Privacy Policy

1. Information We Collect

We collect the following information to the extent necessary to provide the Service.

(1) Account information

When you sign up using a Google account, we receive your name, email address, profile image URL, and the unique identifier (UID) issued by Firebase from Google.

(2) Uploaded images

Full-body photographs that you upload for try-on simulation. These images contain information about your face, body shape, and clothing.

(3) Generated images

Try-on result images that the Service generates by AI based on your uploaded images.

(4) Payment-related information

The pack purchased, amount, currency, payment date and time, and the Session ID, Customer ID, and Payment Intent ID issued by Stripe. Credit card numbers, expiration dates, security codes, and similar data are handled directly by Stripe and are not stored on our servers.

(5) Technical information

IP address, browser and OS information, cookies, access date and time, pages viewed, generation request history, error logs, and similar data.

2. Purposes of Use

We use the personal information we collect only for the following purposes.

• Providing the Service (account management, generating and providing AI try-on images, and managing credits)
• Responding to your inquiries
• Detecting and preventing fraudulent use, and investigating violations of the Terms of Service
• Improving the quality of the Service and investigating defects (processed in a form that does not identify individuals)
• Responding to requests from laws, regulations, or administrative or judicial authorities
• Sending important notices

3. Retention Period

We retain personal information only for the period necessary to achieve the purposes of use, and we will endeavor to delete or anonymize it without undue delay once it is no longer necessary.

The retention period for each category of personal information is determined based on (i) the duration for which the information is needed to provide the Service to you, (ii) any retention period required by applicable laws (including, where applicable, Japanese tax laws that require retention of certain transaction records), and (iii) the duration for which the information is needed to detect, prevent, and respond to fraud, security incidents, or violations of the Terms of Service.

Information that we are required to retain by law will be retained only for the period prescribed by such law.

4. Outsourcing and Provision to Third Parties

We outsource the handling of personal information to the following service providers (primarily located in the United States, with some processing in other regions including Ireland and the European Economic Area) to the extent necessary to operate the Service. When selecting these providers, we review their security standards and the contents of their data processing agreements (DPAs), and we endeavor to fulfill our supervisory obligations under the APPI.

• AI processing for generating try-on images (uploaded images are not used to train the provider's AI models)
• Authentication, database, hosting, and server processing
• Storage, CDN, and DDoS protection
• Credit card payment processing (card information is handled directly by the payment processor in a PCI DSS compliant environment and is not stored on our servers)

Other than the above, we will not provide your personal information to third parties without your prior consent, except in any of the following cases.

• When required by law
• When necessary to protect the life, body, or property of a person and it is difficult to obtain your consent
• When we receive a lawful request from a judicial or administrative authority based on laws and regulations

5. Provision of Personal Information to Third Parties Located in Foreign Countries

As stated in the preceding section, we entrust the handling of personal information to service providers primarily located in the United States. Pursuant to Article 28, Paragraph 2 of the APPI, we provide the following information regarding such transfers to the United States.

Country of provision

United States of America

Personal information protection regime in that country

The United States does not have a comprehensive federal personal information protection law; instead, regulation centers on sector-specific federal laws (such as HIPAA and GLBA) and state laws (such as California's CCPA/CPRA). For details, please refer to the report on the personal information protection regime of the United States published by the Personal Information Protection Commission of Japan (only available in Japanese).

Protective measures taken by the recipients

Each service provider, under its own privacy policy and data processing agreement (DPA), prohibits use beyond the agreed purpose, implements security control measures, and restricts further outsourcing. We confirm these provisions before entrusting the handling of personal information.

6. Important Matters Concerning Image Data and AI Processing

Because the Service handles your full-body photographs by its nature, we expressly state the following.

• We will not use your uploaded images or generated images as training data for our own AI models or for any future machine learning purposes.
• We will not use your uploaded images or generated images for facial recognition, individual identification, or profiling. They are used solely for compositing dress try-on images.
• Our outsourced AI image generation provider has also publicly stated that images sent via its API are not used to train its own models.
• We will not repurpose your uploaded images or generated images as advertising or marketing materials.
• We will not sell or transfer your data to any third party, except for provision to the outsourced service providers set out in Section 4 of this Policy.
• After the retention period expires, we will sequentially delete the data or process it into a form that does not identify individuals. If you wish to have your data deleted before the retention period expires, please contact us using the contact information set out in “10. Contact and Complaints”.

For users residing in U.S. states with biometric privacy laws (including, but not limited to, the Illinois Biometric Information Privacy Act (740 ILCS 14) and the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code §503.001)): by uploading your photograph and using the Service, you consent to our processing of your image — including any biometric features it may contain — solely for the purpose of generating your AI try-on image. We do not use your image for facial recognition, identity verification, or any other purpose of uniquely identifying you, and we do not sell or otherwise disclose any biometric features to third parties for their independent use. Any retention applicable to such features is limited to the periods set out in Section 3.

7. Cookies and Analytics Tools

The Service uses cookies and similar technologies for the following purposes.

• Maintaining your sign-in state (Firebase Authentication)
• Retaining your language and display currency settings
• Detecting unauthorized access and abusive behavior
• Aggregating and analyzing access (used as statistical data that does not identify individuals)

You can disable cookies through your browser settings; however, if you do so, some features of the Service (such as maintaining your sign-in state) may become unavailable.

8. Security Control Measures

To prevent leakage, loss, or damage of the personal information we collect and to otherwise ensure its security, we implement the following measures.

• Encryption of communication paths (industry-standard TLS)
• Restriction of access to stored data (limited to what is necessary for our work, with measures such as multi-factor authentication for important accounts)
• Verification of the industry-standard information security certifications publicly disclosed by our outsourced service providers
• Establishment of selection criteria and supervisory framework for outsourced service providers
• Recording of access logs to the Service
• Periodic review of this Policy and our internal management procedures

In the unlikely event of a leakage or similar incident involving personal information, we will report to the Personal Information Protection Commission of Japan and notify affected users in accordance with applicable laws and regulations.

9. Your Rights (Disclosure, Correction, Deletion, Suspension of Use, etc.)

You may make the following requests with respect to your own personal information that we hold.

• Notification of the purpose of use
• Disclosure of your personal information
• Correction, addition, or deletion when the content is inaccurate
• Suspension of use, erasure, or suspension of provision to third parties

Please send your request to the email address listed in “10. Contact and Complaints”. After we have verified your identity, we will respond within a reasonable period.

For California residents (CCPA / CPRA)

If you are a California resident, in addition to the rights described above, you have the right to know what personal information we collect, the right to delete and to correct it, and the right not to be discriminated against for exercising your rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”).

We have not sold or shared your personal information (as those terms are defined in Cal. Civ. Code §1798.140(ag)(1)(A) and §1798.140(ah)(1)) in the preceding 12 months and have no current plans to do so. Because we do not sell or share, we do not provide a “Do Not Sell or Share My Personal Information” link.

To exercise your CCPA rights, please contact us using the email address in Section 10. If you are dissatisfied with our response, you may file a complaint with the California Privacy Protection Agency.

10. Contact and Complaints

For any questions, requests, or complaints regarding this Policy or the handling of personal information, please contact us using the contact information listed on the Business Information page.

If you are not satisfied with our response, you may also consult the Personal Information Protection Commission of Japan.

11. Use by Minors

The Service is intended exclusively for users aged 18 or older. By using the Service, you represent and confirm that you are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18, we will delete it without undue delay.

12. Changes to This Policy

We may revise this Policy in response to changes in laws and regulations or to changes in the content of the Service. We will announce material changes on the Service. The revised Policy will take effect from the time it is posted on this page.