Privacy Policy

Last Updated: March 2, 2026

Xtylist AI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

1. Information We Collect

1.1 Personal Information

When you create an account, we collect:

• Email address
• Name (optional)
• Profile photo (optional)
• Authentication data from social login providers (Google, Apple)

1.2 Wardrobe Data

When you use our wardrobe features, we collect:

• Photos of clothing items you upload
• Clothing metadata (categories, colors, brands, seasons)
• Outfit combinations you create or save

1.3 Body Measurements (Optional)

If you choose to use virtual try-on features:

• Photos you upload for try-on generation
• Body shape preferences (optional)

Important: Body measurement data is encrypted using AES-256-GCM encryption and is never stored in plaintext. You can delete this data at any time.

1.4 Usage Data

We automatically collect:

• Device information (model, operating system)
• App usage statistics
• Feature interaction data
• Crash reports and performance data

1.5 Location Data

With your permission, we collect approximate location for weather-based outfit recommendations. You can disable this in your device settings.

2. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Generate personalized outfit recommendations
• Create virtual try-on images and videos
• Provide weather-appropriate suggestions
• Process payments and subscriptions
• Send service-related communications
• Improve and optimize the Service
• Detect and prevent fraud or abuse

3. AI Processing & Third-Party AI Services

We use artificial intelligence to:

• Categorize and tag your clothing items
• Generate outfit suggestions
• Create virtual try-on photos and videos
• Provide personalized style recommendations via AI chat

3.1 Third-Party AI Services

To provide these AI features, your data is sent to the following third-party services:

• Google Gemini (Google LLC): Your photos and text messages are sent to generate virtual try-on images and style recommendations. Google Gemini API Terms
• MiniMax Hailuo (MiniMax, via Replicate Inc.): Your photos are sent to generate virtual try-on videos with realistic motion. Replicate Privacy Policy

3.2 What Data Is Sent

• Photos you upload for virtual try-on (your selfie photo and clothing item images)
• Text messages you send in AI style chat
• Body shape analysis photos (if you use the body shape feature)

3.3 How Your Data Is Protected

• All data is transmitted securely via HTTPS encryption
• Your photos are processed through our secure servers — never sent directly from your device to third parties
• Your images are not permanently stored by these third-party services
• Your data is not used to train AI models
• You are asked for explicit consent before any data is sent to AI services

4. Data Sharing

We do not sell your personal information. We may share data with:

• Service Providers: Cloud hosting (Supabase, Vercel), payment processing (Stripe), AI services (Google Gemini, MiniMax via Replicate)
• Community Features: Content you choose to share publicly (outfit posts, comments)
• Legal Requirements: When required by law or to protect our rights

5. Data Security

We implement industry-standard security measures:

• Encryption in transit (TLS/SSL)
• Encryption at rest (AES-256)
• Row-level security for database access
• Regular security audits
• Secure authentication (JWT tokens)

6. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

• Personal data is deleted within 30 days
• Wardrobe images are permanently deleted
• Anonymized analytics may be retained

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

• Access: Request a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data
• Portability: Receive your data in a portable format
• Restriction: Limit how we use your data
• Objection: Object to certain processing

To exercise these rights, contact us at privacy@xtylistai.com

8. Children's Privacy

The Service is not intended for children under 13 (or 16 in the EEA). We do not knowingly collect data from children. If you believe a child has provided us data, please contact us.

9. International Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or in-app notification. Continued use of the Service after changes constitutes acceptance.

11. Contact Us

For privacy-related questions or requests:

• Email: privacy@xtylistai.com
• Support: support@xtylistai.com
• Website: xtylistai.com

Xtylist AI
Your AI-Powered Personal Stylist