Back to App
Aisthetix

Privacy Policy

Last updated: March 1, 2026

1. Introduction

Aisthetix ("we", "our", "us") provides an AI-powered virtual try-on service for fashion e-commerce. This Privacy Policy explains how we collect, use, and protect information when you use our demo application, our Shopify app, and related backend services.

By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. Data Controller

The data controller responsible for your personal data is:

Aisthetix

Email: davide_mastricci@aisthetix.com

3. Information We Collect

3.1 Demo Application

Our demo application runs entirely in your browser. We store the following data locally on your device:

  • Your uploaded avatar image (stored in browser localStorage)
  • Daily try-on usage count (stored in browser localStorage)

This data never leaves your device unless you initiate a try-on generation, in which case the image is sent to our backend for processing.

3.2 Shopify App (Production)

When merchants install our Shopify app, we collect:

  • Shop domain and Shopify store identifier
  • Subscription and billing information
  • Try-on usage records (aggregated counts, not individual customer data)
  • Billing events and subscription status changes

We do not collect or store any end-customer personal information. Virtual try-on sessions are anonymous and not linked to any customer identity.

3.3 Image Processing

When a virtual try-on is generated:

  • Your uploaded photo is sent to our backend server via encrypted HTTPS connection
  • The image is processed entirely in server memory — it is never written to disk or stored permanently
  • Results may be held in a temporary in-memory cache (maximum 1 hour, up to 100 entries) to improve response times for identical requests
  • Asynchronous processing jobs are stored in Redis with a time-to-live of 1 hour, after which they are automatically deleted

4. How We Use Your Information

We use the information we collect to:

  • Provide and operate our virtual try-on service
  • Process and manage merchant subscriptions and billing
  • Track usage for billing and quota management
  • Improve our service quality and performance
  • Comply with legal obligations

We do not use tracking cookies, collect customer email addresses through the try-on widget, or link customer identity to try-on results.

5. Data Retention

Data TypeRetention Period
In-memory image cache1 hour (automatic expiry)
Redis processing jobs1 hour (automatic expiry)
Browser localStorage (demo)Until manually cleared by user
Merchant subscription & usage dataWhile subscription is active; deleted upon shop redaction request
GDPR audit logsRetained indefinitely for compliance purposes

6. Third-Party Services

We use the following third-party services to operate Aisthetix:

  • Google — AI image generation for virtual try-on. Images are sent transiently for processing and are not stored by us. Google's own data handling is governed by their Privacy Policy.
  • Shopify — Merchant billing and subscription management via the Shopify Billing API.
  • MongoDB — Database for merchant subscription and usage data.
  • Redis — Temporary job storage with automatic expiry.
  • Vercel Analytics — Anonymous, privacy-friendly analytics on the demo application.

7. Cookies and Analytics

Our demo application uses Vercel Analytics, which collects anonymous, aggregated usage data without using cookies or tracking individual users.

We do not use advertising cookies, third-party tracking pixels, or any form of cross-site tracking. Our Shopify widget does not set any cookies on merchant storefronts.

8. GDPR Compliance (EEA Users)

If you are located in the European Economic Area (EEA), the following additional rights and information apply to you under the General Data Protection Regulation (GDPR).

Lawful Basis for Processing

  • Legitimate Interest — Processing virtual try-on requests to deliver our core service.
  • Contract Performance — Managing merchant subscriptions and billing under the service agreement.
  • Consent — For any optional features or communications where applicable.

Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  • Right of Access — Request a copy of the personal data we hold about you.
  • Right to Rectification — Request correction of inaccurate personal data.
  • Right to Erasure — Request deletion of your personal data.
  • Right to Data Portability — Receive your data in a structured, machine-readable format.
  • Right to Restrict Processing — Request that we limit processing of your data.
  • Right to Object — Object to processing based on legitimate interest.
  • Right to Withdraw Consent — Withdraw consent at any time where processing is based on consent.
  • Right to Lodge a Complaint — File a complaint with your local data protection supervisory authority.

How to Exercise Your Rights

To exercise any of your rights, contact us at davide_mastricci@aisthetix.com. We will respond to your request within 30 days.

Shopify GDPR Compliance

Our Shopify app implements all mandatory GDPR compliance webhooks:

  • Customer Data Request — We report that no customer personal data is stored (try-ons are anonymous).
  • Customer Redaction — No customer data requires deletion as none is linked to customer identity.
  • Shop Redaction — All merchant data (subscriptions, usage records, billing events, sessions) is permanently deleted 48 hours after app uninstall.

International Data Transfers

Image processing is performed via Google Cloud infrastructure, which may involve transferring data outside the EEA. These transfers are covered by standard contractual clauses and Google's data processing agreements.

Data Protection Officer

For GDPR-related inquiries, contact our DPO at davide_mastricci@aisthetix.com.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data transmission is encrypted via HTTPS/TLS
  • Images are processed in-memory only and never persisted to disk
  • Merchant authentication uses encrypted tokens (AES-256 for email encryption, JWT with HS256/RS256 for session tokens)
  • Database access is restricted with authentication and access controls
  • Temporary data is automatically purged via time-to-live expiration

10. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately so we can take appropriate action.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated "Last updated" date. We encourage you to review this page periodically to stay informed about how we protect your data.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: davide_mastricci@aisthetix.com