Privacy Policy

The data controller for the Wairra app and the wairra.com website is:

Wairra UG (haftungsbeschränkt)
Registered address: see our Imprint.
Email: privacy@liftune.com

We have not appointed a Data Protection Officer because we do not meet the thresholds in Art. 37 GDPR. You can still reach the team responsible for privacy at the email above.

• We collect what we need to run the app: your account, your wardrobe and photos, the outfits and trips you plan, and the diagnostics we need to keep the app working.
• Your photos, avatar, and try-on renders live in your private account on Supabase Storage. They are not used to train shared models and are not shown to other users.
• We use AI services from OpenAI (via the Vercel AI Gateway) to remove backgrounds from item photos, generate your avatar, and create try-on images. These calls happen on our servers, not directly from your phone.
• We do not track you across other apps or websites. There is no advertising SDK, no IDFA, and no App Tracking Transparency prompt.
• You can export your data or delete your account from Profile → Privacy at any time.

The table below mirrors the App Privacy declaration we publish on the App Store. Each row is labelled with the Apple data category it maps to.

Account and contact information

• Name (display name). Provided by Apple or Google on first sign-in, or edited later from Profile.
• Email address. Used to identify your account and send transactional messages such as password resets. We never send your email address to analytics or error-monitoring tools as an event property.
• Auth provider identifiers. The opaque identifiers issued by Apple Sign-In and Google Sign-In so we can recognise you on return visits.

Wardrobe and lifestyle content

• Item photos. The photos you upload from your camera, photo library, or a pasted link, plus the processed background-removed version of each photo.
• Avatar photos. The selfie you optionally provide, plus the four AI-generated poses we derive from it.
• Try-on renders. AI-generated composites of your avatar and the outfit you chose.
• Item metadata. Category, color, season, occasion, brand, notes, and other attributes you (or our AI helpers) assign to each item.
• Outfits, looks, day plans, trips, and packing lists. The combinations you save and the schedules you build.
• Style preferences. Style profile answers, color likes/dislikes, occasion mix.

Device and usage data

• Precise location. Used only when you grant the permission, only to fetch the local weather for outfit recommendations. The coordinates are sent to Apple WeatherKit and are not stored after the request completes.
• Expo push token. A device-specific identifier we store so we can send you the notifications you have opted in to.
• Product interaction events. Explicit, typed events such as onboarded, item_added, outfit_recommended, try_on_generated, and look_saved. PostHog autocapture is off, so we do not record every tap or page view.
• Diagnostics. Crash reports, handled-error reports, and a 10% sample of performance traces (Sentry). We strip personal content such as media, signed storage URLs, auth tokens, and email addresses before sending.
• Edge Function logs. Function name, model, latency, cost in fractions of a cent, prompt version, and outcome. We do not log raw prompts, raw payloads, signed URLs, or your content.

We do not collect: physical address, phone number, financial information, health and fitness data, contacts, browsing or search history, purchases, or sensitive information as defined by Apple.

We process your data under the legal bases set out in Art. 6 GDPR (and equivalent provisions in UK GDPR):

• To provide the app you asked for — Art. 6 (1) (b) GDPR, performance of a contract. Covers signing you in, storing your wardrobe, generating avatars and try-on renders, recommending outfits, planning days and trips, and sending the notifications you enabled.
• To keep the app running safely — Art. 6 (1) (f) GDPR, legitimate interests. Covers crash reporting, performance monitoring, Edge Function cost tracking, abuse prevention, and keeping our infrastructure secure. Our interest is operating a stable product; we balance it against your privacy by aggregating, sampling, and stripping personal content.
• To understand activation — Art. 6 (1) (f) GDPR, legitimate interests. Covers the explicit, typed product events described above. We do not use this data for advertising or for tracking you across other services.
• Where you have given consent — Art. 6 (1) (a) GDPR. Covers optional permissions (camera, photo library, notifications, precise location). You can withdraw any consent at any time in the iOS Settings app or from Profile → Notifications and Profile → Privacy.
• To comply with legal obligations — Art. 6 (1) (c) GDPR. Covers responding to lawful requests from authorities and keeping the records German tax and commercial law require.

Wairra uses AI to do four things that the app could not otherwise do. All AI calls are made server-side from our Supabase Edge Functions through the Vercel AI Gateway. The app on your phone never holds the provider API keys.

What the AI does

• Background removal for item photos — OpenAI gpt-image-2. Isolates the garment while keeping a natural shadow.
• Avatar generation — OpenAI gpt-image-2. Creates one canonical avatar from your selfie plus four pose variants.
• Try-on rendering — OpenAI gpt-image-2. Composites the anchor avatar with the outfit's items. Renders are cached server-side, keyed by your user ID and the outfit hash, so we do not pay to generate the same image twice.
• Outfit recommendation — OpenAI gpt-5-mini. Chooses one primary outfit and two alternates from the items in your wardrobe and writes a one-line explanation.

What the AI does not do

• No training on your content. We do not use your photos, avatars, or wardrobe to train shared or third-party models. Our agreement with our AI provider prohibits the use of API inputs and outputs to train their models.
• No legal or significant automated decisions. The recommendations the app makes do not produce legal effects on you in the sense of Art. 22 GDPR. You can ignore any recommendation, edit it, or remove your data at any time.
• No third-party facial database. The avatar pipeline uses only the selfie you provided. We do not match your face against external biometric databases.

Photos, avatar source images, pose variants, and try-on renders live in Supabase Storage buckets that are scoped to your user account and protected by Postgres Row-Level Security. The buckets are:

• items-raw — the photo as you uploaded it.
• items — the background-removed garment image.
• avatars-raw — the selfie you provided.
• avatars — the four generated avatar poses.
• try-ons — the cached try-on render for each outfit hash.

Access is gated by a JSON Web Token issued by Supabase Auth and tied to your user ID. No other user can read your bucket contents. We do not expose a public feed and we do not surface your photos to anyone outside your account.

When you delete your account, we remove the rows in our database that point at your storage objects and queue the underlying files for deletion. The hard-delete completes within 30 days.

We work with a small set of processors who help us deliver the app. Each one is bound by a data-processing agreement that limits what they can do with your data and requires equivalent safeguards.

Processors

• Supabase, Inc. — Authentication, Postgres database, object storage, and Edge Functions. Hosting region: EU.
• Vercel Inc. — Hosting of the wairra.com marketing site and the AI Gateway that proxies our model requests.
• OpenAI, OpCo, LLC — AI models for background removal, avatar generation, try-on rendering, and outfit recommendation. Accessed via the Vercel AI Gateway. OpenAI's API data-handling terms prohibit training on inputs and outputs.
• Apple Inc. — Sign in with Apple, push notification delivery (APNs), Apple WeatherKit for weather data, and App Store distribution.
• Google LLC — Google Sign-In.
• Expo / EAS — Build, submission, push token delivery, and over-the-air updates.
• Functional Software, Inc. (Sentry) — Crash and error monitoring. Replay and profiling are disabled.
• PostHog Inc. — Product analytics. Autocapture, session replay, surveys, and group analytics are disabled.

We do not sell your personal information and we do not share it with data brokers or advertising networks.

Some of the processors above are based in the United States. When your data is transferred outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses (Decision (EU) 2021/914), supplemented where appropriate by additional technical measures (such as TLS in transit, encryption at rest, and scoping access by user). Where the recipient is certified under the EU-US Data Privacy Framework or its UK/Swiss extensions, we rely on that certification as the transfer mechanism.

You can ask us at privacy@liftune.com for a copy of the relevant transfer safeguards.

• Account data and content — while your account is active. Deleted on request within 30 days.
• Try-on render cache — kept while the underlying outfit exists. Pruned on account deletion.
• Edge Function logs — 90 days.
• Crash and error reports — 90 days.
• Product analytics — 12 months for individual-level events, indefinite for aggregated insights.
• Backups — encrypted database backups are retained for up to 30 days and then overwritten.
• Records required by law — kept for the period that German tax and commercial law require (typically 6 or 10 years for invoices and accounting records).

If you are in the European Economic Area or the United Kingdom, you have the right to:

• Access the personal data we hold about you (Art. 15 GDPR).
• Have inaccurate data corrected (Art. 16 GDPR).
• Have your data erased (Art. 17 GDPR) — fastest from Profile → Privacy → Delete account.
• Restrict our processing of your data (Art. 18 GDPR).
• Receive your data in a portable, machine-readable format (Art. 20 GDPR) — available from Profile → Privacy → Export my data.
• Object to processing based on legitimate interests (Art. 21 GDPR).
• Withdraw any consent you previously gave (Art. 7 (3) GDPR). Withdrawal does not affect processing carried out before withdrawal.
• Lodge a complaint with your local supervisory authority. In Germany this is the data protection authority of the federal state in which you live.

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you parallel rights of access, deletion, correction, and the right to limit the use of sensitive personal information. Wairra does not sell or share personal information for cross-context behavioural advertising and does not collect sensitive personal information beyond what is described in this policy. To exercise your rights, email privacy@liftune.com.

We will respond within 30 days of receiving a verified request and will explain any extension if a request is unusually complex.

We apply technical and organisational measures appropriate to the risk, including: TLS for data in transit, encryption at rest for storage and database backups, JWT-scoped access to user content, Postgres Row-Level Security on every table, dedicated buckets for user media, restricted access to production secrets, automated dependency updates, and code review on every change. No system is perfectly secure; if we ever become aware of a breach affecting your personal data, we will notify you and the relevant supervisory authority as required by Art. 33 and Art. 34 GDPR.

Wairra is rated 4+ on the App Store but it is not directed at children. We require users to be at least 16 years old in the European Economic Area, in line with Art. 8 GDPR, or older where local law sets a higher digital-consent age. In other regions, users must be at least 13. If you believe a child has provided personal data to us, please contact privacy@liftune.com and we will delete the account.

We will update this policy when our processing materially changes — for example when we add a new processor or a new data category. The "Last updated" date at the top of this page changes with each revision. For material changes that affect the rights you can exercise, we will additionally notify you in the app or by email before the change takes effect.

For privacy questions, requests, or complaints, please reach out at privacy@liftune.com. Postal mail can be sent to the address listed in our Imprint.