Privacy Policy
Last updated: 2026-02-09
1. Controller
Agily AB, Sweden, is the data controller for What a Dress. Contact: [email protected].
2. Data we collect
| Category | Examples | Purpose |
|---|---|---|
| Account | name, email, auth ID | authentication, support |
| Meta / Facebook login | app-scoped ID, name, email (if provided by Meta) | sign-in and account linking |
| Payment | Stripe metadata | processing premium fee |
| Usage | selections, prompts, logs | service function, analytics |
| Images | uploaded photos (PBO), virtual model outputs (VMO), videos (Veo 3) | generation & storage |
| Device data | IP, browser, OS | security, analytics |
| Cookies | session & analytics cookies | login persistence and metrics |
3. How we use it
- Provide and improve the Service.
- Generate your images and videos.
- Process payments and prevent fraud.
- Communicate with you about updates and support.
- Measure usage via Google Analytics and PostHog.
- Comply with legal obligations.
4. AI Processing
- Providers: Google Gemini (image) and Veo 3 (video).
- We configure vendor settings to disable data retention and training where available.
- Virtual Model Outputs (VMO): synthetic, non-identifiable.
- Photo-Based Outputs (PBO): derived from User Photos and may include a person’s likeness.
- User Photos and PBO are treated as personal data under GDPR.
5. Legal basis for processing
- Contract: to deliver the Service and generate Outputs.
- Legitimate interest: security, analytics, and product improvement.
- Consent: public gallery and marketing opt-ins.
- Legal obligation: tax and recordkeeping.
6. Sharing of data
We share data only with:
- Stripe (payments)
- Supabase (auth & DB)
- Vercel (hosting)
- Google AI (Gemini/Veo processing)
- Meta / Facebook (login and account linking, if you use that option)
- Meta (Instagram, Facebook), X/Twitter, Pinterest (social media sharing of public gallery images)
- Google Analytics, PostHog (analytics & error tracking)
All act as data processors under agreements consistent with GDPR.
7. Retention
- User Uploaded Photos & PBO: kept indefinitely
- VMO and other Outputs: kept indefinitely if saved; you can delete at any time.
- Logs & backups: rotated and deleted per our security policy.
8. Public Gallery & Social Media Sharing
Free users participate by default. Premium users may opt out in settings. Gallery images may be indexed and shared externally once public.
Social media sharing: When a design is made public in the gallery, it may be automatically shared on our official social media accounts (including Instagram, Facebook, X/Twitter, and Pinterest). Shared posts include the generated dress image and an automatically created caption with relevant hashtags or keywords. No personal information (name, email, or account details) is included in social media posts. If you wish to have a post removed, contact us at [email protected].
Pinterest API data: We use the Pinterest API solely to publish pins to our own official Pinterest board. We do not access, collect, or store any Pinterest user data. We do not use Pinterest data for advertising, tracking, or any purpose other than posting our own content. No Pinterest data is shared with third parties.
9. Meta / Facebook Data
If you sign in with Facebook or connect a Meta account, we receive the data you authorize (typically your name, email, and an app-scoped user ID). We use it only to authenticate you and link your account.
You can remove our app’s access at any time in your Facebook settings. This stops new data sharing. You can also request deletion of any Facebook-related data we hold (see Data Deletion Instructions below).
10. Data Deletion Instructions
To request deletion of your data (including any Facebook/Meta-related data), contact us at [email protected] with the subject “Data Deletion Request” and include:
- The email address associated with your account
- Your Facebook app-scoped user ID (if you used Facebook login)
- Any specific data you want deleted (optional)
We will verify your request and complete deletion within 30 days, unless a longer period is required by law.
11. Your rights
You can:
- Access, rectify, or erase your data.
- Withdraw consent (for gallery/marketing).
- Port your data to another service.
- Lodge a complaint with Integritetsskyddsmyndigheten (IMY, Sweden).
Contact [email protected] for requests.
12. Security
We apply HTTPS encryption, access controls, and limited staff access. No system is 100% secure, but we follow industry best practice.
13. International Transfers
We use EU-based or GDPR-compliant processors. When transferring outside the EEA, we rely on EU Standard Contractual Clauses.
14. Children
What a Dress is for adults 18+ (or 16+ where legally allowed). Photos of minors are strictly prohibited.
15. Changes
We may update this policy from time to time. Material changes will be communicated by email or in-app notification.
16. Contact
Agily AB Fleminggatan 21 11226 Stockholm [email protected]