Privacy Policy - TryOnMe

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

TryOnMe
Email: ajohe.ajohe@gmail.com

2. Overview of Data Processing

The TryOnMe app allows users to virtually try on clothing items. To achieve this, personal photos (avatars) are combined with images of garments, and an AI-generated result image is produced.

3. Data Collected and Processed

3.1 Registration and Authentication Data

Using the app requires registration and login. Authentication is handled through a Keycloak server hosted on Railway. The following data is processed:

Username / email address
Password (transmitted only to the Keycloak server and securely stored there)
User ID (extracted from the JWT token)
When signing in via Google OAuth: name, email address, and profile information from the Google account

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

3.2 Image Data

The app processes the following image data:

Avatar images: Photos of the user, taken with the camera or selected from the gallery
Garment images: Photos of clothing items, taken with the camera, selected from the gallery, or received via the share function of other apps
Result images: AI-generated images showing the user wearing the selected clothing
Segmentation masks: AI-generated detection masks identifying individual clothing items within garment images

All image data is:

Stored locally on the device (SQLite database and file system)
Transmitted to and stored on the backend server on Railway
Sent to the Google Gemini API for image generation (see Section 5)
Sent to RunPod (SAM3 AI model) for garment segmentation (see Section 5)

Legal basis: Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (performance of a contract)

3.3 Usage Data

The following usage data is collected during app use:

Fitting sessions (session ID, avatar and garment IDs used, timestamps)
Token balance and consumption
MD5 checksums of uploaded images (for duplicate detection)
Timestamps of uploads and actions
Segmentation cache data (garment ID, image hash, cached detection masks)

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

3.4 Consent Data

When you accept the Terms of Service and Privacy Policy on the login screen, we store:

Acceptance timestamp (ISO 8601 UTC format)
Stored locally on the device in encrypted storage (Flutter Secure Storage)
This data is not transmitted to any server
Cleared upon account deletion; preserved on regular logout

Legal basis: Art. 6(1)(a) GDPR (consent)

3.5 Data Not Collected

The app does not collect any of the following data:

Location data
Device identifiers (IMEI, Android ID, IDFA)
Analytics or tracking data
Push notification tokens
Contacts or address book data

4. Device Permissions

The app requests the following device permissions:

Permission	Purpose
Camera	Capture avatar and garment photos
Photo Library / Storage	Select images from the gallery and save generated images
Internet	Communication with backend server, Keycloak, and Google Gemini API

All permissions are requested at runtime and can be revoked at any time in the device settings.

5. Data Sharing with Third Parties

5.1 Google Gemini API (Image Generation)

To generate virtual try-on images, avatar and garment images are transmitted as Base64-encoded data to the Google Gemini API. Processing takes place on Google servers.

Data transmitted: Avatar image, garment image(s), text prompt for image generation
Purpose: AI-powered image generation (virtual try-on)
Google Privacy Policy: https://policies.google.com/privacy

Legal basis: Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (performance of a contract)

5.2 RunPod (AI Garment Segmentation)

To detect and extract individual clothing items from garment images, images are transmitted to the SAM3 (Segment Anything Model 3) AI model hosted on RunPod's serverless GPU infrastructure. Processing takes place on RunPod's servers.

Data transmitted: Garment image (as binary data)
Data returned: Segmentation masks (coordinate data identifying detected clothing regions)
Purpose: AI-powered garment detection and extraction
Data retention by RunPod: RunPod processes data transiently for inference only; images are not stored by RunPod after processing is complete
RunPod Privacy Policy: https://www.runpod.io/privacy-policy

Legal basis: Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (performance of a contract)

5.3 Keycloak (Authentication)

Authentication is handled through a self-hosted Keycloak server on Railway. Keycloak stores:

User account data (email, name, username)
Login history
OAuth tokens

When signing in via Google, data is forwarded through Keycloak acting as an identity broker.

5.4 Railway (Hosting)

Both the backend server and the Keycloak server are hosted on the Railway platform. Railway acts as a data processor in accordance with Art. 28 GDPR.

Railway Privacy Policy: https://railway.app/legal/privacy

5.5 No Further Data Sharing

No personal data is shared with any other third parties, advertising networks, or analytics services.

6. Data Storage and Deletion

6.1 Local Storage on the Device

Authentication data (JWT token, refresh token, user ID, email): Encrypted in Flutter Secure Storage (Android: EncryptedSharedPreferences, iOS: Keychain)
Image data and metadata: In a local SQLite database and the device file system
App settings: In the local database
Terms acceptance timestamp: In Flutter Secure Storage (cleared on account deletion only)

6.2 Server-Side Storage

Image data: On the backend server file system on Railway
Metadata and session logs: In the server-side database
User data: In the Keycloak PostgreSQL database
Segmentation cache: Detection mask data and metadata in the server-side database

6.3 Deletion

By the user: Avatars, garment images, and try-on results can be individually deleted within the app. Deletion removes both local files and database entries.
On logout: When logging out, all local data (images, tokens, user data) is completely removed from the device.
Server-side deletion: When items are deleted through the app, the corresponding files and database entries are also removed from the server.
Account deletion: Users can delete their entire account and all associated data via the account deletion page.

7. Data Security

We implement the following technical and organizational measures to protect your data:

Transport encryption: All communication between the app, backend, and Keycloak uses HTTPS/TLS
Token-based authentication: OAuth 2.0 with JWT tokens and refresh token mechanism
Secure local storage: Sensitive data (tokens, credentials) is stored encrypted on the device
Access control: Each user can only access their own data
Image validation: Uploads are checked for allowed file types (PNG, JPG, JPEG) and file size (max 16 MB)
Duplicate detection: MD5 checksums prevent multiple uploads of identical images

8. Your Rights Under the GDPR

As a data subject, you have the following rights:

Right of access (Art. 15 GDPR): You may request information about your stored personal data.
Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate data.
Right to erasure (Art. 17 GDPR): You may request the deletion of your data. Images and results can also be deleted directly within the app or via the account deletion page.
Right to restriction of processing (Art. 18 GDPR): You may request the restriction of processing of your data.
Right to data portability (Art. 20 GDPR): You may request the transfer of your data in a structured, commonly used format.
Right to object (Art. 21 GDPR): You may object to the processing of your data.
Right to withdraw consent (Art. 7(3) GDPR): Consent given may be withdrawn at any time with effect for the future.
Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority.

To exercise your rights, please contact us at: ajohe.ajohe@gmail.com

9. Your Rights Under US Privacy Laws

9.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected.
Right to Delete: You may request deletion of your personal information. You can also delete your data directly within the App or via the account deletion page.
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

We do not sell personal information. We share data only with the service providers listed in Section 5, solely for the purposes of operating the service.

To exercise your rights, email us at ajohe.ajohe@gmail.com or use the in-app account deletion feature. We will respond within 45 days.

9.2 Other US State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with comprehensive privacy laws have similar rights to access, delete, correct, and opt out. To exercise these rights, contact us at ajohe.ajohe@gmail.com.

9.3 Children's Privacy (COPPA)

The App is not directed to children under 13. We do not knowingly collect personal information from children under 13 years of age. If you believe we have collected information from a child under 13, please contact us at ajohe.ajohe@gmail.com and we will promptly delete such information.

10. International Data Transfers

Through the use of the Google Gemini API, personal data (particularly image data) may be transferred to Google servers in the United States or other countries outside the European Economic Area (EEA). Google has committed to maintaining adequate data protection standards. The transfer is based on Art. 49(1)(a) GDPR (explicit consent) and, where applicable, on Standard Contractual Clauses (Art. 46(2)(c) GDPR).

Railway hosts services on servers that may be located outside the EEA. Data transfers are also carried out based on appropriate safeguards.

RunPod operates GPU infrastructure that may be located in the United States. Image data transmitted for segmentation processing may be transferred to these servers. RunPod processes data transiently and does not retain images after inference is complete.

11. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or changes to the service or data processing. The current version is always available within the app and at this URL.

12. Contact

For questions about data protection or to exercise your rights, please contact:

TryOnMe
Email: ajohe.ajohe@gmail.com