Skip to main content
MyToiléTerms

Privacy Policy

Last updated: March 2026

1. What We Collect

We collect the following categories of personal data:

Account information — email address, display name, password (hashed).

Profile data — selfie (for colour analysis and try-on), gender expression, language, location, style preferences.

Wardrobe data — clothing photos, item metadata (colours, brands, categories, cost), outfit combinations, wear history, feedback.

Usage data — pages visited, features used, session duration, device type, browser type.

Billing data — processed by Stripe. We do not store credit card numbers.

2. How We Use Your Data

To provide the Service — wardrobe management, outfit suggestions, colour analysis, shopping companion, and related features.

To personalise your experience — style recommendations, weather-appropriate suggestions, and wardrobe analytics.

To process payments and manage your subscription.

To send transactional emails — outfit suggestions, wardrobe reports, account notifications.

To improve the Service — aggregated, anonymised usage analytics.

3. AI Processing

Your wardrobe photos and profile data are processed by third-party AI services (including Anthropic Claude, Google Cloud Vision, and others) to provide features such as item recognition, colour analysis, and outfit suggestions. These services process your data solely to generate results for you and do not retain your data beyond the processing request. We do not use your data to train AI models.

4. Data Storage and Security

Your data is stored in the European Union (Supabase, Frankfurt region). Images are stored on Cloudflare R2 with global CDN delivery. All data is encrypted in transit (TLS) and at rest. We implement industry-standard security measures including row-level security, rate limiting, and regular security audits.

5. Data Sharing

We do not sell your personal data. We share data only with:

Service providers — Supabase (database), Cloudflare (images), Stripe (payments), Resend (email), AI processing services. Each operates under data processing agreements.

Legal requirements — when required by law, court order, or to protect our legal rights.

6. Your Rights (GDPR)

Under GDPR, you have the right to:

Access — request a copy of all data we hold about you.

Rectification — correct inaccurate data in your profile.

Erasure — delete your account and all associated data.

Portability — export your data in a machine-readable format.

Restriction — limit how we process your data.

Objection — object to processing based on legitimate interests.

To exercise these rights, visit Settings in your MyToilé account or contact our support team.

7. Cookies

We use essential cookies for authentication and session management. We use analytics cookies only with your consent. You can manage cookie preferences at any time via the cookie banner or in your browser settings. We do not use advertising or tracking cookies.

8. International Data Transfers

Your data is primarily stored in the EU. Some processing services operate globally. Where data is transferred outside the EU, we ensure adequate safeguards through Standard Contractual Clauses or equivalent mechanisms.

9. Data Retention

We retain your data for as long as your account is active. After account deletion, personal data is permanently removed within 30 days. Anonymised analytics data may be retained indefinitely. Billing records are retained as required by tax and accounting regulations.

10. Children

MyToilé is not intended for users under 16 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email at least 30 days before they take effect.

12. Contact

For privacy-related enquiries, contact our Data Protection Officer via our support form.