Legal
Privacy Policy
Last updated: April 19, 2026
1. Overview
TryOnCloud (“we”, “our”, or “the Service”) provides AI-powered virtual try-on functionality as a Shopify app, WooCommerce plugin, and standalone SaaS. This Privacy Policy explains exactly what data we collect, how long we keep it, and your rights as a shopper or merchant.
Key commitments at a glance
- ✓Your uploaded photo is deleted immediately after your try-on is generated — we never keep it
- ✓Your try-on result is stored for 7 days so you can view it again, then permanently deleted
- ✓TryOnCloud staff cannot see your photo or your result — ever
- ✓The store you shopped at cannot see your photo or result either
- ✓We never sell, share, or use your photos to train AI models
- ✓Nothing about your identity is ever linked to your photos
2. Information We Collect
2.1 Merchant data
When a store owner installs TryOnCloud, we collect:
- Store domain name and OAuth access token (used solely to authenticate API requests to your store — never shared)
- Display-rule configuration (button text, position, enabled product collections)
- Aggregate usage counts (total try-ons this month — a number only, never individual customer data)
- Billing plan and subscription charge ID
- Order analytics data: a one-way SHA-256 hash of the Shopify customer ID, the order total, currency, and purchased product IDs — collected via the orders/paid webhook to show merchants how many orders were placed by customers who used try-on. No customer name, email, phone, or address is ever stored.
Order analytics data is used solely to show merchants their ROI (revenue and conversion rates from try-on sessions). It is permanently deleted when the merchant uninstalls the app. We do not store customer names, email addresses, phone numbers, or shipping addresses.
2.2 End-user (shopper) data
When a shopper uses the try-on feature, they upload a photo (“Person Photo”) and the AI generates a try-on result image. Here is exactly what happens to each:
- Person Photo (your uploaded photo)Deleted immediatelySent to our AI engine over an encrypted connection, processed to generate the try-on result, then permanently deleted from our servers immediately — within seconds of generation completing. It is never written to a long-term database. No human at TryOnCloud ever sees it.
- Try-On Result Image (the generated output)Deleted after 7 daysStored in Google Cloud Storage for 7 days so you can view it again in the History panel without re-uploading your photo. After 7 days it is permanently and automatically deleted — not even TryOnCloud can recover it. It is served via an opaque UUID link that reveals no personal information.
- Your identityNever storedYour name, email address, Shopify account, or any other identifier is never linked to your Person Photo or your result image. The try-on is completely anonymous from our perspective.
3. AI Processing
Try-on images are generated by TryonAI, our proprietary AI inference engine. When a try-on request is made:
- The Person Photo and the product image are transmitted over a TLS-encrypted connection to TryonAI solely to generate the result.
- Processing typically takes 5–30 seconds. The Person Photo is deleted from all systems immediately after the result is returned.
- Your photos are never used to train AI models — not ours, not any third party's.
- No TryOnCloud employee or contractor has access to a viewer, dashboard, or tool that would let them see individual customer photos or results.
- No third-party AI service receives your Person Photo.
4. History Panel & Result Storage
The History panel lets shoppers view their recent try-ons and re-use their photo without uploading again. Here is exactly how it works:
- Your photos (client-side only): Your uploaded photos are stored as a local copy in your browser's storage (localStorage) for up to 24 hours. This data never leaves your device — it is not sent to TryOnCloud's servers. Clearing your browser data deletes it immediately.
- Recent try-on results (7-day server storage): Your try-on result images are stored on our secure Google Cloud Storage servers for 7 days. This is the only reason results are kept at all — so you can come back and view them without generating again. After 7 days, results are automatically and permanently deleted by Google Cloud lifecycle rules. No manual deletion is needed.
- What happens after 7 days: The result image is gone permanently from all our systems. The History panel will show the item as expired. Not even TryOnCloud support can retrieve it.
- No account required: The history panel works without you creating an account. Your local history is tied to your browser, not your identity. If you clear your browser storage or switch devices, your local history is gone.
5. How We Use Data
- To generate AI try-on images as requested by shoppers.
- To authenticate merchants and load their store configuration.
- To track aggregate usage counts for billing and plan enforcement (counts only — never individual images).
- To respond to GDPR and Shopify compliance requests.
6. What We Never Do
We want to be explicit about what TryOnCloud will never do with shopper data:
- We never share photos with merchants: The store owner whose website you used cannot access your Person Photo or your result image. They see only a count: how many try-ons happened in their store this month.
- We never share photos with advertisers or third parties: Your images are never sold, rented, licensed, or shared with any advertising network, data broker, analytics company, or other third party.
- We never use photos to train AI models: Your Person Photo and your try-on result are never used to train, fine-tune, or improve any AI model — ours or anyone else's.
- We never link photos to your identity: No name, email address, Shopify customer ID, IP address, or any other identifier is permanently linked to your images in our systems.
- TryOnCloud staff never view individual photos: There is no internal dashboard, admin panel, or tool that allows any TryOnCloud employee to browse or view individual customer photos or results. Person Photos are deleted before any human could act on them.
7. Data Retention
| Data type | Where stored | Retention |
|---|---|---|
| Person Photo (uploaded by shopper) | GCS — deleted immediately after generation | Seconds — permanent deletion after AI inference |
| Try-On Result Image | Google Cloud Storage (GCS) | 7 days — auto-deleted by GCS lifecycle rule |
| Result proxy URL | Database (opaque UUID, no PII) | Permanent (no image data — just a link that 404s after 7 days) |
| History photos | Browser localStorage only | 24 hours — client-side, never sent to server |
| History results | Browser localStorage only | 24 hours — client-side, never sent to server |
| Merchant OAuth token | Encrypted in database | Until app uninstalled; deleted 48h after shop/redact webhook |
| Display rules & settings | Database | Until app uninstalled; deleted on shop/redact webhook |
| Order analytics (hashed customer ID + order amount + product IDs) | Database — no PII stored | Until app uninstalled; deleted immediately on app/uninstalled webhook |
| Aggregate usage counts | Database | 12 months, then purged |
| GDPR compliance audit logs | Database | 24 months |
8. Shopify GDPR Compliance
TryOnCloud handles all three mandatory Shopify GDPR compliance webhooks:
- customers/data_request: We acknowledge data requests and log them. Because we do not store customer PII or link images to customer identities, there is no personal customer data to export.
- customers/redact: We acknowledge redaction requests and log them. No customer PII is stored, so nothing needs to be deleted.
- shop/redact: Received 48 hours after app uninstall. All merchant data (shop record, display rules, usage logs, access token) is permanently deleted within 48 hours.
9. Security
We implement industry-standard safeguards including TLS 1.2+ encryption in transit, access-token verification on all authenticated API endpoints, parameterized SQL queries to prevent injection, HMAC verification on all Shopify webhook requests, origin-restricted CORS policies on storefront-facing APIs, and Google Cloud Storage access controls that prevent public listing of result files.
10. Children's Privacy
TryOnCloud is not directed to individuals under 16 years of age. We do not knowingly collect data from children. If you believe a child has used the service, contact us at info@tryoncloud.com and we will take appropriate action.
11. Changes to This Policy
We may update this policy from time to time. Material changes — particularly any that affect how long we store data or who we share it with — will be communicated via the TryOnCloud admin panel and/or email to the store owner at least 14 days before taking effect. The “Last updated” date at the top of this page always reflects the most recent revision.
12. Contact Us
For privacy-related questions, data deletion requests, or GDPR inquiries: