Legal

Privacy Policy

Effective date: 7 May 2026

Last updated: 7 May 2026

Publisher: FitCheck — operated by Anth Casauria

This Privacy Policy describes how FitCheck (the "app") collects, uses, and shares your personal information. By creating an account or using the app you agree to this policy.

1. Quick summary

We collect: your email, the photos you choose to upload, the AI-generated results we produce for you, the URLs you save, and basic usage telemetry.
We share photos only with the AI providers needed to generate the try-on you requested. We do not sell personal data.
You can delete every photo, every saved look, and your entire account in-app: Settings → Privacy & Data → Delete Account.
We do not knowingly collect data from anyone under 13.

2. Data we collect

Category	Data	Purpose	Retention
Account	Email; salted/hashed password held by Supabase Auth	Sign-in and account recovery	Until account deletion
Profile	Display name, optional handle/bio, credit balance	Core app functionality	Until account deletion
Photos	Base photos of yourself; outfit photos you capture or pick; receipt images forwarded to email import	Inputs to the AI try-on pipeline. Stored privately in your per-user folder.	Until you delete them, or up to 30 days after account deletion
Generated images	AI-generated try-on results	Display and personal use; optionally posted to community feed at your choice	Until you delete the look or post; up to 30 days after account deletion
Outfit links	URLs you paste and retailer metadata extracted (title, price, image, materials)	"Shop the Look" recommendations and price alerts	Until you delete the saved item
Community content	Posts, comments, likes, reports you file	Run the community feed; honour App Store / Play UGC moderation requirements	Until you delete the content or your account
Usage events	In-app events (screens viewed, try-on started/completed, feature taps)	Product analytics, debugging	24 months; aggregated after 90 days
Crash data	Stack traces, device model, OS version. Image data, JWTs, and emails are scrubbed before send.	Diagnose crashes via Sentry	90 days
Device identifier (push token)	Expo push token, only if you opt into notifications	Deliver in-app notifications	Until token rotation, opt-out, or account deletion
Purchases	RevenueCat customer record + receipt metadata	Verify token-pack purchases	Until account deletion (we then call the RevenueCat delete-customer API)

We do not collect: precise location, contacts, microphone audio, health data, government identifiers, full payment card numbers, or other sensitive financial data. We do not sell personal information.

3. Third-party processors and AI providers

Photos and certain text are processed by the following third parties strictly to deliver the features you request:

Provider	Purpose	Data sent	Provider policy
Supabase	Hosting (database, auth, storage, edge functions)	Account, photos, all app data	supabase.com/privacy
Anthropic (Claude)	Garment analysis + safety verification	The clothing image you uploaded; pose-analysis text derived from your base photo	anthropic.com/legal/privacy
Google (Gemini image generation)	Generates the final try-on image	Your base photo + the structured garment spec	policies.google.com/privacy
OpenAI (GPT-4o)	Moderation of base photos and posts; AI outfit suggestions; product classification	The image being moderated, or the wardrobe summary used for daily suggestions	openai.com/privacy
Brave Search	"Shop the look" product discovery	Text queries derived from analysis (not your photos)	brave.com/help/privacy
RevenueCat	Purchase state of record	App user id, purchase receipts	revenuecat.com/privacy
Sentry	Crash reporting	Scrubbed stack traces (no images, JWTs, or emails)	sentry.io/privacy

Photos sent to AI providers are processed under those providers' commercial API terms in effect at the time we send them. As of the effective date of this policy, Anthropic, Google, and OpenAI commit not to use API content to train their public models.

4. How try-on photos are processed

Your base photo and outfit image are uploaded to your private Supabase Storage folder. Storage is gated by row-level security so only you can read those bytes.
Our edge functions send the images to Anthropic (analysis + safety) and Google (image generation). Each call uses TLS.
The generated image is uploaded back to your private folder. The app reads it via short-lived (24-hour) signed URLs.
You can delete any photo, generated result, or your entire account at any time from Settings → Privacy & Data.

5. Sharing & disclosure

We share personal data only as follows:

With AI processors and infrastructure providers listed above, strictly to deliver the feature you triggered.
With other users only when you explicitly post to the community feed or accept a "Style for friend" invitation. Your wardrobe and saved looks are private by default.
For legal compliance when required by law, court order, or to protect rights, safety, or property.
In a business transfer if FitCheck is acquired or merged. We will notify you in-app and on this page before any such transfer changes how your data is used.

We do not sell personal information and we do not share it with advertisers.

6. Legal bases (GDPR / UK GDPR)

Performance of contract: account, photo processing, try-on generation, purchase management.
Legitimate interests: security, fraud prevention, product analytics (you can opt out in Settings → Privacy → Analytics).
Consent: optional notifications; in-app consent prompts for adding new third-party processors.

You can withdraw consent at any time without affecting prior processing.

7. Your rights

You have the right to access, correct, export, restrict, or delete your personal data, and to lodge a complaint with a supervisory authority.

In the app:

Settings → Privacy & Data → Delete Account initiates a full deletion. We purge your storage objects, cancel any RevenueCat customer record, and atomically delete every database row associated with your account. Backups and Sentry crash logs are pruned within 90 days.
Settings → Privacy & Data → Clear All History removes every saved try-on result without deleting your account.

For any other request, email support@myfitcheck.app. We aim to respond within 30 days.

8. Data transfers

Our database and storage are hosted in Supabase (Northeast Asia / Tokyo region). AI providers may process your images in their own regions (primarily the United States). Cross-border transfers rely on the standard contractual clauses or the providers' equivalent transfer mechanisms.

9. Security

All traffic is encrypted in transit with TLS.
Photos are stored in per-user folders gated by row-level security and served through short-lived signed URLs.
Authentication tokens are stored in the platform Keychain (iOS) or Keystore (Android) using expo-secure-store.
Edge functions verify every user JWT, enforce rate limits, and scrub errors before returning them to the client.
Crash reports are scrubbed of image URLs, base64 image data, JWTs, and email addresses on-device before they leave your phone.

10. Children

FitCheck is not directed to children under 13 (or the local digital-consent age, whichever is higher). We do not knowingly collect personal data from children. The base photo moderation pipeline rejects images that appear to depict minors. If you believe a child has submitted personal data, contact support@myfitcheck.app and we will delete it promptly.

11. Cookies and tracking

The mobile app does not use web cookies. We do not use App Tracking Transparency permission and do not perform cross-app tracking. Sentry sets a session identifier within the app only for grouping crash reports; it expires when you close the app.

12. Changes to this policy

We will post any changes here, update the "Last updated" date, and for material changes we will surface an in-app notice. Your continued use of the app after a change indicates acceptance of the updated policy.

13. Contact

support@myfitcheck.app — for any privacy questions, deletion requests, or to report a violation.