The short version
- Your closet items, location maps, saved looks, and pose photos live on your device, not on our server.
- AI Assist sends the photos involved to OpenAI for processing. Our server relays the request and result; we don't save your pose photos or AI try-on renders.
- We do save your account record (username, password hash, tier, AI usage counts) so you can sign in.
- We don't sell your data, run ads, or use your photos to train any AI model.
1. What we collect and where it lives
On your device only
Stored in your browser's local storage and IndexedDB. Never transmitted to our server unless you use a backup or transfer feature that explicitly does so.
- Closet item photos and details (label, brand, size, color, tags, etc.)
- Location and zone maps
- Saved Mirror looks and outfit history
- Pose photos uploaded for try-on (the "first image" in a try-on)
- AI try-on render images returned to you
- App preferences (theme, view mode, etc.)
Clearing your browser data deletes everything on this list. Use Backup in the app to keep a copy you can carry to another device.
On our server
- Account: username, bcrypt password hash, role (user / admin), tier, AI usage counter, account creation date.
- Waitlist (if you join one): email, optional note, optional referrer string.
Sent to OpenAI during AI Assist
When you trigger AI Fill, AI Demo, or AI Try-On, the following are transmitted to OpenAI's API for processing:
- The image(s) you supply (item photo, tag photo, pose photo, garment photos)
- The text instructions our system sends with each request
OpenAI processes the request and returns a result. Our server forwards that result to your browser and does not save the pose photo, garment photos, or rendered image to disk. Your account-level usage counter is updated.
OpenAI's data handling is governed by their terms. By default, API content may be retained by OpenAI for up to 30 days for abuse monitoring and is not used to train their models. See OpenAI's API data usage policy.
Web server logs
Our reverse proxy and Node server log basic request metadata: timestamp, IP address, user agent, request path, response status. These logs are kept for up to 30 days for security and debugging, then rotated out. Logs do not contain image content or password material.
2. What we do not do
- We do not save your pose photos to disk.
- We do not save AI try-on renders to disk.
- We do not sell, rent, or share your data with marketers.
- We do not use your photos to train any AI model.
- We do not embed third-party trackers, analytics, or advertising scripts.
- We do not transmit your closet inventory to our server unless you explicitly upload an item via a feature that says so.
3. Safety scanning
Before any AI Try-On render is generated, the pose image is automatically checked for inappropriate content (nudity, sexual content, minors in suggestive contexts, graphic violence). This check uses OpenAI's moderation plus a small classifier prompt. If the image fails, the render is refused and no render is created or stored.
We do this to keep the feature lawful and to protect you and us.
4. Your controls
- Sign out: ends your session token. Open AI Assist and choose Sign out.
- Backup: export your local data as a portable zip via Actions → Backup.
- Clear local data: clear your browser's site data for this app to remove everything stored on your device. This is irreversible — back up first.
- Account deletion: email privacy@empiricalskye.com from your account address (or another clearly identifying address). We will remove your account record, waitlist entry, and any saved AI usage history within 30 days.
- Data access request: email the same address and we will send what we hold for your account.
5. Children
This service is intended for users 18 and older. Do not upload photos of minors. The AI try-on safety scan refuses minors in suggestive contexts; we additionally ask that no photos of children be uploaded at all, even clothed.
6. Security
- Passwords are stored as bcrypt hashes, never in plaintext.
- Sessions use signed JWTs with a 30-day default expiry.
- Communication with our server is HTTPS-only in production.
- Our server
.env (with API keys, JWT secret, and admin seed credentials) is excluded from version control and lives only on the server.
We are a small operation. We use industry-standard practices but cannot guarantee perfect security. If you discover a vulnerability, email privacy@empiricalskye.com.
7. Third parties
The only third party your data touches in normal use is OpenAI, and only for AI Assist requests. Their policies apply during that processing:
Our hosting provider may receive standard server logs (IP, request metadata) as part of normal operation.
8. Where things are processed
Our server is hosted in the United States. OpenAI processing occurs in the United States. By using the service you understand your request data may transit to and be processed in the US.
9. Retention
- Account record: kept until you ask us to delete it.
- Waitlist entry: kept until you ask us to delete it, or 12 months after we close the waitlist.
- Server logs: 30 days, then rotated.
- AI input photos and renders on our disk: not retained. Held in memory only for the duration of the request.
10. Changes to this policy
If we make material changes (for example, retaining renders, switching AI providers, or adding analytics) we will update this page and the Last updated date at the top, and we will surface a notice in the app on next sign-in. Continued use after a change means you accept the updated policy.
11. Honest limits
- "Local-only" is a promise that we don't keep your pose photos or renders. It is not a promise that no third party ever sees them. Generating a try-on requires sending your pose and garments to OpenAI — there is no on-device AI here.
- Browsers can clear local storage under storage pressure or when you clear browsing data. Use Backup to keep copies of items you care about.
- If you inspect network traffic you will see images leaving your browser during AI Assist. That is expected and necessary for the feature to work.