This Privacy Policy explains how Try It On ("we", "us", "our") processes data when Shopify merchants ("you", "Store Owner") install and use our Virtual Try-On application, and how data from your customers ("End Users") is handled.
See also our Terms & Conditions.
1. Data Controller & Processor Roles
Under GDPR and applicable data protection laws:
- You (Store Owner) are the Data Controller responsible for your customers' data and for ensuring lawful basis for processing.
- We (Try It On) act as a Data Processor, processing data solely on your behalf and according to your instructions through the app.
- Google (AI Provider) acts as a Sub-Processor, processing images through their Gemini AI service.
Important: As the Store Owner, you are responsible for providing appropriate privacy notices to your customers and obtaining any necessary consents before they use the Virtual Try-On feature.
2. Data We Process
End User Data (Your Customers)
When your customers use the Virtual Try-On feature, the following data is processed:
- User Photos: Images uploaded by customers for the try-on visualization
- Product Images: Your store's product images selected for the try-on
Merchant Data (You)
- Shopify Store Information: Store domain, shop ID (provided by Shopify during installation)
- App Configuration: Settings you configure within the app
- Usage Data: Credit usage and generation counts for billing purposes
3. How Data is Processed
We do not store End User photos on our servers. All image processing is transient.
Processing Flow
- End User uploads their photo through your store
- Photo is transmitted via encrypted HTTPS to our processing endpoint
- We forward the image to Google's Gemini AI for generation
- Generated result is returned to the End User's browser
- Original photo is immediately discarded – we retain nothing
Local Storage (End User's Device)
If the "Remember my photo" option is enabled:
- Photos are stored in the End User's browser (IndexedDB)
- Generated results are stored locally for history feature
- This data never leaves the End User's device
- We have no access to locally stored data
4. Third-Party AI Processing (Google)
We use Google AI to generate virtual try-on images:
- Images are transmitted securely to Google's servers
- We use Google's highest available safety settings
- Google processes data according to their Privacy Policy
- Google acts as our Sub-Processor under our Data Processing Agreement
Note: Google's data handling practices are governed by their own policies. We have configured our integration for maximum privacy, but we cannot control Google's internal data practices.
5. Data Retention
- End User Photos: Not retained – processed in real-time and immediately discarded
- Generated Images: Not stored on our servers – only in End User's local browser storage
- Merchant Account Data: Retained while your app subscription is active
- Usage Logs: Retained for 90 days for billing and debugging purposes
6. GDPR Compliance
Your Obligations as Data Controller
As the Store Owner using our app, you must:
- Update your store's Privacy Policy to disclose the use of AI-powered virtual try-on
- Obtain appropriate consent from End Users before they upload photos
- Respond to End User data subject requests (access, deletion, etc.)
- Ensure the app is used in compliance with applicable laws in your jurisdiction
Our Obligations as Data Processor
- Process data only according to your instructions through the app
- Implement appropriate technical and organizational security measures
- Assist you in responding to data subject requests where applicable
- Notify you of any data breaches affecting your customers' data
End User Rights
Since we don't store End User data, most GDPR rights are satisfied by default:
- Right to Access: No data to access on our servers
- Right to Erasure: No data to erase – locally stored data can be cleared via browser settings
- Right to Portability: End Users can access their local data through browser developer tools
- Right to Object: End Users can simply choose not to use the feature
7. Security Measures
- All data transmission occurs over encrypted HTTPS/TLS connections
- No user accounts or profiles are created for End Users
- No personal identifiers are associated with processed images
- Server infrastructure is hosted on secure, SOC 2 compliant platforms
- Access to systems is restricted and logged
8. International Data Transfers
Data may be processed in the following locations:
- Our Servers: Canada (Fly.io Toronto region)
- Google AI: United States (Google Cloud infrastructure)
For EU/EEA users, transfers are conducted under Standard Contractual Clauses (SCCs) where required.
9. Children's Privacy
The Virtual Try-On feature is not intended for use by individuals under 16 years of age. Store Owners should implement appropriate age restrictions if their store serves minors.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via:
- Email notification to the registered store owner
- Notice within the Shopify app dashboard
Continued use of the app after changes constitutes acceptance of the updated policy.
11. Contact Information
For privacy-related inquiries:
- Email: privacy@wavedigital.studio
- Developer: Wave Digital Studio
For data subject requests, End Users should contact you (the Store Owner) directly. You may then contact us if assistance is needed.