ViWear Privacy Policy

Last Updated: January 2026

This Privacy Policy explains how ViWear B.V. (“ViWear”, “we”, “us”, “our”) collects, uses, stores, and protects personal data when you use the ViWear mobile application and related services (“Service”).

ViWear B.V.
Vlierweg 12 K-03
1032 LG Amsterdam
The Netherlands

If you have any questions about this Privacy Policy, contact us at:
info@viwear.tech

1. Who We Are (Data Controller)

ViWear B.V. acts as the Data Controller for all personal data processed when you use the Service, in accordance with the EU General Data Protection Regulation (“GDPR”).

If we engage external service providers (e.g., cloud hosting), they will act as Data Processors under strict contractual agreements (Data Processing Agreements).

2. What Personal Data We Collect

We collect the following categories of data depending on how you use the Service:

2.1 Data you provide directly

  • Account information (email address, password, username)

  • Try-On Photos (temporary)

  • Saved Photos stored in your Calendar (persistent)

  • Preferences and selected styles

  • Communications with us

2.2 Data collected automatically

  • Device identifiers

  • IP address

  • App usage logs

  • Performance metrics

2.3 Data generated by the Service

  • Try-on results

  • Recommendations

  • Calendar entries and outfit history (if saved)

2.4 Special Categories of Personal Data

We do not intentionally collect or process special categories of personal data as defined under Article 9 GDPR, including:

  • racial or ethnic origin

  • political opinions

  • religious or philosophical beliefs

  • trade union membership

  • genetic data

  • biometric data for the purpose of uniquely identifying a natural person

  • data concerning health

  • data concerning a person’s sex life or sexual orientation

Any such information that may incidentally appear in user-uploaded photos is processed only temporarily for the purpose of providing the Service and is not analyzed, inferred, stored, or used for identification or profiling purposes.

3. How We Use Personal Data (Purposes & Legal Bases)

We process personal data only where permitted under the General Data Protection Regulation (GDPR) and solely for specified, explicit, and legitimate purposes. The purposes for which we process personal data, the categories of data involved, and the corresponding legal bases are described below.

3.1. Provision of the Service

We process user-uploaded images and related technical data in order to provide the virtual try-on and related functionality. This processing is necessary for the performance of a contract to which the user is a party, within the meaning of Article 6(1)(b) GDPR.

3.2. Operation, Security, and Maintenance of the Service

We process limited technical and usage data, such as device information and interaction data, to ensure the stability, security, and proper functioning of the Service. This processing is based on our legitimate interest in maintaining and securing our systems in accordance with Article 6(1)(f) GDPR.

3.3. Improvement and Development of the Service

We may process aggregated and anonymized usage data to analyze performance, identify errors, and improve the quality and functionality of the Service. This processing is carried out on the basis of our legitimate interest in developing and optimizing our services under Article 6(1)(f) GDPR. No data used for this purpose is used to identify individual users.

3.4. Communications and Support

Where users contact us directly, we process contact details and the content of communications for the purpose of responding to inquiries and providing support. This processing is necessary for the performance of a contract or for taking steps at the user’s request prior to entering into a contract, pursuant to Article 6(1)(b) GDPR.

3.5. Legal and Regulatory Compliance

We may process personal data where necessary to comply with applicable legal obligations, including obligations under EU or national law. In such cases, processing is based on Article 6(1)(c) GDPR.

4. How We Process Photos (Critical Section)

4.1 Try-On Photos (Temporary)

Try-On Photos are processed in temporary memory and deleted through automated routines that remove all copies from active systems and caches. Access to Try-On Photos is strictly limited to automated systems and is not accessible to human reviewers:

  • uploaded for the sole purpose of generating virtual try-on results

  • processed in memory or short-term storage

  • not saved to your Account unless you choose to

  • not used for AI model training

  • deleted automatically shortly after processing (see Retention Table)

ViWear does not retain Try-On Photos long-term.

4.2 Saved Photos (Calendar / Outfit History)

If you choose to save a photo in your Calendar:

  • The photo becomes part of your user-generated content

  • It is stored in your Account until you delete it

  • It may be displayed back to you inside the Service

  • It is not used for AI training

  • It is stored separately from Try-On Photos with different retention rules

4.3 Photo Processing Servers & Location

All image processing and storage occur on secure servers in:

  • European Union (EU)
    or

  • EEA-compliant cloud hosting providers (e.g., Google Cloud / AWS EU Region)

We do not transfer photos to non-EU countries unless adequate safeguards are in place (Standard Contractual Clauses or equivalent).

5. How Long We Store Your Data (Retention Periods)

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including the provision of the Service, compliance with legal obligations, and the resolution of disputes. Retention periods vary depending on the category of data, as described below.

5.1. Try-On Photos

User-uploaded photos used for virtual try-on are processed only temporarily and are deleted automatically after processing. Such photos are not stored on a long-term basis and are deleted within a short period, typically within a few hours and in any event no later than 24 hours after upload.

5.2. Saved Photos (Gallery)

Where users choose to save photos within the Service, such photos are retained until the user deletes them or until the associated account is deleted. Retention of saved photos is therefore user-controlled.

5.3. Account Data

Personal data associated with a user account is retained for as long as the account remains active. Upon account deletion, such data is deleted or anonymized, unless continued retention is required for legal or regulatory purposes.

5.4 Usage Data and Logs

Technical and usage data, including logs generated through interaction with the Service, are retained for a period of up to twelve (12) months. This data is used for analytics, security monitoring, and the improvement of the Service.

5.5. Communications

Communications with users, including customer support inquiries, are retained for up to twenty-four (24) months in order to manage support requests, maintain service quality, and for internal record-keeping purposes.

5.6.Legal and Compliance Data

Certain personal data may be retained for longer periods where required to comply with applicable legal, tax, or regulatory obligations. In such cases, data is retained only for the duration mandated by applicable law.

6. Data Sharing

We may share data with:

6.1 Service Providers (Data Processors)

For hosting, analytics, error monitoring, content delivery, email services, etc.
All providers are bound by GDPR-compliant agreements.

6.2 Legal Obligations

We may share data if required by:

  • law

  • regulators

  • court orders

6.3 No selling of personal data

ViWear never sells personal data to third parties.

7. Data Transfers Outside the EU

If data is transferred outside the EU/EEA (e.g., US-based processors):

We ensure:

  • Standard Contractual Clauses (SCCs)

  • Data Processing Agreements

  • Supplementary safeguards where required

8. Your Rights Under GDPR

You have the following rights:

  • Access your personal data

  • Rectification (correct inaccurate data)

  • Erasure (“right to be forgotten”)

  • Restriction of processing

  • Data Portability

  • Object to processing (e.g., personalization)

  • Withdraw consent at any time

  • Lodge a complaint with your national Data Protection Authority

To exercise rights, contact: info@viwear.tech

9. Age Requirements

ViWear is intended for users aged 18 years and older. We do not knowingly collect or process personal data from children under the age of 18. If we become aware that a person under 18 has used the Service, we will take appropriate steps to delete the related account and personal data without undue delay. If a parent or legal guardian believes that a person under 18 has provided personal data to ViWear, they may contact us at info@viwear.tech. Upon verification, we will promptly delete the relevant account and associated personal data.

11. Security Measures

We implement:

  • encryption in transit (TLS)

  • encryption at rest

  • access controls

  • secure data centers

  • audit logs

  • rate-limiting & anti-abuse protections

No system is completely secure, but we take appropriate measures to protect your data.

12. Data Breach Notification (GDPR Articles 33 & 34)

In case of a personal data breach:

  • We will assess the risk to your rights

  • Notify the Dutch Data Protection Authority (AP) within 72 hours when legally required

  • Notify affected users without undue delay if the breach may cause high risk

  • The notification will include:

    • nature of the breach

    • types of affected data

    • possible consequences

13. Analytics and Similar Technologies (Mobile Application Only)

ViWear is provided exclusively as a mobile application. We do not operate a website and do not use browser-based cookies.

Within the ViWear mobile application, we may use software development kits (SDKs) and similar technologies to operate, secure, and improve the Service. These technologies may process limited technical data, such as device identifiers, temporary session tokens, and app interaction events, for the following purposes:

  • enabling secure authentication and communication between the mobile application and our backend services;

  • analyzing app usage in an aggregated and non-identifying manner;

  • monitoring app performance, stability, and error reporting.

14. Account Deletion & Data Deletion

When you delete your account or request erasure of your personal data, ViWear will delete or anonymize your personal data without undue delay and within applicable GDPR time limits, unless retention is required to comply with a legal obligation.

Upon account deletion:
    – account-related personal data will be removed from our active systems;
    – all saved photos and user-generated content will be deleted;
    – Try-On Photos will have already been deleted automatically as described above.

Certain limited technical data (such as security or audit logs) may be retained for a longer period where strictly necessary to comply with legal obligations, prevent fraud, or ensure the security and integrity of the Service. Such data will not be used for any other purposes.

Where appropriate, we may notify you once the account deletion process has been completed.

15. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in:

  • our practices

  • service features

  • legal requirements

Users will be notified when required by law.

Continued use of the Service indicates acceptance of changes.

16. Contact Information

For privacy-related requests:

Email: info@viwear.tech
Address:ViWear B.V., Vlierweg 12 K-03, 1032 LG Amsterdam, Netherlands