Privacy Policy for DG Closet
Effective Date: November 23, 2025
Last Updated: November 23, 2025
Version: 1.0
Introduction
DG Closet ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.
By using DG Closet, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Personal Information You Provide
When you create an account, we collect:
- Email Address (for email/password registration or verification)
- Full Name (optional, or from OAuth provider)
- Username (auto-generated or user-provided)
- Password (encrypted with bcrypt, never stored in plain text)
1.2 Information from Third-Party Authentication
When you sign in using Apple Sign In or Google OAuth, we receive:
| Provider | Information Received | What We DON'T Receive |
|---|---|---|
| Apple | • Unique Apple user identifier • Email address (may be hidden/relay) • Full name (first sign-in only) • Email verification status | ❌ Apple ID password ❌ Payment info ❌ iCloud data |
| • Unique Google user identifier • Email address • Full name • Profile picture URL (optional) • Email verification status | ❌ Google password ❌ Gmail content ❌ Search history |
Important: We do NOT receive or store your Apple ID password, Google password, or any authentication credentials from these providers. Authentication is handled directly by Apple and Google.
1.3 Photo and Image Data
When you use our wardrobe management features, we collect and process:
- Wardrobe Photos: Images of clothing items you upload
- Try-On Photos: Optional photos of yourself for virtual try-on features
- Processed Images: Background-removed versions and AI-generated outfit visualizations
| Aspect | Details |
|---|---|
| Storage Location | Amazon Web Services (AWS) S3 in US-EAST-2 region (Ohio, United States) |
| Encryption | AES-256 server-side encryption at rest, TLS 1.2+ encryption in transit |
| AI Processing | • Google Gemini AI: Clothing analysis, outfit recommendations, virtual try-on • BiRefNet Model: Background removal (processed on our servers, not shared) |
| AI Training | Your photos are NOT used to train AI models. Processing is real-time only. |
| Retention by AI | Google Gemini: Temporary processing (<1 hour cache), not permanently stored |
| Metadata Removal (EXIF) | ✅ Privacy Protection: All photos automatically have EXIF metadata stripped before storage. Removed data includes: GPS location, device make/model, camera settings, timestamps, software info. This prevents accidental sharing of your home address or device information. |
| Virtual Try-On Attributes | ⚠️ Temporary Biometric Attributes: When you use virtual try-on, we extract attributes like: • Gender presentation, skin tone, body type, height range, age range • Face shape, hair color, eye color, body posture Important: These attributes are processed in real-time and NOT permanently stored. They are used only during the try-on session to generate accurate visualizations. |
1.4 Usage Data
We automatically collect:
- Device information (iOS version, device model)
- App usage statistics (features used, frequency)
- Error logs and crash reports
- API request logs (IP address, timestamp, endpoint accessed)
1.5 Information We Do NOT Collect
- ❌ Location data or GPS coordinates
- ❌ Contacts or address book
- ❌ Payment information (app is currently free)
- ❌ Photo EXIF metadata (camera model, software, timestamps - automatically stripped)
- ⚠️ Temporary biometric attributes (skin tone, face shape, etc. - extracted ONLY during virtual try-on, processed in real-time, NOT stored)
- ❌ Permanent biometric identifiers (Face ID/Touch ID handled by iOS, not by us)
- ❌ Messages or communications with others
- ❌ Browsing history outside the app
2. How We Use Your Information
2.1 Primary Uses
| Purpose | How We Use Your Data |
|---|---|
| Provide Services | • Create and manage your account • Store and organize wardrobe items • Generate outfit recommendations • Provide AI-powered virtual try-on • Enable photo background removal |
| Communication | • Send account verification emails • Send password reset emails • Send important service notifications |
| Improvement | • Analyze app usage to improve features • Fix bugs and technical issues • Develop new features |
| Security | • Detect and prevent fraud • Verify account ownership • Protect against unauthorized access |
2.2 AI Processing Details
Your photos are processed by AI to:
- Identify clothing categories (shirts, pants, shoes, etc.)
- Detect colors and patterns
- Generate outfit combinations
- Create virtual try-on visualizations
Google Gemini Data Retention: Your images are sent via API, processed in real-time, and immediately discarded by Google. They are NOT retained, stored, or used for AI training.
2.3 Automated Decision-Making (GDPR Article 22)
We use AI for certain automated processes. Here's what you need to know:
| AI Process | What It Does | Impact on You |
|---|---|---|
| Clothing Categorization | Automatically labels items (shirt, pants, shoes, etc.) | You can manually override categories |
| Color & Pattern Detection | Identifies dominant colors and patterns | Helps filter and search your wardrobe |
| Outfit Recommendations | Suggests clothing combinations based on your wardrobe | Purely advisory - you choose what to wear |
| Virtual Try-On | Generates visualization of outfits on your photo | Optional feature - you control when to use it |
Important: None of these automated processes have legal or similarly significant effects on you. They are assistive tools to help you manage your wardrobe. You always retain full control to accept, reject, or modify AI suggestions.
3. Data Sharing and Disclosure
3.1 Third-Party Service Providers
We share your data with the following trusted third parties:
⚠️ Third-Party Privacy Practices: While we carefully select trusted service providers, we are not responsible for their privacy practices. Each provider operates under their own privacy policy. We recommend reviewing:
- AWS Privacy: aws.amazon.com/privacy
- Google Cloud/Gemini Privacy: cloud.google.com/terms/cloud-privacy-notice
- Apple Privacy: apple.com/privacy
| Service Provider | Data Shared | Purpose |
|---|---|---|
| Amazon Web Services (AWS) | Images, database records | Cloud hosting and storage |
| Google Gemini AI | Images (temporary) | AI-powered clothing analysis |
| Apple Inc. | Authentication tokens | Apple Sign In verification |
| Google LLC | Authentication tokens | Google Sign In verification |
| AWS SES | Email address | Sending verification emails |
3.2 We Do NOT Sell Your Data
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
3.3 Legal Requirements
We may disclose your information if required by law:
- To comply with legal process (subpoena, court order)
- To protect our rights or property
- To investigate fraud or security issues
- To protect user safety
4. Data Retention and Deletion
4.1 Active Account Data Retention
| Data Type | Retention Period |
|---|---|
| Profile Information | Indefinitely (until you delete your account) |
| Wardrobe Photos | Indefinitely (until you delete items or account) |
| Try-On Results | 90 days (then automatically deleted) |
| Usage Logs | 90 days (for debugging, then automatically deleted) |
| Error Logs | 30 days (then automatically deleted) |
4.2 Account Deletion
When you delete your account, the following occurs:
| Timeline | What Happens |
|---|---|
| Within 24 hours | • All wardrobe photos deleted from AWS S3 • All try-on photos deleted from AWS S3 • All outfit combinations deleted • Profile information anonymized in database • Account marked as deleted |
| 30-day grace period | • Database records retained (marked as deleted) • Allows account recovery if deletion was accidental • No access to account during this period |
| After 30 days | • All data permanently deleted • Account cannot be recovered |
| Backup retention | • Encrypted backups may retain deleted data for up to 90 days • Used solely for disaster recovery • Not accessible or used for any other purpose |
4.3 How to Delete Your Account
You can delete your account at any time:
- In-app: Profile → Settings → Privacy & Data → Delete Account
- Email: privacy@dgcloset.com
5. Data Security
5.1 Security Measures
We implement industry-standard security practices:
| Security Layer | Protection Method |
|---|---|
| Data in Transit | TLS 1.2+ encryption (HTTPS) for all data transmission |
| Data at Rest - Images | AWS S3 AES-256 server-side encryption |
| Data at Rest - Database | AWS RDS encryption with AES-256 |
| Passwords | Bcrypt hashing with salt (never stored in plain text) |
| API Credentials | Stored in AWS Secrets Manager (not in code) |
5.2 Your Responsibilities
To keep your account secure:
- Use a strong, unique password (if using email/password login)
- Do not share your login credentials
- Enable device security (passcode, Face ID, Touch ID)
- Sign out when using shared devices
- Review account activity regularly
6. Children's Privacy (COPPA Compliance)
DG Closet is NOT intended for children under 13 years old.
We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately within 24 hours.
If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at: parents@dgcloset.com
6.1 If You Are Under 13
If you are under 13 years old, please do not use DG Closet. Ask your parent or guardian to contact us if they have questions.
7. Your Privacy Rights
7.1 General Rights
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your account and data (see Section 4.3)
- Portability: Export your data in machine-readable format (JSON)
- Objection: Object to certain data processing activities
- Restriction: Request restriction of data processing
7.2 California Residents (CCPA)
If you are a California resident, you have additional rights:
- Right to know what personal information is collected
- Right to know if we sell or share personal information (we do not)
- Right to opt-out of data sales (not applicable, we don't sell data)
- Right to non-discrimination for exercising privacy rights
- Right to request deletion of personal information
- Right to correct inaccurate personal information
How to Exercise Rights:
- In-app: Profile → Settings → Privacy & Data
- Email: privacy@dgcloset.com
- We will respond within 30 days
California Minors Under 16
Enhanced Privacy Protection for Minors
We do NOT sell personal information of minors under 16 years old.
- Ages 13-15: We would require affirmative parental consent before any sale of personal information (which we don't do)
- Ages 16-17: Users have the right to opt-out of data sales (which we don't do)
Note: Since DG Closet does not sell user data to any third parties, this protection is built into our core business model.
7.3 European Residents (GDPR)
If you are in the EU/EEA/UK, you have additional rights under GDPR:
- Right to data portability (export in machine-readable format)
- Right to restrict processing
- Right to object to automated decision-making
- Right to lodge a complaint with your local Data Protection Authority
- Right to withdraw consent at any time
8. International Data Transfers
8.1 Data Storage Location
Your data is stored on AWS servers in the US-EAST-2 region (Ohio, United States).
8.2 International Users
If you access DG Closet from outside the United States:
- Your data will be transferred to and processed in the United States
- The United States may not have the same data protection laws as your country
- By using DG Closet, you consent to this transfer
9. Changes to This Policy
We may update this Privacy Policy periodically. When we do:
- Material Changes: We will notify you via email and in-app notification 30 days before changes take effect
- Minor Changes: We will update the "Last Updated" date and post the new policy
- Continued Use: Continued use after changes means you accept the new policy
10. Contact Us
10.1 Privacy Questions
For privacy-related questions or to exercise your rights:
Email: privacy@dgcloset.com
Response Time: Within 48 hours (requests processed within 30 days)
10.2 Data Protection Officer
For GDPR-related inquiries: dpo@dgcloset.com
10.3 Parental Inquiries
For concerns about children's privacy: parents@dgcloset.com
11. Additional Information
11.1 Do Not Track
Our app does not respond to "Do Not Track" browser signals as we do not track users across websites or apps for advertising purposes.
11.2 Third-Party Links
Our app may contain links to third-party websites (e.g., clothing retailers). We are not responsible for their privacy practices. Please review their privacy policies before providing any information.
11.3 Business Transfers
If DG Closet is acquired, merged, or sells assets, your data may be transferred to the new entity. You will be notified of any such change and given the option to delete your account.
Summary
| We collect: | Email, name, photos you upload |
| We use it for: | Providing wardrobe management and AI outfit features |
| We share with: | AWS (storage), Google (AI processing), Apple/Google (authentication) |
| We do NOT: | Sell your data, track your location, or use your photos to train AI |
| Your rights: | Access, delete, export your data anytime |
| Your photos: | Encrypted, not used for AI training, deleted when you delete account |
| Data retention: | 30-day grace period for account deletion, backups retained 90 days max |
| Security: | AES-256 encryption, TLS, bcrypt passwords, 72-hour breach notification |
Last Updated: November 23, 2025
Version: 1.0
By using DG Closet, you acknowledge that you have read and understood this Privacy Policy.