Privacy Policy

FitMyMirror Hover lets you virtually try on clothing while you shop. To do that we need your photo and a few body measurements. We use them to render your try-ons — nothing else.

• We do not sell your data.
• We do not show ads or share with advertisers.
• You can delete your photo and measurements at any time.
• Try-ons are private to your account by default.

Account

Email address and authentication identifier when you sign in.

Body profile

The photo you upload, plus the measurements you enter (height, weight, chest, waist, hips, shoulder, size, gender, fit preference).

Try-on activity

The product images you try on, the generated result images, and the source page URL — used to cache results and power your saved gallery.

Diagnostics

Standard server logs (IP, user agent, timestamps) for security and debugging. Retained for 30 days.

Your uploaded photo is processed as biometric data, a special category of personal data under GDPR Art. 9. We ask for your explicit consent the first time you upload a photo, and again whenever you revoke it from Settings → Privacy. Without consent we cannot render try-ons. You can withdraw consent at any time; doing so deletes the photo from your device cache and stops further AI processing.

• Generate try-on images and short scene videos for you.
• Save your lookbook so you can revisit past try-ons.
• Improve reliability and prevent abuse of the service.

User-uploaded images, selfies, body photos, and generated try-ons are never used to train AI models — ours or anyone else's — without your explicit, separate consent.

• We do not train on your photos.
• We send your photo to third-party AI providers only at the moment of rendering a try-on, and only under contracts that forbid them from using your input or the output for model training.
• We do not enroll you in any "improve the model" data-sharing program by default.
• If we ever want to use your photo to fine-tune a model, we will ask for fresh, opt-in consent with a clear description of what would be trained and how to revoke.

Each provider below is a contractually bound processor under a Data Processing Agreement (DPA). They receive only what is strictly required to fulfil your request, and are forbidden from training on, reusing, or selling your data.

• Google (Gemini API) — try-on image generation, scene videos, measurement estimation. Inputs and outputs are not used to train Google's models when called via the paid API.
• OpenAI (GPT & image models) — outfit reasoning and selected image generation. API inputs/outputs are not used to train OpenAI's models under their API data policy.
• fal.ai — image and video model hosting. Inputs are processed only to return the requested output.
• Lovable Cloud (Supabase) — hosting, database, authentication, encrypted file storage.
• Paddle — Merchant of Record for payments. Never receives your photo or biometric data.

We review providers before integration and remove any whose policies become incompatible with this Privacy Policy. The current list is kept up to date here.

• All uploads travel over TLS (HTTPS) end-to-end. Files are encrypted at rest by our storage provider.
• Each photo is stored under your user-id folder and is only served via long, unguessable URLs. Other users cannot list your files.
• Database rows holding your photos and try-ons are protected by row-level security — only you (and our server, when you request a try-on) can read them.
• We keep your photos only as long as your account exists or until you delete them — whichever comes first.
• We don't embed your photo in shareable links unless you explicitly use the "Share look" feature.

• Photo & measurements: until you delete them or close your account.
• Saved try-ons: until you delete them.
• Generated cache: up to 30 days, then re-generated on demand.
• Logs: 30 days.

You have the right, at any time and free of charge, to:

• Delete your account — wipes all your data, photos, and storage files (Settings → Account).
• Delete individual photos from your profile or wardrobe.
• Export your data as a JSON download (Settings → Privacy → "Export my data").
• Withdraw consent for biometric processing or cookies (Settings → Privacy, or buttons at the top of this page).
• Access, correct, or restrict processing of your data.
• Lodge a complaint with your local data-protection authority.

To exercise any of these rights, use Settings or email privacy@fitmymirror.app. We respond within 30 days.

The FitMyMirror Hover Chrome extension only activates on the page you are viewing when you hover a clothing image and click Try On Me. It sends the image URL of that product to our service to render your try-on. It does not read passwords, form fields, browsing history, or any page content outside the image you click. The extension uses chrome.storage.local to remember your sign-in and preferences on your own device.

FitMyMirror is not directed to children under 16. We require all users to confirm they are at least 16 years old at sign-up. We do not knowingly collect personal data — and in particular, do not knowingly process biometric data (photos / faces) — from anyone under 16.

• In jurisdictions with a higher digital-consent age (e.g. parts of the EU set it at 16), the local minimum applies.
• For US users under 13, COPPA applies and the service is not available to them.
• If you believe a minor has created an account, contact privacy@fitmymirror.app and we will delete the account and all associated photos without delay.
• Where required, processing of a minor's data requires verified parental consent — we do not offer that flow today, so under-16 accounts are not supported.

If we make material changes we will update the date above and, for significant changes, notify you by email.

When you subscribe, our reseller Paddle.com acts as the Merchant of Record. Paddle collects and processes your billing information (name, billing address, payment method, tax data) to take payment, issue invoices, handle tax compliance, and manage refunds and chargebacks. Fit Mirror Now receives subscription status and a Paddle customer ID — we do not see or store your full card details.

We share personal data only with:

• Hosting and infrastructure providers (Lovable Cloud / Supabase) under appropriate data-processing terms.
• Paddle, our Merchant of Record, for payments, subscription management, tax, and invoicing.
• AI model providers used to generate try-on images, limited to what's required to produce the output.
• Professional advisers (legal, accounting) and authorities where required by law.

Questions? Email privacy@fitmymirror.app.