Privacy Policy for armoires
armoires ("armoires," "we," "us," or "our") operates the armoires mobile application and related services at armoires.io (collectively, the "Service"). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have.
By creating an account or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
1. Who We Are
Data Controller: armoires
Contact: support@armoires.io
Privacy inquiries: support@armoires.io
2. Information We Collect
2.1 Information You Provide Directly
Account information. When you create an account, we collect:
- Email address
- Username
- Full name (common name)
- Password (stored as a salted hash; we never store your plaintext password)
Sign in with Google / Sign in with Apple. If you sign in with Google or Apple, we receive from that provider:
- Your email address
- Your name (given name + family name)
- A profile picture URL (Google only)
- A provider-specific user identifier used to link your account
- Whether the email is verified
We request only the openid, email, and profile scopes from Google, and name + email from Apple.
Profile content. You may add a profile photo and edit your username, name, and closet privacy settings.
Style preferences. You may optionally provide:
- Gender
- Style inspiration (free text)
- Preferred brands, styles, colors, and occasions
Closet, outfit, and shopping content. You may upload:
- Photos of clothing items
- Item metadata you enter (captions, descriptions, brand, price, category, color, occasion tags, product links)
- Outfits you assemble from your items
- External shopping items you save from retailers (title, price, brand, image, product URL)
- Collections (bookmarks and saved items)
- Posts, comments, replies, likes, and follows
- User tags (mentions of other users)
Messages. If you use direct messaging, we store:
- Message text and any shared attachments (items, outfits, collections)
- Conversation participants and timestamps
- Read and delivery receipts
Support and feedback. If you email support or submit an issue report, we keep the correspondence and any information you include.
2.2 Information Collected Automatically
Device and session data. When you use the app, we automatically collect:
- A session identifier (UUID) we generate on app open
- Time of day and day of week
- Screens you visit within a session
- Session duration
- Authentication tokens (JWT access and refresh tokens, stored on your device)
Interaction and behavioral signals. To power recommendations and improve the Service, we log how you interact with content. This includes, for each event, the relevant item or outfit identifier, timestamp, and event-specific metadata:
item_viewed,item_tapped,item_skipped,item_saved,item_deleted,item_added,item_multi_tagged,item_return_viewphoto_zoomed,retailer_tappedsearch_query,search_result_tapped,search_result_skip,filter_appliedsession_start,session_end,feed_position,closet_openedoutfit_viewed,outfit_tapped,outfit_saved,outfit_shuffled,outfit_worn,outfit_piece_tapped,outfit_sharedoccasion_tagged
Your search text is stored and used to build a semantic profile for recommendations.
Inferred profile. We derive a "cold-start profile" from your closet and interactions, including your dominant color palette, top categories, price tier, brand affinity, occasion coverage, and closet completeness. This profile is used to personalize recommendations.
Camera and photo library. The app requests access to your camera and photo library when you add an item, update your profile picture, or share a photo in chat. Photos are only uploaded when you explicitly attach or submit them.
2.3 Information We Do Not Collect
- We do not collect your precise or approximate location.
- We do not access your contacts.
- We do not collect your microphone audio.
- We do not use the iOS IDFA or engage in App Tracking Transparency-scoped tracking across apps and websites owned by other companies.
- We do not process payments in the app. External retailer links take you to third-party sites, where those sites' own privacy policies apply.
- We do not retain or store selfies uploaded for virtual try-on; they are streamed to our image-generation provider and discarded after the composite image is returned.
2.4 Virtual Try-On
When you use our virtual try-on feature, we process two categories of image data:
Selfie (or "person image") you upload to preview an outfit:
- Streamed to Google Vertex AI (
virtual-try-on-001model) for one-time processing. - Not stored on Armoires servers, not stored in our database, and not written to S3.
- Not used to train Vertex AI's underlying model, per Google Cloud's data-processing terms for Vertex AI.
- Discarded by Armoires after the composite image is returned.
Try-on result images (the composite of you wearing a candidate garment):
- Stored in AWS S3 under your user account.
- Visible only to you unless you choose to share or save them to your profile.
- Deleted when you delete your account, or when you individually remove them from the app.
You can choose, instead of uploading a selfie, to use a stock model photo provided by Armoires for try-on. In that case no personal image is processed.
3. How We Use Your Information
We use the information described above to:
- Create and maintain your account
- Authenticate you (including via Google and Apple)
- Host your closet photos and let you organize items, outfits, and collections
- Generate AI-assisted outfit recommendations, styling suggestions, and semantic search results
- Personalize your "For You" feed and product suggestions
- Enable social features: follows, comments, likes, posts, direct and group messaging
- Send transactional email (welcome email, password reset, account-deletion confirmation, support replies)
- Detect and prevent fraud, abuse, and security incidents
- Debug, monitor, and improve the Service
- Comply with legal obligations
4. How We Share Your Information
4.1 With Other Users
The following is visible to other armoires users or the public when your account or content is public:
- Username, display name, and profile picture
- Catalog (closet) items you have not marked private
- Outfits, posts, and comments you create
- Your followers and who you follow (implied through follow actions)
- Messages you send (visible only to conversation participants)
You can mark your closet or individual items as private. Private content is not shown to other users in public feeds or on your public profile.
4.2 With Service Providers (Sub-processors)
We share information with the following categories of vendors strictly to operate the Service. Each is bound by contractual confidentiality and data-protection obligations.
| Vendor | Purpose | Data shared |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting (EC2, RDS PostgreSQL, S3 object storage, ECR, CodeBuild, CodeDeploy) | All account and content data stored at rest, including photos you upload |
| AWS Bedrock (running Anthropic Claude models) | AI outfit advice, styling recommendations, image and text analysis | Item photos, item descriptions, outfit history, user preferences, chat/search queries you submit to AI features |
| AWS Bedrock (running Amazon Titan embedding models) | Generating vector embeddings for semantic search | Item descriptions, search queries, item photos |
| AWS Simple Email Service (SES) | Sending transactional email | Your email address, name, and the content of the transactional message |
| Google Identity Services | "Sign in with Google" authentication | OAuth tokens issued when you sign in |
| Apple | "Sign in with Apple" authentication | OAuth tokens issued when you sign in |
| Shopify (Catalog MCP) | Product discovery and shoppable recommendations | Search queries, gender / occasion / color filters, relevant wardrobe context for personalization |
| Recombee | Recommendation engine for the "For You" feed | User ID, username, gender, style preferences, profile image URL, item metadata, interaction events (views, likes, saves) |
| Microsoft Azure Cognitive Services | Background removal on item photos | Item photos you submit for processing |
| Expo / Expo Application Services (EAS) | Mobile app build, over-the-air updates, crash metadata | App version, update channel, and diagnostic data tied to a random installation identifier |
| Google Cloud Platform — Vertex AI | Virtual try-on image generation (virtual-try-on-001 model) |
Uploaded selfie is streamed for one-time processing and not retained by Armoires or used to train Google's models. |
Some of these vendors process data in the United States and other countries. Where required by law, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers.
4.3 Legal and Safety
We may disclose information when we believe in good faith that disclosure is necessary to:
- Comply with a subpoena, court order, or other legal obligation
- Enforce our Terms of Service
- Protect the rights, property, or safety of armoires, our users, or the public
- Detect, prevent, or address fraud, security, or technical issues
4.4 Business Transfers
If armoires is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you (for example, by email or an in-app notice) if your information becomes subject to a materially different privacy policy.
4.5 We Do Not Sell Your Personal Information
We do not sell your personal information, and we do not share it with third parties for their own advertising or marketing.
5. AI Features and Your Content
When you use AI-powered features of the Service (outfit advisor, styling agent, semantic search, AI outfit generation, shoppable product recommendations, image analysis, or chat), we send the content you submit — including your item photos, item descriptions, outfit history, style preferences, and any text you type — to our AI sub-processor AWS Bedrock, which runs Anthropic's Claude models and Amazon's Titan embedding models.
Our AI sub-processors process this content solely to return a response to your request. We do not permit these sub-processors to use your content to train their foundation models.
Vector embeddings derived from your photos and text are stored in our database to enable semantic search across your closet. These embeddings are not human-readable and cannot be reversed back into your original photo.
6. Data Retention
- Account data. We retain your account, closet items, outfits, messages, and activity logs for as long as your account is active.
- Deleted items and outfits. When you delete an item or outfit, it is marked for deletion in our database. The item is no longer shown to you or other users, but residual copies (including soft-deleted rows and photo files) may persist for a limited time before permanent removal.
- Messages. Deleting a message hides it from the conversation. The underlying record is retained for a limited time for abuse prevention and backup integrity.
- Backups. Data may persist in encrypted backups for a reasonable period after deletion from the live database.
- Interaction logs and search queries. Behavioral signals, search queries, and derived profile data are retained while your account is active and for a limited period afterward to support recommendation model accuracy and abuse prevention.
Account Deletion
You can delete your account at any time from in-app Settings, or by emailing support@armoires.io. When you delete your account, we:
- Delete your user record and your personal catalog
- Send a confirmation email to the address on file
- Remove your profile from public search
Certain content — including comments you posted on other users' items, messages you sent, and social activity entries — may be retained in a de-identified form to preserve the integrity of conversations and public threads you participated in.
7. Security
We use industry-standard measures to protect your information, including:
- HTTPS/TLS for all API traffic and WebSocket connections
- Password hashing with PBKDF2 and a per-user salt
- JWT-based authentication with token rotation and a blacklist for rotated refresh tokens
- Managed PostgreSQL (AWS RDS) with SSL required for connections
- Object storage (AWS S3) with provider-managed encryption at rest
- Principle-of-least-privilege IAM on cloud resources
No online service is perfectly secure. If you believe your account has been compromised, contact us at support@armoires.io immediately.
8. Your Choices and Rights
Depending on where you live, you may have the following rights:
- Access. Request a copy of the personal information we hold about you.
- Correction. Correct inaccurate personal information (you can also edit most of this directly in the app).
- Deletion. Delete your account and associated personal information.
- Portability. Receive certain information you provided in a portable format.
- Objection / restriction. Object to or restrict certain processing activities.
- Withdraw consent. Where processing is based on consent, withdraw that consent.
- Complaint. Lodge a complaint with your local data-protection authority.
To exercise any of these rights, email support@armoires.io from the address on file. We will respond within the time required by applicable law.
In-App Controls
- Closet privacy. Toggle your entire closet, or an individual item or outfit, to private.
- Photo permissions. Grant or revoke camera and photo-library access at any time in your device settings. Revoking access will prevent you from uploading new photos but will not delete photos you have already uploaded.
- Push and in-app notifications. Manage from your device or in-app settings.
- Block and report. You can block users and report content or conversations from within the app.
9. Children's Privacy
The Service is not directed to, and we do not knowingly collect personal information from, children under 13 years of age (or the equivalent minimum age in your jurisdiction, such as 16 in parts of the EEA). You must be at least 13 years old to create an account.
If you believe a child under 13 has provided us personal information, email support@armoires.io and we will take reasonable steps to delete the information.
10. International Users
The Service is operated from the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, processed in, and stored in the United States and other countries where our sub-processors operate.
Users in the European Economic Area, United Kingdom, or Switzerland
The legal bases we rely on to process your personal information include:
- Contract — to provide the Service you signed up for (Article 6(1)(b) GDPR).
- Legitimate interests — to secure the Service, prevent abuse, improve recommendations, and operate our business (Article 6(1)(f) GDPR).
- Consent — for specific processing such as optional photo/camera access (Article 6(1)(a) GDPR).
- Legal obligation — where required by law (Article 6(1)(c) GDPR).
Users in California
Under the California Consumer Privacy Act (CCPA/CPRA), you have the rights described in Section 8. We do not "sell" personal information as defined in the CCPA, and we do not knowingly sell or share the personal information of minors under 16.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top and, where appropriate, by in-app notice or email. Your continued use of the Service after the effective date of a revised policy constitutes acceptance of the changes.
12. Contact
For privacy questions, data-subject requests, or concerns about this policy:
Email: support@armoires.io
Subject line: "Privacy Request"
This document describes our current practices as of the date above. Where local law requires, specific provisions of that law will prevail over any inconsistent term in this policy.