Privacy Policy
Last updated: 2026-05-17 · Effective: 30 days after lawyer review
Draft — pending lawyer review
This page is the structural draft of our privacy policy. It has not yet been reviewed by counsel and should not be treated as legally binding until the effective date above. If you are a beta participant and need clarification on any section, email privacy@702aiservices.com.
1. Introduction
Fashion Stylist AI (“the Service”) is operated by 702 AI Services LLC (“we”, “us”, “our”). The Service helps adults preview AI-rendered outfits on their own bodies before purchase. We are the data controller for the information described in this policy. This policy explains what we collect, how we use it, who else sees it, how long we keep it, and the rights you have to control it.
If a term in this policy conflicts with our Terms of Service, the Privacy Policy controls for privacy matters. Our address of record is 1155 E Twain Ave Ste 108279, Las Vegas, NV 89123.
2. What we collect
We collect only what the Service needs to function. Three classes of data are involved, each treated under its own legal regime:
2a. Biometric identifiers
Your face photographs (six reference angles), your body video (one short clip), and any embeddings or features derived from them by our processing pipeline. Under the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), and the California Privacy Rights Act (CPRA) biometric provisions, this is biometric data and we treat it as a special category throughout the rest of this policy. Section 5 has the BIPA-required disclosure language.
2b. Standard personal information
- Account email address.
- Your stated age affirmation (you must be 18+ to create an account).
- Self-reported measurements (bust, waist, hip) and short free-text descriptions of your build, undertone, hair, and styling preferences.
- Stripe subscription metadata (plan tier, billing cycle, current period end). We do not store full card numbers; Stripe does.
- Affiliate click identifiers we mint when you click a shopping-list link.
- IP address and user-agent string at signup, login, calibration upload, and admin actions, for rate limiting and anti-fraud.
2c. Service usage metadata
- Render requests, render outputs, session briefs, shopping lists.
- Error events and performance traces (with personally identifying fields scrubbed before transmission to our error-tracking vendor).
- Product analytics events (page views, funnel completion, feature usage).
3. How we use it
- Face refs and body video are sent to image-generation models so they can render proposed outfits on your body. They are not used for any other purpose. They are never used to train a model we operate, and our contracts with vendors require them to be excluded from training as well (see Section 4).
- Email is used for account, transactional, and support communication (signup confirmation, render-complete notifications, password reset, refund issuance). We do not currently send marketing email.
- Stripe metadata is used to bill you, enforce render quotas tied to your tier, and process refunds.
- Affiliate click IDs let our partner networks (eBay Partner Network, ShareASale, Rakuten Advertising, AWIN) attribute a purchase you make from a shopping-list link to us so we earn a small commission. You can opt out of this via Account → “Do not sell or share my personal information.”
- IP and user-agent power rate limits (limiting login attempts, signup attempts, password resets), anti-fraud (detecting trial-creation abuse), and the immutable 18+ affirmation audit trail.
- Service usage metadata is used to operate the service (renders work because we know your session), debug failures (when something goes wrong we can see what), and improve features (which tiers use which models).
We do not sell your personal information in the conventional sense. The CCPA opt-out in Section 8 covers our affiliate-click handoff which is technically a “share” under CCPA's broad definition.
4. Who we share it with
We use the following processors and sub-processors. Each receives only the minimum data necessary to do its job:
4a. AI rendering vendors (receive face/body biometric data)
- Google Gemini API (Gemini 3 Pro image generation) — United States region.
- Google Vertex AI / Imagen 4 Ultra — United States region (premium-tier marquee renders).
- fal.ai — United States region (the inference broker), which routes specific models to their authors:
- Black Forest Labs Flux (United States)
- ByteDance Seedance / Seedream (data flow to a People's Republic of China sub-processor)
- MiniMax Hailuo (data flow to a People's Republic of China sub-processor)
You can pin US-only routing in Account → Image model preference; in that mode your biometric data never touches the Chinese sub-processors above.
4b. Payment processor
- Stripe Inc. — subscriptions, customer portal, refunds, fraud prevention. Stripe holds the card data; we store only the subscription ID and customer ID it issues us.
4c. Transactional email
- Resend — signup confirmation, render-complete notifications, password reset, refund email.
4d. Affiliate networks (receive click metadata only)
- eBay Partner Network
- ShareASale
- Rakuten Advertising
- AWIN
Affiliate networks receive a click identifier we mint, plus the standard browser fingerprint your browser would send to any website (IP, user-agent, referrer). They do not receive your biometric data, your email, or your subscription tier. You can opt out of this handoff under Section 8.
4e. Infrastructure
- Supabase — primary database and authentication.
- Cloudflare R2 — encrypted private storage of your biometric and render data.
- Cloudflare — CDN, DDoS protection, Web Application Firewall.
- Fly.io — backend hosting.
- Vercel — web frontend hosting.
4f. Observability and support
- Sentry — error tracking. Biometric URLs, prompts, email, and credentials are scrubbed by a filter before any event reaches Sentry; see our list of scrubbed keys in the open-source code at
tikvah-api/src/api/observability/sentry_pii_filter.py. - PostHog — product analytics, funnel measurement, session replay (replay is enabled only on the calibration intake flow with explicit consent, never on the render gallery).
- Crisp — customer support chat.
5. Biometric data disclosure (BIPA / CUBI / CPRA)
Your face photographs, body video, and any derived embeddings qualify as biometric identifiers under the Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001), and the California Privacy Rights Act (CPRA, Cal. Civ. Code § 1798.140) biometric provisions.
5a. Purpose
We collect this biometric data for one purpose only: rendering AI-generated images of you wearing proposed outfits, so you can preview outfits before purchase. We do not use it for identification, surveillance, advertising targeting, or any other purpose.
5b. Retention
We retain biometric data for the active term of your subscription plus thirty (30) days after termination, whichever comes first. Inactive accounts older than three (3) years have their biometric data destroyed automatically regardless of subscription status, consistent with the BIPA three-year retention cap.
5c. Destruction
At end of retention or on your request, we hard-delete your biometric data from our storage (a verifiable deletion of the R2 object prefix scoped to your user ID) and request purge from any vendor whose contract supports it. Vendor purge requests for image-generation processors are subject to each vendor's own retention windows, which are listed in our Vendor Due Diligence Register available on request.
5d. Consent
At intake we obtain your explicit consent before any face or body upload. The consent text reads, verbatim:
“I consent to my photos being used to render AI images of me wearing proposed outfits, and to storage of these photos in encrypted private storage for the duration of my subscription. I have read the Privacy Policy section on biometric data and understand which vendors will receive my photos, how long they will be retained, and how I can request their deletion.”
5e. Vendors receiving biometric data
Per Section 4a above: Google Gemini API, Google Vertex AI / Imagen 4 Ultra, fal.ai (which routes to Black Forest Labs Flux, ByteDance Seedance/Seedream, and MiniMax Hailuo depending on your tier and the look). You can pin US-only routing in Account → Image model preference, which excludes the People's Republic of China sub-processors.
5f. Refusal
The Service does not function without biometric data — an outfit cannot be rendered on a body we have never seen. If you do not want to provide biometric data, please do not create an account.
6. Your rights under GDPR
If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation applies. You have the following rights:
- Right to access (Art. 15). Request a JSON export of your account data. Endpoint ships in Phase 10; until then, email privacy@702aiservices.com.
- Right to rectification (Art. 16). Email us to correct inaccurate data; many fields are also self-editable from Account.
- Right to erasure (Art. 17, also called “right to be forgotten”). Use Account → Delete my data, or email us. We cascade-delete your calibrations, soft-delete your sessions, scrub PII from our audit log, and purge R2 prefixes within 30 days.
- Right to restrict processing (Art. 18). The CCPA opt-out toggle in Section 8 restricts affiliate-click sharing; for broader restriction, email us.
- Right to data portability (Art. 20). Ships in Phase 10; until then, email request.
- Right to object (Art. 21). Email privacy@702aiservices.com with the basis for your objection.
- Rights related to automated decision-making (Art. 22). The Service performs automated AI rendering of your photographs. You can opt out of automated rendering by not creating an account — rendering is the core function of the Service.
You also have the right to lodge a complaint with a supervisory authority (e.g., your national Data Protection Authority in the EU).
7. Your rights under California law (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the following rights:
- Right to know. What categories of personal information we collect about you, the sources, the purposes, and the categories of third parties we share it with. See Sections 2-4 above.
- Right to delete. See Section 6 (right to erasure).
- Right to correct. Inaccurate personal information can be corrected via Account or email.
- Right to opt out of sale or sharing. See Section 8.
- Right to limit use of sensitive personal information. Your biometric data is sensitive personal information under CPRA. Its sole use is rendering (see Section 3), and we do not use it for inferring characteristics beyond what is required for the render.
- Right to non-discrimination. Exercising these rights will never trigger a price change, a denial of service, or a service-quality downgrade.
8. Do not sell or share my personal information (CCPA opt-out)
To opt out of our affiliate-click sharing, go to Account and toggle on “Do not sell or share my personal information.” When the toggle is on:
- Shopping-list links display the original retailer URL with no tracking ID added.
- No click row is written for your future page-loads of shopping lists.
- No broker handoff occurs to the affiliate networks listed in Section 4d.
- You can still browse and purchase; we simply will not earn commission on your purchase.
The opt-out applies going forward only — it does not retroactively delete click rows already written before the toggle was enabled. For a full retroactive deletion, use Account → Delete my data.
We do not sell your personal information in the conventional sense of selling lists for money. The CCPA opt-out covers the affiliate-click handoff which is technically a “share” under CCPA's broad definition.
9. Children under 18
The Service is for adults. You must be eighteen (18) years of age or older to create an account. We do not knowingly collect personal information from anyone under 18, and we have implemented a binding 18+ affirmation at signup that is audit-logged with IP address and timestamp.
If you believe a minor has created an account, please report it to privacy@702aiservices.com and we will terminate the account and delete the data within 72 hours.
10. Security
We store your biometric data in encrypted private storage (Cloudflare R2 with bucket policies that deny public ACLs, accessed by signed URLs that expire within 24 hours). Our database is hosted on Supabase with row-level security policies that filter every user-scoped query by user ID. Our staff cannot read your biometric data; admin actions are IP-allowlisted and audit-logged.
No system is perfectly secure. In the event of a data breach, we will notify affected users without undue delay (target: within 72 hours of confirmation, per GDPR Art. 33) and notify regulators where required.
11. Changes to this policy
We may update this policy. Material changes will be announced by email to your account address at least 30 days before they take effect, with a summary of what changed and a link to the new policy. Continued use of the Service after the effective date constitutes acceptance.
12. How to contact us
For any privacy-related question or request, email privacy@702aiservices.com. Our mailing address is 1155 E Twain Ave Ste 108279, Las Vegas, NV 89123.
For DMCA copyright notices, see our DMCA policy.