← Back to Clozy

Privacy Policy

Last updated: May 5, 2026 — Version 1.4

1. Data Controller

Clozy is operated by Yonatan Rigbi, an individual based in Israel. For privacy inquiries, contact us at support@clozy.org.

2. Information We Collect

• Account data: Name, email, profile photo (via Apple Sign-In or Google Sign-In), username
• Wardrobe photos: Photos you upload of your clothing items
• Full-body photo: Optional photo for virtual try-on feature
• Profile data: Gender, birthday, sizes, city, style preferences, color palette, fashion taste quiz answers
• Stories: Photos and captions you publish as ephemeral stories, including audience setting (everyone or close friends)
• Story views: A record of which other users have viewed each of your stories — visible only to you as the story author
• Story replies: Direct text replies sent to story authors
• Social graph: Follows, close-friends list, likes, comments, blocks, follow requests
• Borrow & lending data: Borrow requests between you and other users (item, dates, status, message)
• Wardrobe sharing: Approval status for friends you have granted view-access to your wardrobe
• Photos of You (optional): If you enable this feature, the app reads photo metadata from your device's camera roll to identify pictures of you wearing your wardrobe items. See Section 8 for details
• Usage data: Feature usage patterns, anonymized analytics, push notification tokens
• Purchase data: Subscription status (managed via Apple; we do not store payment details)
• Reports & moderation data: Content reports you file or that are filed against your content

3. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

• Contract performance: Account data, wardrobe photos, profile data — necessary to provide the app's core features
• Consent: Full-body photo for virtual try-on, push notifications — you choose to provide these and can withdraw at any time
• Legitimate interest: Usage analytics — to improve the app experience. You can opt out by contacting us

4. How We Use Your Data

• AI analysis of clothing items (brand, color, material, fit detection)
• Generating AI product photos of your items (beautify)
• Virtual try-on image generation
• Outfit suggestions, outfit-check feedback, and calendar planning
• Marketplace features (listings, messaging)
• Social features (follows, likes, comments, stories, close friends, blocks, borrow requests, wardrobe sharing)
• Anti-abuse and content moderation (processing reports and applying enforcement actions)

We do not use your photos to train AI models. Your images are processed solely to deliver the features above and are never used for machine learning training. Our AI sub-processors (named in Section 6) are contractually bound to the same restriction.

5. Social Features & Content Visibility

Clozy includes social features such as follows, stories, marketplace listings, and direct messaging. Visibility rules:

• Profile: Your username and avatar are visible to other users by default. Set your profile to private in Settings to require approval before someone can follow you and see your content.
• Outfits you publish: Visible to all users (or to followers only, if your account is private).
• Stories: Visible for 24 hours to either everyone (default) or to your close-friends list (one-way list curated by you; the friend doesn't see they were added). After 24 hours, stories are hidden from everyone except you — the author keeps a personal archive.
• Story views: When you watch someone's story, the author can see your username and view time. When other users watch yours, you can see who they are. Non-authors cannot see who else viewed.
• Marketplace listings: Visible to all users.
• Wardrobe items: Private by default. Friends can request access; you approve per-friend in Settings > Closet Sharing.
• Borrow & lending: Borrow requests are visible only to the requester and the item owner. The wardrobe-share approval gate also applies.
• Block: When you block another user, the app severs the relationship in both directions: prior follows, close-friends entries, wardrobe shares, and pending borrow requests are deleted, and your content becomes invisible to them across feeds, profile, stories, and direct queries.

6. Third-Party Services & Sub-Processors

To deliver our features we share narrowly-scoped data with the providers below. Each provider is contractually bound to process the data only as instructed by us and to retain it no longer than necessary. None of them use your data to train AI models.

• Supabase Inc. (United States / EU regions) — primary database, authentication, file storage, and edge functions. Hosts your account, wardrobe data, photos, social data, and notifications.
• Anthropic, PBC (United States) — Claude API for clothing-item analysis (e.g., identifying brand, colour, material) and for content-moderation prompts.
• OpenAI, L.L.C. (United States) — gpt-image-1 for generating product photos of your items (beautify) and as fallback for virtual try-on. OpenAI's API has zero data retention enabled for our workspace.
• Replicate, Inc. (United States) — IDM-VTON model for virtual try-on (primary path).
• Apple Inc. — Apple Sign-In, push notifications via APNs, App Store subscription processing, on-device face/pose detection via ML Kit / Vision framework when applicable.
• Google LLC — Google Sign-In and ML Kit (used on-device only).
• RevenueCat, Inc. — subscription state management. Receives anonymised user identifier and entitlement state; does not receive photos or content.
• Expo, Inc. — over-the-air JavaScript updates and push token registration.
• Vercel Inc. — static hosting for this website only; does not receive in-app data.

An updated list of sub-processors is maintained on this page. We will notify you of material additions before they take effect.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. These transfers are necessary to provide the app's AI-powered features. We ensure appropriate safeguards are in place, including the use of services that comply with industry-standard security practices and data processing agreements.

8. Photos of You (Optional Camera-Roll Feature)

If you opt in to the Photos of You feature, the app reads your device's photo library to find pictures of you wearing items already in your wardrobe. Important details:

• The feature is off by default and requires an explicit iOS / Android permission grant.
• Photos are scanned on-device using Apple Vision / Google ML Kit. We do not upload your full camera roll to our servers.
• Only photos you explicitly choose to import become part of your Clozy account.
• You can revoke the photo-library permission at any time in your operating-system settings; doing so stops future scans.

9. Stories & Story Archive

Stories you publish are visible to other users for 24 hours according to the audience you choose (everyone or close friends only). After 24 hours, the post becomes hidden from everyone except you. As the author, you keep a permanent private archive of every story you have posted, viewable in Profile > My Stories. You can delete any archived story at any time from that screen, which removes both the database row and the underlying image.

While a story is active, other users who view it leave a record (story_view) that shows their username and view time to you, the author. They cannot see who else viewed your story.

10. Borrow & Lending

The borrow feature lets one user request to borrow a wardrobe item from another. When you send a request, the owner can see your username, the item, the requested date range, and any optional message. When you approve a request, the requester is notified. Borrow requests do not transfer ownership and do not create a payment relationship; Clozy is not a party to peer-to-peer lending arrangements.

11. Virtual Try-On

The virtual try-on feature uses AI to show how a clothing item may look on you. Your full-body photo is:

• Stored securely in our database
• Processed by AI sub-processors (Replicate, OpenAI) to generate try-on images. Original photos are not retained on those services beyond the duration of the API call
• Not used for facial recognition or biometric identification
• Subject to lightweight on-device face cropping (Apple Vision / ML Kit) before upload to keep results consistent

Free users get 3 virtual try-ons per month. Clozy Pro subscribers get unlimited try-ons.

12. Block, Report & Account Safety

You can block any other user from your profile menu. Blocking is bidirectional: prior follows, close-friends entries, wardrobe shares, and pending borrow requests are immediately deleted, and your content becomes invisible to the blocked user across the entire app (feed, profile, stories, search, direct API access). The blocked user is not notified.

You can report content (outfits, stories, profiles, messages) that violates our Community Guidelines. Reports are reviewed by us and may result in content removal or account suspension. We retain a record of reports for moderation history.

13. Data Storage & Security

Your data is stored in a secure Postgres database with row-level security (RLS) policies that enforce per-user access at the database layer, not just in the client. Photos are stored in encrypted cloud storage with authenticated access. All connections use HTTPS/TLS encryption. Photos are re-encoded before upload, which removes EXIF metadata (GPS coordinates, camera info, original timestamps) as a side-effect.

14. Data Retention

• Account data & wardrobe: Retained while your account is active.
• Stories: Visible to others for 24 hours after publication; retained indefinitely in your private archive until you delete them or your account.
• Story views: Retained as long as the underlying story exists.
• Messages, follow records, social_likes / comments: Retained while your account is active.
• AI-processed images: Retained in your Clozy account while active; deleted from third-party AI providers within 30 days of processing (typically much sooner; OpenAI is configured for zero-retention).
• Usage analytics: Retained in anonymised form for up to 12 months.
• Reports & moderation history: Retained for up to 24 months for safety auditing.
• Account deletion: When you delete your account, all personal data (profile, photos, wardrobe items, outfits, stories & archive, social data, borrow history, messages) is permanently removed within 30 days.

15. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate data
• Deletion: Delete your account and all data (available directly in the app under Profile > Settings)
• Portability: Request your data in a portable format
• Withdraw consent: Where processing is based on consent, you can withdraw at any time
• Object: Object to processing based on legitimate interest

To exercise any of these rights, contact us at support@clozy.org.

16. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal data we collect and how it is used
• Request deletion of your personal data
• Opt out of the sale of personal data

We do not sell your personal data. To exercise your rights, contact support@clozy.org.

17. Children's Privacy

Clozy is not intended for users under 13 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us.

18. Changes

We may update this policy from time to time. We will notify you of significant changes via the app or email. Continued use after changes constitutes acceptance.

19. Contact

For privacy questions or data requests:
Yonatan Rigbi
Email: support@clozy.org