Privacy Policy
Effective Date: February 1, 2026
Last Updated: February 1, 2026
OTFT ("we," "us," "our," or the "App") respects your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use OTFT — our AI personal stylist mobile application — and the website at otft.app (collectively, the "Services").
By using the Services, you agree to the practices described in this policy. If you do not agree, please do not use the Services.
1. Information We Collect
Information You Provide Directly
- Account information: name, email address (or Apple-relayed private email).
- Authentication identifiers: Apple ID
subtoken, Google account ID — used solely to keep you signed in. - Profile data: gender, age range, height, body type, style preferences, color preferences, fashion goals, lifestyle context (collected via in-app onboarding).
- Photos and content: outfit photos you upload, photos taken via the in-app camera, and any captions or notes you add.
- Subscription data: purchase history and entitlement status — provided by Apple/Google via RevenueCat.
- Communications: messages you send to support@otft.app or other support channels.
Information Collected Automatically
- Device information: device model, OS version, app version, language, timezone.
- Usage data: how often you open the app, which features you use, daily outfit-rating counts.
- Location data: approximate location (only if you grant permission, used to fetch weather context for outfit recommendations).
- Crash & diagnostic data: technical logs to help us identify and fix bugs.
Information from Third Parties
- Apple Sign-In: name and email (or relayed email if you choose "Hide My Email").
- Google Sign-In: name, email, and Google profile picture.
We do not purchase or receive personal data about you from data brokers, advertisers, or third-party tracking services.
2. How We Use Your Information
We use your data to:
- Create, maintain, and personalize your OTFT account.
- Generate AI-powered outfit feedback, ratings, and styling recommendations.
- Provide the trial and subscription experience and process payments through Apple or Google.
- Send you transactional emails (sign-in codes, account notifications, billing confirmations).
- Improve our AI models and overall product quality (using only de-identified, aggregated data).
- Detect, investigate, and prevent fraud, abuse, or violations of our Terms.
- Comply with our legal obligations.
We do not use your photos or personal data to train third-party AI models. We do not sell your personal information to anyone.
3. How Your Photos Are Used
When you upload an outfit photo, the photo is:
- Sent securely to our servers (hosted by Supabase).
- Forwarded to Google Gemini for AI analysis (style, fit, color palette).
- Stored in your private outfit history, accessible only to you.
Google processes the image to generate a response and does not retain it beyond the inference call (per Google's data policy). We retain your photo in your private history until you delete the rating, delete your account, or otherwise request deletion.
4. Service Providers (Third Parties Who Process Your Data)
OTFT relies on the following sub-processors. Each is bound by a data-processing agreement and uses your data only to provide their service:
| Provider | Purpose | Data Shared | Region |
|---|---|---|---|
| Apple Inc. | Sign-In with Apple, App Store payments, push notifications, WeatherKit | Account ID, purchase data, device tokens, location | US/Global |
| Google LLC | Sign-In with Google, AI inference (Gemini) | Account ID, outfit photos | US/Global |
| RevenueCat, Inc. | Subscription state management | User ID, purchase events, device ID | US |
| Resend, Inc. | Transactional email (sign-in codes) | Email address, delivery status | US |
| Supabase Inc. | Database & storage hosting | All app data | US (AWS us-east) |
| Cloudflare, Inc. | CDN, DNS, DDoS protection for otft.app | IP address, request metadata | Global edge |
5. Data Retention
- Active accounts: we keep your data for as long as your account is open.
- Account deletion: when you delete your account in-app (Profile → Delete Account), we permanently erase your profile, photos, ratings, sessions, and pending sign-in tokens within 24 hours. Payment records are retained for legal/accounting purposes (typically 7 years per tax law) but are anonymized.
- Inactive accounts: accounts dormant for 24+ months may be auto-deleted with email notice.
6. Your Rights
You can:
- Access your data — by viewing your profile and outfit history in-app.
- Correct your data — by editing your profile in-app.
- Delete your account — via Profile → Delete Account (instant and permanent).
- Export your data — email support@otft.app and we will send a JSON archive within 30 days.
- Opt out of marketing emails — by clicking "unsubscribe" in any non-transactional email.
- Withdraw consent — by deleting your account, which removes all stored data.
If you live in the European Economic Area, United Kingdom, Switzerland, or a US state with comprehensive privacy law (California, Colorado, Connecticut, Virginia, Utah, Texas, etc.), you also have the right to:
- File a complaint with your local data protection authority.
- Request that we restrict processing of your data.
- Object to certain types of processing.
- Receive your data in a portable, machine-readable format.
To exercise any of these rights, email privacy@otft.app.
7. Children's Privacy
OTFT is intended for users 13 and older. We do not knowingly collect personal data from anyone under 13. If you believe a child has created an account, email privacy@otft.app and we will delete the account.
For users 13–17, we recommend parental supervision when sharing photos.
8. Security
We use industry-standard safeguards including:
- TLS encryption (HTTPS) for all data in transit.
- Encryption at rest for sensitive data on our database.
- Hashed one-time codes (your sign-in codes are never stored as plain text).
- Role-based access controls limiting which staff can view user data.
- Routine security audits and dependency updates.
No system is 100% secure. If we discover a breach affecting your data, we will notify you within 72 hours as required by applicable law.
9. International Data Transfers
OTFT is operated from the United States. If you are accessing the Services from outside the US, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) and other approved mechanisms for cross-border transfers from the EEA, UK, and Switzerland.
10. Cookies & Tracking on otft.app
The otft.app website uses essential cookies for site functionality. We do not use advertising cookies or third-party trackers. The mobile app does not use web cookies; it uses on-device storage (AsyncStorage) for session management.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the app and via email at least 7 days before the change takes effect. The "Last Updated" date at the top of this policy will reflect the most recent revision.
12. Contact Us
For questions, requests, or concerns about your privacy:
- Email: privacy@otft.app
- Support: support@otft.app
- Mailing address: House of Chuma Inc, 4539 N 22nd St Ste N, Phoenix, AZ 85016, USA
We aim to respond to all privacy requests within 30 days.
© 2026 House of Chuma Inc. All rights reserved.