Privacy Policy

1. What data we collect

We collect only what we need to operate the product and provide your analyses. Specifically:

• Account information. When you sign up, our authentication provider (Clerk) collects your email address and a hashed password (or an OAuth token if you sign in with Google or Apple). We receive a stable user identifier and your email; we do not see or store your password.
• Profile information. Optional fields you provide to improve analysis quality: self-declared gender, age, ethnicity, and free-text health notes used to contextualise skin readings. You can leave any of these blank, and edit or delete them at any time from Settings.
• Photos uploaded for analysis. Face, body, outfit, hair, and skin photos you submit so the AI can read them. Each photo is bound to the analysis it produced.
• Closet item photos. Pictures of garments you upload to your wardrobe. These are the only photos we keep indefinitely while your account is active, because the closet UI needs them.
• Generated analysis results. The structured JSON output of each analysis (scores, focus areas, recommendations) plus any saved outfits or roadmap items derived from it.
• Chat messages. Messages you exchange with the in-app consultant chat. We store them so you can see your own history and so the model has conversational context across turns.
• Payment information. Subscription and billing are handled entirely by Stripe. We never see, transmit, or store full card numbers, CVCs, or bank details. We receive a customer identifier, the last four digits of the active card, the brand, and the subscription status.
• Usage events. Anonymised pageviews, feature interactions, and performance metrics so we can fix bugs and prioritise what to build. These events are tied to a per-browser identifier, not to your name or email.

2. How your photos are processed

Photos are the most sensitive thing you give us, so the data flow is worth describing in detail.

2.1 Transit to AI providers

When you submit an analysis, the photo is sent over an encrypted (HTTPS) connection to a third-party AI provider: a vision-AI provider for image analysis and an additional chat-AI provider for the consultant feature on paid tiers. Both providers operate under enterprise API agreements that contractually exclude customer data — including your photos and prompts — from being used to train, fine-tune, or evaluate their models. We pay these providers per call; we do not exchange data for service.

2.2 Storage at rest

Closet photos and analysis photos are stored encrypted at rest in our private Supabase storage bucket. The bucket is not publicly readable. Files are served to the app through short-lived, signed URLs that expire within minutes. Encryption keys are managed by Supabase under their standard server-side encryption.

2.3 What we never do

We never sell your photos. We never share them with advertisers or data brokers. We never use them to train any model, our own or anyone else's. We never publish them or expose them to other users. The only people who can see a photo you uploaded are you (when logged in) and a small number of Objektiv engineers operating under confidentiality obligations who may access production data only for narrowly-scoped debugging tasks, with access logged.

3. Lawful basis for processing

Under the GDPR and equivalent regimes, we rely on the following lawful bases:

• Contract. To provide the analyses, closet, and chat features you have signed up for, we must process the data you submit to them.
• Consent. Optional profile fields (ethnicity, health notes) are processed only with your explicit consent, given at the time you fill them in. You can withdraw consent by clearing the field.
• Legitimate interests. Anonymised usage analytics, fraud prevention, and basic security logging rely on our legitimate interest in operating a reliable, abuse-resistant service.
• Legal obligation. We retain billing records for the period required by tax and accounting law in the jurisdiction where Objektiv is incorporated.

4. Data retention and deletion

Profile data, analysis results, photos, closet items, and chat messages are kept for as long as your account exists, or until you delete them — whichever comes first. From Settings you can:

• Export everything. A single click produces a ZIP containing your profile JSON, every analysis JSON, every chat transcript, and a folder with the original photo files. This is your right to data portability under GDPR Article 20.
• Delete an item. Individual analyses, closet items, outfits, or chat threads can be removed one at a time. Deletion removes both the database row and the underlying file in our storage bucket within seconds.
• Delete your account. Account deletion is irreversible and cascades. All profile rows, analysis rows, closet rows, outfit rows, chat rows, and the corresponding files in storage are removed within seconds. Stripe subscription and billing history is retained only for the legally-required period (typically 7 years for tax records) and then purged.

Backups are rotated on a 30-day schedule. If you delete your account, any residual copy in a backup snapshot will be overwritten within 30 days as the snapshot expires; we do not restore individual users from backups for any reason.

5. Third-party services

We rely on a small number of established providers to run the service. Each one is bound by a Data Processing Agreement and processes data only on our instructions.

• Clerk. Authentication and session management. Receives your email and password hash. clerk.com/privacy
• Stripe. Payment processing. Receives card details directly from your browser through their hosted checkout — they never pass through our servers. stripe.com/privacy
• Supabase. Postgres database and encrypted object storage. Hosts profile rows, analysis rows, and photo files. supabase.com/privacy
• AI providers.Vision and chat models invoked per-request to produce analyses and consultant replies. Data is in transit only; the providers' enterprise terms exclude our traffic from any training corpus.
• Vercel. Hosting and edge networking. Server logs are retained for 30 days for debugging; we configure them to redact request bodies and personal identifiers.
• PostHog or Vercel Analytics. Anonymised pageview and product analytics. We do not send email addresses or photo content to analytics; user actions are linked to a per-browser identifier only.

6. Cookies and similar technologies

We use the minimum cookies required to keep you signed in and the product working:

• Clerk session cookies. Strictly necessary. Without them you cannot stay logged in across pages.
• Theme and UI preferences. Local-storage entries that remember dark mode and similar choices. Not transmitted to our servers.
• Anonymous analytics identifier. A per-browser ID set by our analytics provider so we can distinguish unique visitors without identifying them.

We do not use marketing cookies, advertising trackers, third-party retargeting pixels, or cross-site tracking of any kind.

7. Your rights

Under the GDPR, the UK GDPR, the California Consumer Privacy Act, and most modern privacy regimes, you have the following rights with respect to your personal data:

• Access. See what we hold on you. The export tool in Settings provides a complete machine-readable copy.
• Rectification. Correct inaccurate profile data directly from Settings, or email us if a field is locked.
• Erasure. Delete your account or specific items at any time from Settings.
• Portability. Export your data as a portable JSON + ZIP archive.
• Restriction and objection. Stop us from processing your data for any non-essential purpose. Email us to invoke this right.
• Withdraw consent. Where processing is based on consent (such as the optional health notes field), withdraw it at any time. Withdrawal does not affect processing that happened before withdrawal.
• Lodge a complaint. You can contact your local data protection authority if you believe we are not complying with the law. We would prefer you contact us first so we can fix the issue.

To exercise any right, use the controls in Settings or email privacy@objektiv.ai. We respond within 30 days.

8. International transfers

Our infrastructure providers operate globally. Data may be transferred to and processed in jurisdictions outside the one in which you live, including the United States. Where transfers leave the European Economic Area or the United Kingdom, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum where relevant) as the transfer mechanism. We do not transfer your data to any country that does not provide at least equivalent protections.

9. Children

Objektiv is not intended for users under the age of 16. We do not knowingly collect personal information from minors. Do not upload photographs of children under 16, including your own, without verifiable parental consent. If we discover that we hold data on a minor without such consent, we will delete it promptly. If you are a parent or guardian and believe a minor has signed up, contact privacy@objektiv.ai.

10. Security

We protect your data through encryption in transit (TLS 1.2+ on every connection), encryption at rest for all photos and database fields containing identifiers, least-privilege access controls on production systems, audit logging of administrative access, and regular dependency and penetration scanning. No system is perfectly secure; if a breach occurs that affects you, we will notify you and the relevant authorities within the statutory window (72 hours under the GDPR).

11. Changes to this policy

We may update this policy as the product evolves. If we make material changes — such as adding a new category of data we collect, a new third-party processor, or a new purpose for processing — we will notify registered users by email at least 14 days before the change takes effect. Non-material clarifications (typos, reordering, clarifying language) take effect when posted. The “Last updated” date at the top of this page always reflects the most recent change.

12. Contact

The data controller for objektiv.ai is the entity operating Objektiv. For privacy questions, data subject requests, or to report a security concern, email privacy@objektiv.ai. For general support, use the in-app help bubble in the bottom-right of any page.