Privacy Policy

Last updated: April 2026

What data we collect

Tryon AI accesses your Shopify store data through the Shopify API. Specifically:

• Store metadata (for display in the app)
• Shopify session data (for authentication)
• Product data (for size chart management)
• Customer body measurements (for avatar creation, with explicit consent)

What data we store

• Session data: Shopify OAuth tokens for authentication
• App settings: Your preferences and configuration
• Usage records: Monthly try-on session counts for billing
• Size charts: Product measurement data you configure
• Avatar data: Encrypted body measurements (with customer consent)
• Try-on sessions: Anonymous session logs for analytics

What we do NOT collect

• Customer photos (auto-deleted after 24 hours if uploaded)
• Payment or credit card information
• Browsing history or tracking data

Data retention

Data is retained while the app is installed. Body measurements are encrypted at rest and deleted upon customer request or app uninstall. Photos are auto-deleted after 24 hours. When you uninstall the app, all stored data is permanently deleted within 48 hours.

Data sharing

We do not sell, share, or transfer your data to any third parties. Your data is only accessed to perform the operations you initiate.

GDPR compliance

We support Shopify's mandatory GDPR webhooks and respond to data subject requests within Shopify's 30-day SLA:

• customers/data_request: We export the customer's avatar(s), measurements, try-on sessions and size recommendations so the merchant can deliver them to the requesting customer.
• customers/redact: We permanently delete the customer's avatar(s), all derived measurements, try-on sessions, and size recommendation history.
• shop/redact: When the shop is uninstalled, all settings, usage records, products, avatars, sessions, and recommendations are permanently deleted within 48 hours.

Security

All communication with Shopify and the storefront widget uses HTTPS. OAuth tokens are stored encrypted at rest. Access to store data requires authenticated Shopify sessions; storefront widget calls are verified with Shopify's app-proxy HMAC signature.

Body measurements are encrypted at rest using AES-256-GCM with a per-deployment key. Photos uploaded for AI-assisted measurement are processed in memory only — they are never written to disk and never persisted in our database.

AI-generated try-on images (Pro feature) are stored on Cloudflare R2 for 30 days and then automatically deleted. Customers can request earlier deletion at any time.

Third-party processors

To deliver AI features we share the minimum necessary data with the following sub-processors:

• Anthropic (Claude API): body measurements + product size charts are sent for AI size recommendation. No personal identifiers are included. See Anthropic's privacy policy.
• Replicate: photos uploaded for AI measurement and virtual try-on are sent for inference and not retained on Replicate. See Replicate's privacy policy.
• Cloudflare R2: stores generated try-on images and uploaded 3D garment models.
• Sentry: error reports with PII redacted.

Contact

For privacy questions or data requests, contact us at dienhv4789@gmail.com.