Legal

Privacy Policy

ClothCast — AI Virtual Try-On

Last updated: February 13, 2026

1. Introduction

Welcome to ClothCast ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application.

By installing and using ClothCast, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Store Information

When you install ClothCast, we collect:

  • Your Shopify store domain (e.g., your-store.myshopify.com)
  • Store owner email address
  • Store name and basic store information

2.2 Product Information

To enable virtual try-on, we access:

  • Product images from your Shopify catalog (read-only access via read_products scope)
  • Product titles and variant information

2.3 Customer Selfie Photos

This is the most sensitive data we handle. When end customers use the try-on widget:

  • Customer selfie photos are uploaded and processed server-side
  • Photos are resized to 768px height for AI processing
  • Photos are stored as base64 data in our database for a maximum of 24 hours
  • Photos are automatically deleted after 24 hours via a daily cleanup job
  • Photos are linked to anonymous session tokens, NOT to customer accounts
  • We do NOT extract, store, or process biometric data (facial recognition, measurements, etc.)
  • Photos are NOT used for AI training or any purpose beyond the single try-on request

2.4 Try-On Results

  • AI-generated try-on images are stored for 24 hours, then automatically cleared
  • Try-on metadata (product ID, timestamps, processing time) is retained for analytics

2.5 Usage Data

  • Number of try-ons generated per shop
  • Widget settings and preferences
  • Anonymous conversion data (added to cart after try-on)

3. How We Use Your Information

  • Provide virtual try-on: Process selfie + clothing images through our AI to generate results
  • Improve our service: Analyze anonymous usage patterns to enhance features
  • Process payments: Manage subscriptions through Shopify's Billing API
  • Customer support: Respond to support requests
  • Security: Detect and prevent fraud or unauthorized access

4. Third-Party Services

4.1 AI Processing (OpenRouter / FLUX.2)

Selfie and product images are sent to OpenRouter's API using the FLUX.2 Klein 4B model for image generation. Images are processed per-request and are not stored by these services beyond the API call.

4.2 Database (Neon PostgreSQL)

Your data is securely stored in Neon's serverless PostgreSQL database with encryption at rest and in transit.

4.3 Hosting (Vercel)

Our application is hosted on Vercel's secure infrastructure with automatic HTTPS and DDoS protection.

4.4 Email (Resend)

Support ticket notifications are sent via Resend's email service.

4.5 Payments (Shopify Billing API)

All payment processing is handled directly by Shopify. We do not store any payment card information.

5. Data Retention

  • Selfie photos: Automatically deleted after 24 hours
  • Try-on result images: Automatically cleared after 24 hours (metadata retained)
  • Account data: Retained while your app is installed, deleted upon SHOP_REDACT webhook
  • Support tickets: Retained for 24 months
  • Anonymous analytics: Aggregated data may be retained indefinitely

6. Data Security

  • HTTPS/TLS encryption for all data in transit
  • Encryption at rest for stored data
  • Secure OAuth 2.0 authentication via Shopify
  • App Proxy HMAC signature verification for all storefront API calls
  • Anonymous session tokens (no customer PII required)

7. Your Rights

  • Access: Request a copy of your personal data
  • Deletion: Uninstalling the app triggers automatic data deletion
  • Data portability: Request your data in a machine-readable format
  • Withdraw consent: Uninstall the app at any time

To exercise these rights, please contact us at the email address below.

8. Children's Privacy

ClothCast is not intended for use by children under 18. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date.

10. Contact Us

  • Email: starbowshine@gmail.com
  • Support: Use the in-app Support page