Privacy Policy

ClosetSync is an AI-powered digital wardrobe. This policy explains what personal information we collect, how we use it, which third-party processors we share it with, and the choices you have. It applies to both the ClosetSync web app and the ClosetSync iOS app (bundle com.syncedup.closetsync).

1. Information we collect

• Account information: email address, optional display name, hashed password (via Supabase Auth), and your year of birth (collected once at signup to verify you are 17 or older — we do not collect your full date of birth).
• Clothing photos you upload: stored in private cloud storage, scoped to your user ID.
• AI-generated metadata: category, colour, pattern, style tags, outfit suggestions, on-model try-on composites — all derived from your uploads.
• Optional full-body reference photo: used only to render virtual try-on composites for you. Never shared or used for training.
• Usage + error logs: timestamps, request IDs, and AI-provider finish reasons for debugging and abuse prevention.
• Terms acceptance audit: a timestamped record you accepted this policy and the Terms of Service.
• Closet Circle data: if you use the social features, we store friend invites (including the recipient’s email until they sign up or you cancel), friendship links, the visibility setting on each closet item, borrow requests between you and friends, the audit log of those requests, outfits you share with friends, and short comments or votes friends leave on those outfits. Each of these is visible only to the specific friends involved. Reports you submit about content or people are visible to our trust-and-safety team only.
• Public profile data (optional): if you create a public profile, your username, optional display name, optional bio, and optional avatar become visible to anyone — including logged-out visitors — at /closetsync/u/<your-username>. Items and outfits only appear there if you explicitly mark them Public. Your model/body-reference photo is NEVER public unless you turn on the "show my avatar publicly" toggle. You can switch any of these back to private at any time.
• Trades and swaps (optional): if you initiate a trade with another user, we store the trade request, the items each side offered (a snapshot of title and image at request time, retained for 30 days after cancellation/decline), notes you write, and the request status. Visible only to the two participants.
• Trust-and-safety records: we retain reports you file, blocks you create, and any moderation actions taken against your content. These are visible to our trust-and-safety team and to administrators.

We do not collect location, contacts, precise device identifiers, or any health/financial data.

2. Third-party processors

We rely on the following providers. Each sees the minimum data required for its function.

• Supabase (database, authentication, private storage) — host: Supabase Inc., US. Privacy.
• OpenAI (garment metadata extraction via GPT-5.2 vision) — receives the public URL of uploaded photos. No training on API data. Policy.
• Anthropic (outfit suggestion reasoning via Claude) — receives garment metadata only, never photos. Privacy.
• Google (Gemini) (background cleanup + on-model try-on via Gemini 3 Pro Image) — receives the uploaded photo(s) required for the specific render. No training on paid API data. Terms.
• Vercel (application hosting) — Privacy.

We do not sell your data, do not use it for behavioural advertising, and do not share it with data brokers.

2a. Equivalent data protection

We have reviewed the data-handling commitments of every third-party processor listed above, and we only share user data with providers that contractually commit to protect that data with measures that are equal to or stronger than the commitments made in this Privacy Policy, including: not using shared data to train AI models, processing data only for the purpose for which it was sent, and applying industry-standard security controls. We do not share user data with any third party that does not provide such equivalent protections.

3. How long we keep data

• Clothing photos, outfits, and try-on composites: retained until you delete them or delete your account.
• Account record: retained while your account exists.
• Error logs: 30 days, then purged.
• Closet Circle: friend invites expire 30 days after creation; expired invites are retained for 90 days for audit then removed. Friendship records, shared-outfit records, borrow requests + their audit logs are retained until you delete the friendship, the item, or the outfit — or delete your account.
• Trust-and-safety reports: retained for up to 2 years so our team can track patterns of abuse across multiple reports.
• Terms-acceptance and account-deletion audit rows: retained for up to 7 years to satisfy legal recordkeeping obligations. These contain only a timestamp + a one-way hash of your email — not your email itself.

4. Your rights

You can, at any time:

• Access your data — log in to see everything we have.
• Correct any metadata via the item detail screen.
• Export your data — email support@syncedupsolutions.com and we will package it within 30 days.
• Delete your account in-app at Account → Delete, or via POST /api/closetsync/account/delete. Deletion removes clothing photos, outfits, try-on composites, and your profile; only the hashed-email audit record is retained.

California (CPRA): California residents may request a copy, deletion, or correction of personal information and opt out of any "sale" or "sharing" (we do neither). We do not respond to Do Not Track browser signals but honour the above rights regardless.

EU/UK (GDPR): Lawful basis is contract (for providing the service) and consent (for the optional try-on reference photo). Data subject requests: support@syncedupsolutions.com. You have the right to lodge a complaint with your local supervisory authority.

5. Children

ClosetSync is rated 17+ and is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has signed up, contact us to have the account removed.

6. Security

All data is transmitted over TLS. Passwords are hashed by Supabase Auth (never stored in plaintext). Photos are stored in cloud storage scoped by user ID with row-level security on metadata. Image URLs returned to public profile viewers are short-lived signed URLs (1 hour TTL) so links cannot be re-shared indefinitely. Service-role keys are server-only and never shipped to the client or the mobile app. Image uploads pass through automated content moderation before they can appear on a public profile.

6a. Reports, blocks, and moderation

You can report content or users you believe violate our Terms by tapping the report button on any item, outfit, or profile. You can block another user, which hides their content from you and prevents them from interacting with you. Reports are reviewed by our trust-and-safety team; we may remove content, hide profiles, or suspend accounts as a result. Blocking is private — we do not notify the blocked user.

6b. Account deletion

When you delete your account, we remove your clothing photos, outfits, try-on composites, profile, friendships, and blocks. Active borrow requests and trades are cancelled. Reports you filed and timestamped acceptance/deletion records are retained per the schedule above. If a future version of ClosetSync introduces marketplace transactions, completed-order records may be retained for up to 7 years for tax and consumer-protection reasons; we will update this policy and notify you before that change takes effect.

6c. Product links & commissions

SyncedUp may include product links to third-party retailers (including Amazon) in product suggestions ("Shop this look", "Find similar", "Spotted at", "Shop"). When you tap a product link, we record the click (date, product ID, and a hashed IP address for fraud prevention). We never sell your activity. As an Amazon Associate, SyncedUp earns from qualifying purchases. If you purchase from another retailer, that retailer may share a commission with us.

7. International transfers

Supabase, OpenAI, Anthropic, and Google may process data in the United States. We rely on standard contractual clauses where applicable for EU/UK transfers.

8. Changes

If we change this policy materially, we will update the effective date and notify signed-in users. Continued use after an update constitutes acceptance.

9. Contact

SyncedUp Solutions
Parkland, FL 33076, USA
support@syncedupsolutions.com

© 2026 SyncedUp Solutions. All rights reserved.