Data Processing Agreement

Last updated: April 2026

This Data Processing Agreement ("DPA") supplements the Terms of Service and applies whenever Tryon AI (the "Processor") processes Personal Data on behalf of a merchant (the "Controller") in the course of providing the Service.

1. Subject matter and duration

The Processor processes Personal Data only for the purpose of providing the Service to the Controller. Processing continues for as long as the Service is installed on the Controller's Shopify shop, plus a 48-hour deletion window following uninstall.

2. Categories of data subjects and Personal Data

Data subjects: shoppers ("Customers") who use the storefront try-on widget on the Controller's shop.
Categories of data: body measurements provided voluntarily by the Customer (height, weight, chest, waist, hip, shoulder, inseam, arm length); avatar parameters derived from those measurements; try-on session metadata (product viewed, selected size, fit feedback); optionally Shopify customer id when the Customer is logged in.
Out of scope: the Service does not store payment data, browsing history, or photos. Photos uploaded for AI measurement are processed in memory only.

3. Sub-processors

The Processor uses the following sub-processors. Each is bound by a data-processing agreement at least as protective as this one.

Sub-processor	Purpose	Data shared	Region
Cloudflare R2	Object storage (3D models, generated images)	Image bytes; no PII	Global edge
Anthropic	ML size recommendation (optional)	Measurements + size chart; no PII	US
Google (Gemini)	ML size recommendation (optional)	Measurements + size chart; no PII	US
Replicate	Photo measurement / virtual try-on (optional)	Photo bytes (memory only); not retained	US
Sentry	Error tracking	Error context with PII redacted	US

4. Security measures

Body measurements encrypted at rest using AES-256-GCM with a per-deployment key.
All transport over HTTPS / TLS 1.2+.
HMAC-signed app proxy verification on every storefront request.
Inbound rate limiting on write endpoints.
PII redaction in structured logs.
OAuth tokens stored encrypted; least-privilege scopes (read_products, read_customers, write_customers, read_orders).
Hourly cron purges photos > 24h and expired AI try-on images > 30 days.

5. Data subject rights

The Processor honours data subject access and erasure requests received via Shopify's mandatory GDPR webhooks (customers/data_request, customers/redact) within Shopify's 30-day SLA. Controllers may also request bulk export or deletion by emailing dienhv4789@gmail.com.

6. International transfers

Some sub-processors are based outside the EEA. Where applicable, transfers rely on the EU Standard Contractual Clauses or equivalent transfer mechanisms.

7. Audit

Controllers may request a summary of the Processor's security posture and sub-processor list once per year. Email dienhv4789@gmail.com.

8. Termination & deletion

Upon uninstall of the Service from the Controller's shop, all Personal Data is permanently deleted within 48 hours via the Shopify shop/redact webhook handler.

9. Contact

Data protection contact: dienhv4789@gmail.com.