies through their settings. Blocking essential cookies may prevent you from logging in or using the platform.

Account data is retained for as long as your account is active.

Generated images are deleted automatically 60 days after creation.

If you close your account, your personal data, uploaded photos, and generated images will be deleted within 30 days.

Billing records may be retained longer as required by law.

Access — You can view and update your account information at any time through your account settings.

Deletion — You can delete individual jobs and photos through the dashboard. To delete your entire account and all associated data, contact us at help@faishion.io.

Data portability — You can download your generated images at any time from the dashboard before the 60-day window closes. We will also provide a copy of your account data in a structured, machine-readable format on request.

California residents — If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell your personal information. To exercise your CCPA rights, contact us at help@faishion.io.

EU and UK residents (GDPR / UK GDPR) — If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation and equivalent UK law. We respond to verified requests within 30 days, unless legally required to retain the data.

• Right of access — Request a copy of the personal data we hold about you.

• Right to rectification — Correct inaccurate or incomplete personal data.

• Right to erasure (right to be forgotten) — Request deletion of your personal data.

• Right to restriction of processing — Limit how we use your personal data while a request is being resolved.

• Right to data portability — Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

• Right to object — Object to processing of your personal data, including for direct marketing.

• Right not to be subject to solely automated decision-making — None of our processing produces legal or similarly significant effects on you based solely on automated decision-making.

• Right to withdraw consent — Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

• Right to lodge a complaint — File a complaint with your local supervisory authority. For UK residents, this is the Information Commissioner's Office (ico.org.uk). For EU residents, contact your national Data Protection Authority.

To exercise any of these rights, contact help@faishion.io. We may need to verify your identity before responding.

For users in the EU, EEA, UK, or Switzerland, we process your personal data on the following lawful bases:

• Performance of a contract — We process your account information, uploaded photos, and platform connection tokens to provide the service you signed up for.

• Legitimate interests — We process usage data and device/browser data for platform security, fraud prevention, and aggregate analytics. We have evaluated these interests against your privacy and conclude they are not overridden by your rights.

• Consent — We use analytics cookies (Google Analytics, Meta Pixel) only after you provide consent through our cookie banner. You may withdraw consent at any time through the same banner or your browser settings.

• Compliance with legal obligations — We retain billing records as required by tax, accounting, and other applicable law.

fAIshion is operated from the United States. If you access the service from outside the United States, your personal data is transferred to and processed in the United States, which may not provide the same level of data protection as your country of residence.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum where applicable, in addition to supplementary technical and organizational measures (encryption in transit and at rest, access controls, etc.).

A copy of the SCCs we use can be obtained by contacting help@faishion.io.

For business customers (including Shopify merchants who connect their store to fAIshion), we are happy to enter into a Data Processing Agreement (DPA) that incorporates the Standard Contractual Clauses where required by GDPR or UK GDPR. Our DPA covers our role as a processor of personal data on your behalf.

Request a DPA at help@faishion.io.

We take reasonable technical and organizational measures to protect your data, including encrypted storage, secure HTTPS connections, hashed passwords, OAuth-token-based platform integrations (we never store platform passwords), and access controls that restrict who can access your information. However, no system is completely secure and we cannot guarantee absolute security.

If we become aware of a security breach affecting your personal data, we will notify you and any required supervisory authority within 72 hours of becoming aware of the breach where required by GDPR Article 33 or equivalent law, and as soon as reasonably practicable in all other cases. We will provide the information required by applicable law, including the nature of the breach, the categories and approximate number of affected individuals, the likely consequences, and the measures we are taking in response.

You can reach us about any security concern at help@faishion.io.