Privacy
Policy.

The data controller responsible for your personal data is Lumiq OÜ, a private limited company (osaühing) registered in Estonia, European Union. Lumiq OÜ operates the Wardropic mobile application and website.

Contact for all privacy and data-related matters: [email protected]

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), the supervisory authority for data protection in Estonia.

Account Data

• —Email address (required for account creation and authentication)
• —Display name (optional, provided by you)
• —Profile photo (optional, provided by you)

Body & Style Profile

If you choose to complete your style profile, we collect optional attributes you provide: gender, birthday, height, weight, eye color, hair color, skin tone, clothing sizes, and style preferences. You control all of this and can delete it at any time.

Garment & Wardrobe Data

• —Photos of clothing items you upload for AI analysis
• —AI-generated metadata (category, color, occasion, material, season) derived from those photos
• —Outfit combinations, wear logs, and outfit history

Location Data

With your explicit permission, we collect your approximate location (city-level) to fetch local weather for outfit suggestions. We do not track your precise GPS coordinates or movement. Location permission can be revoked at any time through your device settings.

Usage & Technical Data

• —App version, device operating system, and locale
• —Session activity logs (for abuse prevention and service reliability)
• —Expo push notification token (if notifications are enabled)
• —IP address and inferred country at the time of account creation (for geo-tier assignment)

Payment Data

If you subscribe to a paid plan, payment is processed by Stripe. We do not store your card number or full payment details. Stripe shares with us your subscription status, plan tier, and billing period. See Stripe's Privacy Policy for details on how they handle payment data.

Legal Consent Records

The timestamp at which you accepted these Terms of Service and this Privacy Policy, stored as a legal record of your informed consent.

• —Providing the service: creating your account, generating daily outfit suggestions, running AI clothing analysis, and powering the style chat.
• —Personalisation: using your style profile and wardrobe data to tailor outfit recommendations to your body, preferences, and local weather.
• —Subscription management: processing payments, managing plan limits, and handling upgrades or cancellations through Stripe.
• —Notifications: sending daily outfit suggestions and product updates if you have enabled push notifications.
• —Geo-compliance: determining your access tier at signup based on your country to comply with our geographic restrictions policy.
• —Security & fraud prevention: detecting VPN/proxy usage, enforcing rate limits, and preventing abuse of the free tier.
• —Legal compliance: maintaining records of your consent, responding to lawful requests, and fulfilling obligations under applicable EU law.

We do not sell your data, use it to serve advertising, or use your photos or wardrobe data to train AI models without your explicit consent.

Under the General Data Protection Regulation (GDPR), we process your data on the following legal bases:

• —Contract performance (Article 6(1)(b)): processing necessary to provide the Wardropic service you signed up for — account creation, outfit generation, wardrobe storage.
• —Legitimate interests (Article 6(1)(f)): fraud prevention, geo-tier enforcement, rate limiting, and service security — where our legitimate interest does not override your rights.
• —Legal obligation (Article 6(1)(c)): retaining financial/payment records as required by EU law, and responding to lawful data requests from authorities.
• —Consent (Article 6(1)(a)): location access for weather-based suggestions (you can withdraw this at any time via device settings).

We share data with the following processors under data processing agreements. All EU-based processing is GDPR-compliant.

Supabase

Hosts our database and authentication system. All user data (account, garments, outfits, wear logs) is stored in Supabase's EU infrastructure (currently Germany, eu-central-1). Supabase processes your authentication credentials and issues session tokens.

OpenRouter

All AI-powered features of the Service are routed through OpenRouter (OpenRouter Inc., USA), a model-agnostic inference gateway. OpenRouter operates with a Zero Data Retention (ZDR) flag enabled for all standard requests, meaning your data is not logged or retained beyond the duration of the API call. See OpenRouter's Privacy Policy.

AI Model Providers — Standard Mode (EU/US Servers)

By default, all AI features use models hosted on EU or US servers with Zero Data Retention contracts via OpenRouter. Providers are EU/US-based compute infrastructure operators. No AI request content reaches servers outside the EU or US in Standard Mode.

AI Model Providers — Performance Mode (Optional)

If you have opted in to Performance Mode via an explicit in-app consent screen, certain AI requests may be routed to AI model providers whose infrastructure is located in the People's Republic of China.

Important disclosure: The People's Republic of China does not have an EU adequacy decision under GDPR Article 45. Your AI request content (e.g. garment images, chat messages) is transferred to these servers solely on the basis of your explicit, freely-given, informed consent under GDPR Article 49(1)(a). These providers do not receive your account details, name, email, or payment data. You may withdraw this consent at any time under Profile → Privacy & Data → AI Processing Mode. Withdrawal takes effect immediately for all future requests.

Stripe

Processes subscription payments and manages billing. Stripe receives your payment details directly and returns subscription status to us. Stripe is PCI-DSS compliant. See Stripe's Privacy Policy.

Railway

Hosts our API server. Application logs (including IP addresses used in requests) may be retained by Railway for up to 90 days.

Weather API Provider

Receives your approximate city-level location to return local weather data for outfit suggestions. No personally identifiable data is sent beyond the city name or coordinates you provide.

IPQualityScore

Used at signup to detect VPN or proxy usage and assign your geographic access tier. Receives your IP address at the point of registration only. See Section 12 of the Terms of Service for details on geographic restrictions.

We do not share your data with any other third parties except as required by law.

• —Account and wardrobe data: retained for as long as your account is active. Permanently deleted within 30 days of account deletion.
• —Garment photos: stored in EU cloud storage (currently Germany) and deleted when you remove the item, delete your account, or request erasure.
• —Outfit and wear-log history: retained for the duration of your account. Exported and deleted with account deletion.
• —Payment records (Stripe): retained for 7 years as required by EU accounting and tax law, even after account deletion.
• —IP address / geo-tier at signup: retained in your user record for the lifetime of your account.
• —Application logs: retained by Railway for up to 90 days, then automatically purged.
• —Legal consent records (T&C acceptance timestamp, AI provider consent history): retained indefinitely as a legal record required under GDPR Article 7(1).

Data Retention on Plan Downgrade

When you downgrade from a paid plan (Pro or Premium) to the Free plan — whether by cancelling, failing to renew, or switching — your wardrobe items, outfit history, wear logs, chat sessions, and all other data are not deleted. Data that exceeds Free plan limits (for example, items beyond 12, wear history older than 30 days, or wishlist entries beyond 15) remains stored securely and will be fully accessible again if you upgrade. We do not reduce your stored data upon downgrade.

Try-Before-You-Buy Renders

Virtual try-on renders and Try-Before-You-Buy results are automatically and permanently deleted 30 days after creation, regardless of your subscription status. This applies to all users on all plans.

Data Portability on Plan Change

You can request a full export of all your data — including wardrobe items, outfit history, wear logs, and style profile — at any time and regardless of your subscription status, by using the export function in Profile → Privacy & Data → Export My Data, or by contacting us at [email protected]. This right is guaranteed under GDPR Article 20 (Right to Data Portability) and is not conditional on holding a paid plan.

As an EU data subject, you have the following rights, which you can exercise at any time:

• —Right of access: request a copy of all personal data we hold about you.
• —Right to rectification: correct inaccurate or incomplete data.
• —Right to erasure ("right to be forgotten"): permanently delete your account and all associated personal data (except payment records retained by legal obligation).
• —Right to data portability: export your full wardrobe data, outfit history, wear logs, and profile as a structured ZIP archive.
• —Right to restriction of processing: request that we limit how we use your data while a dispute is resolved.
• —Right to object: object to processing based on legitimate interests.
• —Right to withdraw consent: revoke location access at any time through device settings. If you have opted in to Performance Mode (AI processing on Chinese servers), you may withdraw that consent at any time in Profile → Privacy & Data → AI Processing Mode.

How to exercise your rights: Account deletion and data export are available directly in the app under Profile → Privacy & Data. For all other requests, contact [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) if you believe your data has been processed unlawfully.

• —All data in transit is encrypted using TLS 1.2 or higher.
• —Data at rest is encrypted by our infrastructure providers (Supabase, Railway) using AES-256.
• —Authentication is managed by Supabase, which issues signed JWT tokens. Sensitive tokens are never stored in plain text.
• —All account, wardrobe, and payment data is stored within the EU. AI request content (garment images, chat messages) is processed in the EU/US by default. If you opt in to Performance Mode, AI request content may be processed on servers in the People's Republic of China — see Section 5.
• —Access to production systems is limited to authorised personnel only.

No system is completely immune to breach. In the event of a data breach that poses a risk to your rights, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by GDPR Article 33/34.

Wardropic is not directed at persons under 16 years of age. We do not knowingly collect personal data from anyone under 16. If we become aware that a user is under 16, we will immediately terminate the account and delete all associated data without notice. If you believe a child under 16 has registered, please contact us at [email protected].

We may update this Privacy Policy from time to time. Material changes will be communicated with at least 14 days' notice via the app or your registered email address. The "Last Updated" date at the top of this page reflects the most recent revision.

Your continued use of Wardropic after the effective date of any update constitutes your acceptance of the revised policy. If you do not agree to the updated policy, you must stop using the Service and delete your account.