Logo

Privacy Policy — AI Frame ‑ Clothing Try‑On

AI Frame ‑ Clothing Try‑On (the “App”) provides a virtual try-on service (the “Service”) to merchants who use Shopify to power their online stores. This Privacy Policy describes how personal information is collected, used, and shared when you (a merchant or an end-customer) install or use the App in connection with a Shopify store.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Please read this policy carefully to understand what information we process and how we handle it. By using the App, you agree to the practices described in this Privacy Policy.

Personal Information the App Collects

When you install AiFrame Virtual Try-On, we automatically gain access to certain information from your Shopify account in order to integrate the App with your store. Depending on your configuration and Shopify’s permissions, this may include:

  • Store and Merchant Information: Your store name, store URL, contact email address, and other basic account details. We use this to identify your store and communicate with you about the App (for example, for support or important updates).
  • Billing Information: If applicable, data necessary for billing and subscription management (handled via Shopify’s billing API). We do not see your full payment details, as those are processed by Shopify.

In addition to data from your Shopify account, the App may collect or process certain personal information from your customers (the end-users of the virtual try-on feature):

  • Customer Images: When a customer uses the virtual try-on feature on your store (for example, by uploading a photo or enabling their camera), the App will temporarily collect and process the image of that customer. This image may contain personal data such as the customer’s face or body depiction, which could be considered biometric or identifying information. Please note: The App processes these images solely to generate try-on previews (e.g., showing how a product might look on the customer) and does not store or retain the images after providing the result.
  • Device and Usage Data: The App may receive technical information when a customer interacts with the try-on feature, such as the type of device or browser used, browser logs or events (e.g. when the try-on was initiated), and approximate location (e.g. city or country based on IP address). This information is collected to ensure the feature works correctly (for example, adapting to screen size or detecting camera orientation) and to help us troubleshoot issues. We do not use this data to identify individual users, and any IP addresses or device identifiers are only used transiently for delivering the Service and security (such as preventing abuse).

We collect personal information directly from the individual (for example, the customer uploading a photo) or via automated means when the App is used on the store. We do not collect any more personal data than is necessary to provide and improve the Service. In particular, AiFrame Virtual Try-On does not build a permanent profile or database of your customers from their usage of the try-on feature.

Cookies: The App itself typically does not set persistent cookies in your customers’ browsers, aside from what may be necessary for the feature to function (such as a session identifier to remember a virtual try-on session). Any such cookies, if used, are only to enable technical functionality and not for tracking purposes. Your Shopify store may already have its own cookies and consent mechanisms, which are outside the scope of this App. We do not use the App to introduce new tracking for advertising or analytics beyond what Shopify or the store already uses, except for minimal internal analytics as described (e.g., counting feature usage in aggregate).

How Do We Use Your Personal Information?

We use the personal information we collect from merchants and customers to operate and provide the Service. Specifically, we may use this information to:

  • Provide and Enhance the Service: We process customer images and related data to generate virtual try-on results. All processing of personal data (like photos) is done for the sole purpose of delivering the try-on functionality. We may also use usage data (in aggregated, non-identifying form) to understand how the feature is performing and to improve our algorithms or user experience over time.
  • Communicate with Merchants: We might use merchant contact information (such as the store owner’s email) to send important notices about the App, such as updates, new features, billing notices, or responses to support requests. We will not spam you; communications will be relevant to the App’s service.
  • Support and Customer Service: If you reach out with a support request or if we need to troubleshoot an issue on your store, we will use the information available to help resolve the issue. This might include reviewing how the App is interacting with your store or checking error logs that could include store or device information.
  • Legal Compliance and Preventing Misuse: We may use personal information as necessary to comply with applicable laws and regulations (for example, to comply with a lawful request to disclose data) or to enforce our terms of service. Additionally, basic information (like IP addresses or device IDs) might be used to detect and prevent fraudulent or abusive use of the App (such as someone attempting to misuse the try-on service).

We do not use personal information for any purpose unrelated to the App’s core functionality. We do not use your customers’ images or data for marketing or profiling, and we do not sell or rent any personal data. Any analytics we perform on App usage are done on anonymized or aggregated data that cannot identify an individual.

Sharing Your Personal Information

To provide the Service effectively, we sometimes need to share personal information with third-party service providerswho assist us in operating the App. We only share data with third parties to the extent necessary for them to perform their services, and we contractually require them to protect your information and use it only for our specified purposes. The key third parties involved in AiFrame Virtual Try-On are:

  • Cloud Storage Provider: We use a secure cloud storage service to temporarily hold images and data during processing. For example, when a customer uploads a photo for try-on, that image file may be uploaded to our cloud storage (e.g., on a reputable cloud platform) so that our systems can access it for processing. These images are stored only briefly (as described in Data Retention below) and then deleted.
  • AI Processing Service: The App relies on an external artificial intelligence or machine learning API to analyze the customer’s image and apply the virtual try-on effect (for instance, overlaying the product onto the person’s photo or detecting facial features for alignment). This means the customer’s image (and possibly minimal related data like height or product dimensions if relevant) is sent securely to that third-party AI service for processing. The third-party will return the processed image or result to us, which we then display to the user. The AI service is not allowed to store or use the image or results for any purpose other than delivering the try-on functionality. We have agreements in place to ensure your customers’ photos remain confidential and are not retained by the AI provider.

Other than these service providers, we do not share personal information with third parties, except in the following special cases:

  • Shopify: As our App operates on the Shopify platform, we share data with Shopify as needed for the App to function. For example, installing or using the App may involve Shopify’s systems transmitting certain data to us (like store information or relevant customer/order info), and if the App needs to display or store something in your store, Shopify will handle that. Shopify is also subject to strict privacy and security obligations. Please refer to Shopify’s Privacy Policy for more details on how Shopify itself handles personal data.
  • Legal Requirements: We may disclose personal information if required to do so by law or in response to a valid legal request (such as a subpoena, court order, or government demand). We will also share information if necessary to protect our rights or the rights of others, to investigate fraud, or to respond to a security or technical issue. For instance, if we are compelled by authorities to provide certain data for an investigation, we will comply with applicable laws.
  • Business Transfers: In the unlikely event that our company or the App is involved in a merger, acquisition, or sale of assets, personal information might be transferred to the new owner as part of that transaction. If this happens, we will ensure that the new owner is bound by terms protecting personal data at least as much as this policy, and we will notify you (for example, via a notice on our website or through Shopify) of any such change in ownership or control of personal information.

No Sale of Personal Data: We want to emphasize that we do not sell your personal information or your customers’ personal information to any third party. “Selling” in this context means exchanging personal data for money or other valuable consideration. We do not engage in such practices. All data sharing we do is strictly for the purposes of running the App as described above (as a “service provider” or “processor” on your behalf).

Data Retention

We do not keep personal data longer than necessary to serve you. The retention practices differ slightly for merchant data and customer data:

  • Customer Images and Try-On Data: Images uploaded by customers for the virtual try-on are processed in real-time and are not stored permanently on our systems. Typically, once the try-on result is generated and delivered back to the customer’s device, the uploaded image (and any generated try-on image) is promptly deleted from our servers. In most cases, this deletion occurs within seconds or minutes after processing is complete. We do not archive or store copies of customers’ photos or videos used in the try-on. Any intermediate data (such as detection of body or facial landmarks) is also transient and discarded immediately after use. Our policy is to perform processing in-memory whenever possible and to avoid writing personal images to disk. If temporary caching is necessary (for example, to improve performance), such cached data is automatically purged on a very short cycle. Bottom line: The personal images your customers provide for try-on are used momentarily and then wiped from our systems.
  • Merchant and Store Data: Information about you as the merchant (like your contact details, store ID, settings and preferences for the App, and any support communications) is retained for as long as you have the App installed on your store. We keep this information to ensure the App functions properly for your store and to contact you if needed. If you uninstall AiFrame Virtual Try-On, we will delete or anonymize the personal data we have about you after a reasonable period, except where we are required to retain it for legal or accounting purposes. For example, we may retain certain minimal records of transactions or communications as required for tax filings, audits, or to comply with legal obligations. Any retained data will remain protected under this Privacy Policy and only used for those required purposes.
  • Logs and Backups: Our systems may keep system logs or backup files that incidentally include personal information (for example, an IP address or an error message containing an image filename) for a short duration. These logs and backups are typically purged on a rolling basis and are only accessible to us for troubleshooting and security monitoring. We ensure that any personal data in logs is limited and handled securely.

If you would like us to delete any personal information that you believe we still hold about you or your customers (for example, if a customer has concerns that their photo might not have been deleted immediately), please contact us using the information in Contact Us below. We will respond promptly and work with you to ensure the data is deleted, unless we are required to keep it (in which case we will inform you of the reason).

How Do We Protect Your Personal Information?

We take data security very seriously. We have implemented a variety of technical and organizational measures to safeguard personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption: Any personal data transmitted between your store, our App, and our third-party processing services is protected by encryption in transit. For example, when a customer uploads a photo for try-on, it is sent to our servers over an HTTPS (SSL/TLS) secure connection. Likewise, any communication between our servers and the AI processing provider is encrypted. We also employ encryption at rest for any temporary storage, meaning that if any personal data (like an image) is briefly saved on disk, it is stored in an encrypted format whenever feasible.
  • Access Controls: We restrict access to personal information to only those personnel and service providers who need it to operate or support the App. Our team members are bound by confidentiality obligations and trained in data protection best practices. Administrative access to systems that contain sensitive data is limited to authorized personnel and protected with strong authentication (such as multi-factor authentication).
  • Secure Infrastructure: The App’s servers and data processing are hosted on reputable cloud platforms known for their strong security practices (for example, AWS, Google Cloud, or similar). These datacenters have robust physical and network security. We keep our software and infrastructure up-to-date with the latest security patches to mitigate vulnerabilities. We also separate environments so that personal data (especially customer images) resides in secure segments of our infrastructure that have additional safeguards.
  • No Unnecessary Storage: As described in Data Retention, our design philosophy is to avoid storing personal data unless absolutely needed. By minimizing what we keep and for how long, we reduce the risk of data breaches. If there’s no data, there’s nothing that can leak. In cases where data might be cached or stored temporarily, automated routines permanently erase it very quickly.
  • Monitoring and Testing: We monitor our systems for any unauthorized access or anomalies. We also periodically test and review our security measures. This can include internal audits of data handling, vulnerability scanning, and stress-testing our deletion processes to ensure nothing slips through. In the event we ever identify a security issue or data incident, we have a response plan to contain and fix the problem, and to notify affected parties as required by law.

Despite all these precautions, it’s important to note that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information with commercially acceptable means, we cannot guarantee absolute security. However, we continuously update our security practices to address new threats and to ensure a high level of protection. If you have reason to believe that your data or a customer’s data may have been compromised in connection with our App, please contact us immediately so we can investigate and take any necessary actions.

Your Rights and Choices

We respect the rights of individuals regarding their personal data. Different privacy laws provide various rights to you (either as a merchant or as a customer using the App through a merchant’s store). The following sections explain how you can exercise those rights and make choices about your data:

Rights of European (EEA/UK) Individuals

If you are located in the European Economic Area (EEA) or the United Kingdom, you have certain rights under the GDPR and related data protection laws. These include:

  • Right to Access: You have the right to request a copy of the personal information we hold about you (commonly known as a “data subject access request”). This typically applies to information you as a merchant have provided to us, since we do not maintain customer images after processing. If you are an end-customer who used the try-on and believe we might have your personal data, you may also request access (though in most cases, we will have none of your data retained, as explained above).
  • Right to Rectification: You have the right to ask us to correct or update any inaccurate or incomplete personal information we have about you. For example, if you are a merchant and your contact email has changed, you can inform us to update our records.
  • Right to Erasure: You have the right to request deletion of your personal data (“the right to be forgotten”). As a merchant, you can uninstall the App to stop any further data collection, and you may request that we delete any personal information we hold (such as support emails or configuration data) unless we are required to keep it. For customers, as noted, we generally do not store your data beyond the try-on session, but if you have concerns or believe some data remains, you can request deletion and we will ensure any residual personal data is erased (barring any legal exceptions).
  • Right to Restrict or Object to Processing: You have the right to ask us to restrict processing of your personal data or to object to certain processing activities. For instance, a European customer might object to their data being processed by an AI service outside Europe. We respect such objections – for example, a customer can choose not to use the try-on feature if they do not want their image processed. Merchants can also choose not to enable certain optional data features of the App. If you have concerns, let us know and we will work to accommodate your request or explain why the processing is necessary.
  • Right to Data Portability: You have the right to obtain personal data you provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller. Given the limited data we handle, this right is most relevant to information like your merchant account details. If applicable, we will help export your data upon request.
  • Right not to be Subject to Automated Decision-Making: The App’s processing of images is automated, but it does not produce any legal or similarly significant effects about an individual – it simply produces an augmented image for fun/informational purposes. We do not make any consequential decisions about individuals solely by automated means. If in the future we consider features that involve automated decisions with legal effects, we will comply with GDPR requirements and notify you.

Legal Basis for Processing: If you are a European resident, we need to let you know the lawful bases on which we process personal data under GDPR:

  • For merchants, we process your data primarily to fulfill our contract with you (i.e., providing the App’s services as per our agreement when you installed it). We also process certain data based on our legitimate interests – for example, improving the App, preventing fraud, or communicating product updates – but in doing so, we consider and balance any potential impact on your rights.
  • For customers’ data (like images), we act as a data processor on behalf of the merchant (who is the data controller for customer data). The merchant’s legal basis (often consent or legitimate interest) for allowing the try-on will govern. We process that data under the merchant’s direction and legal basis. If you are a customer and have questions about the legal basis for processing your photo, you may contact the merchant (store owner) or us for more information. Typically, the action of uploading a photo for try-on is taken as your implicit consent to process that photo for that specific purpose.

International Data Transfers: We are not established in the EU, and the personal information we collect may be transferred to and processed in countries outside of the EEA/UK (for example, to the United States or other locations where our servers or service providers are located). When we transfer data out of Europe, we ensure appropriate safeguards are in place. This may include using Standard Contractual Clauses approved by the European Commission, or transferring data to countries with adequacy decisions. By using the App, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described. However, we will always take steps to protect your privacy in line with this policy. Notably, customer images might be processed on servers in the United States (or another jurisdiction) due to our cloud and AI providers—this processing is transient, but we still ensure it meets EU standards of protection.

If you are a European (or UK) resident and wish to exercise any of these rights, please contact us (see Contact Us below). We may ask you for verification information (to confirm your identity) before fulfilling your request. We will respond to your request within the timeframe required by law (typically within one month). Please note that if you are a customer of a Shopify store, we may refer your request to the merchant (store owner), since in many cases we are processing your data on their behalf.

California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you are protected by privacy rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). In compliance with these laws, we provide the following information and commit to upholding your rights:

Categories of Personal Information Collected: In the preceding 12 months, we have collected the following categories of personal information (as defined by CCPA) through the App:

  • Identifiers: e.g., your name, email address (for merchants), and possibly an IP address or device identifier (for customers using the service).
  • Customer Records: photos or similar visuals provided by customers for try-on (which could be considered “biometric information” in the broad sense because a face image is a biometric identifier, though we do not create or store biometric templates).
  • Internet or Other Electronic Network Activity: information about interactions with the App, such as usage logs or browsing information when the try-on widget is used.
  • Geolocation Data: only coarse location derived from IP (e.g., city or state), and only temporarily for service delivery.
  • Sensitive Personal Information: Under CPRA, sensitive data like account login or precise geolocation is in scope. Our App does not collect sensitive identifiers like government IDs, account passwords, or precise geo-coordinates. Biometric information (face images) is considered sensitive; we handle those with high care and do not retain them post-processing, as detailed throughout this policy.

Use of Personal Information: We use and disclose the above information only for the business purposes described in this policy (see “How Do We Use Your Personal Information?” and “Sharing Your Personal Information”). We do not use it for purposes outside those compatible with the context in which it was provided.

Rights under CCPA/CPRA:

  • Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell (if applicable) about you. This includes the specific pieces of personal information, the categories of sources, the purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (for example, if the information is necessary to complete a transaction, detect security incidents, comply with legal obligations, etc.). As described earlier, for most customer data like images, we likely have no retained data to delete; but we will certainly delete any remaining personal info at your request unless an exception applies.
  • Right to Correct: You may request that we correct inaccurate personal information we hold about you.
  • Right to Opt-Out of Sale or Sharing: You have the right to opt-out of the “sale” of your personal information or the sharing of your personal information for cross-context behavioral advertising. However, we do not sell personal information (as noted above) nor do we share it for targeted advertising purposes. Therefore, there is no need for you to formally opt out — we have no such data practice to opt out from.
  • Right to Limit Use of Sensitive Personal Information: If we collect any sensitive personal information (as defined by CPRA), you have the right to limit its use to that which is necessary to perform the services. In our case, any sensitive data (e.g., face images) are only used to perform the virtual try-on and for no other purpose, which is already a restricted use. We do not use sensitive info for inferring characteristics or other secondary purposes.
  • Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means we will not deny you our services, charge you a different price, or provide a different level of quality just because you exercised your privacy rights.

Submitting Requests: If you are a California resident and wish to exercise any of the above rights, you (or an authorized agent acting on your behalf) can submit a verifiable consumer request to us. Please see Contact Us below for how to reach us (email is preferable for these requests). In your request, please specify which right you seek to exercise and provide sufficient information for us to verify you (this might be information like your relationship to us – e.g., merchant or customer – and your email or other info we might have on file). We will only use the information you provide in a request to verify and fulfill your request.

We aim to respond to a verifiable request within 45 days as required by CCPA. If more time is needed (up to an additional 45 days), we will inform you of the reason and extension in writing. Any disclosures we provide will cover the 12-month period preceding the receipt of the request, or as required by law. For deletion requests, once verified, we will delete (and direct our service providers to delete) your personal information from our records, except any data we are permitted or required to retain.

Other Regions and Laws

We designed our privacy practices to meet major requirements globally. If you are in another jurisdiction (for example, Canada, Australia, etc.), you likely have similar rights such as the right to access and correction. We will gladly honor any legitimate requests regarding personal information, in line with applicable laws. For instance, Canadian users have the right to request access to their personal information and to know how it’s used or disclosed, and they have the right to withdraw consent to the extent our processing is based on consent. To exercise any privacy rights applicable to you, please contact us.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will revise the “Last Updated” date at the top or bottom of this policy document. For significant changes, we may provide a more prominent notice (such as by emailing merchants or placing a notice on our App listing or website).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting the personal information we collect. Your continued use of the App after any changes to this Privacy Policy constitutes your acceptance of those changes. If you do not agree with any updates or modifications, you should uninstall the App and discontinue use of the Service.

Contact Us

Your trust is important to us. If you have any questions, concerns, or requests regarding this Privacy Policy or how AiFrame Virtual Try-On handles personal information, please contact us:

  • By Email: You can reach our privacy team at ben@aiframe.app. We will do our best to respond promptly to your inquiries.
  • By Mail: You may also write to us at the following address:
    AI Frame ‑ Clothing Try‑On – Privacy Officer
    Meydan Grandstand, 6th floor,
    Meydan Road, Nad Al Sheba,
    Dubai, U.A.E.

(Please note: The above mailing address is provided for privacy-related correspondence. If you write to us, please include attention to “Privacy Officer” and provide sufficient detail about your question or request.)

If you are a merchant or customer in the European Union, you may also contact our EU representative at ben@aiframe.app, or include a request in your communication for EU-specific inquiries.

We are here to help and address any issues. If you feel that we have not adequately resolved a privacy concern, you may have the right to lodge a complaint with your local data protection authority (for example, the Data Protection Commission in the EU or the Information Commissioner’s Office in the UK, or a state Attorney General in the U.S.). We would appreciate the chance to address your concerns first, so please do reach out to us directly.

Thank you for using AI Frame ‑ Clothing Try‑On. We value your privacy and strive to protect it at every step while delivering an innovative virtual try-on experience.