Who is responsible
The data controller for the Wairra app and the wairra.com website is:
Wairra UG (haftungsbeschränkt)
Registered address: see our Imprint.
Email: privacy@liftune.com
We have not appointed a Data Protection Officer because we do not meet the thresholds in Art. 37 GDPR. You can still reach the team responsible for privacy at the email above.
Plain-language summary
- We collect what we need to run the app: your account, your wardrobe and photos, the outfits and trips you plan, and the diagnostics we need to keep the app working.
- Your photos, avatar, and try-on renders live in your private account on Supabase Storage. They are not used to train shared models and are not shown to other users.
- Your selfie is used only to build your avatar — never to identify you, and never matched against any face database. See Face data and biometrics for the details.
- We use AI services from OpenAI to generate your avatar, create try-on images, and recommend outfits, and from Replicate to remove backgrounds from item photos. These calls happen on our servers, not directly from your phone.
- We do not track you across other apps or websites. There is no advertising SDK, no IDFA, and no App Tracking Transparency prompt.
- You can export your data or delete your account from Profile → Privacy at any time.
Data we collect
The table below mirrors the App Privacy declaration we publish on the App Store. Each row is labelled with the Apple data category it maps to.
Account and contact information
- Name (display name). Provided by Apple or Google on first sign-in, or edited later from Profile.
- Email address. Used to identify your account and send transactional messages such as password resets. We never send your email address to analytics or error-monitoring tools as an event property.
- Auth provider identifiers. The opaque identifiers issued by Apple Sign-In and Google Sign-In so we can recognise you on return visits.
Wardrobe and lifestyle content
- Item photos. The photos you upload from your camera, photo library, or a pasted link, plus the processed background-removed version of each photo.
- Avatar photos. The selfie you optionally provide, plus the four AI-generated poses we derive from it. See Face data and biometrics.
- Try-on renders. AI-generated composites of your avatar and the outfit you chose.
- Item metadata. Category, color, season, occasion, brand, notes, and other attributes you (or our AI helpers) assign to each item.
- Outfits, looks, day plans, trips, and packing lists. The combinations you save and the schedules you build.
- Style preferences. Style profile answers, color likes/dislikes, occasion mix.
Device and usage data
- Precise location.Used only when you grant the permission, only to fetch the local weather for outfit recommendations. The coordinates are sent to Apple WeatherKit and are not retained on our servers after the request completes; your most recent coordinates may be cached on your device so the weather card loads quickly. Some US state laws treat precise location as “sensitive personal information” — see US state privacy rights.
- Expo push token. A device-specific identifier we store so we can send you the notifications you have opted in to.
- Product interaction events. Explicit, typed events such as
onboarded,item_added,outfit_recommended,try_on_generated, andlook_saved. PostHog autocapture is off, so we do not record every tap or page view. - Diagnostics. Crash reports, handled-error reports, and a 10% sample of performance traces (Sentry). We strip personal content such as media, signed storage URLs, auth tokens, and email addresses before sending.
- Bug reports and feedback. If you shake to report a bug or contact us from inside the app, we receive the message you type, your account name and email, technical details about your device and subscription, and — only when you choose to attach one — a screenshot of the screen you were on. We use this solely to reproduce and fix the issue. A screenshot may contain whatever was on screen, so only attach one if you are comfortable sharing it.
- Edge Function logs. Function name, model, latency, cost in fractions of a cent, prompt version, and outcome. We do not log raw prompts, raw payloads, signed URLs, or your content.
We do not collect: physical address, phone number, financial information, health and fitness data, contacts, browsing or search history, purchases, or sensitive information as defined by Apple (other than the photos and precise location described in this policy).
Purposes and legal bases
We process your data under the legal bases set out in Art. 6 GDPR (and equivalent provisions in UK GDPR):
- To provide the app you asked for — Art. 6 (1) (b) GDPR, performance of a contract. Covers signing you in, storing your wardrobe, generating avatars and try-on renders, recommending outfits, planning days and trips, and sending the notifications you enabled.
- To keep the app running safely — Art. 6 (1) (f) GDPR, legitimate interests. Covers crash reporting, performance monitoring, Edge Function cost tracking, abuse prevention, and keeping our infrastructure secure. Our interest is operating a stable product; we balance it against your privacy by aggregating, sampling, and stripping personal content.
- To understand activation — Art. 6 (1) (f) GDPR, legitimate interests. Covers the explicit, typed product events described above. We do not use this data for advertising or for tracking you across other services.
- Where you have given consent — Art. 6 (1) (a) GDPR. Covers optional permissions (camera, photo library, notifications, precise location) and your agreement to AI processing of the photos you provide. You can withdraw any consent at any time in the iOS Settings app or from Profile → Notifications and Profile → Privacy; to stop AI processing of your photos, delete your account.
- To comply with legal obligations — Art. 6 (1) (c) GDPR. Covers responding to lawful requests from authorities and keeping the records German tax and commercial law require.
How we use AI
Wairra uses AI to do four things that the app could not otherwise do. All AI calls are made server-side from our Supabase Edge Functions. The app on your phone never holds the provider API keys.
What the AI does
- Background removal for item photos — Replicate. Isolates the garment while keeping a natural shadow. Used when you add a single item or import a multi-item photo of your wardrobe.
- Avatar generation — OpenAI
gpt-image-2. Creates one canonical avatar from your selfie plus four pose variants. The selfie you provide is sent to OpenAI for this step; see Face data and biometrics. - Try-on rendering — OpenAI
gpt-image-2. Composites the anchor avatar with the outfit’s items. Renders are cached server-side, keyed by your user ID and the outfit hash, so we do not pay to generate the same image twice. - Outfit recommendation — OpenAI
gpt-5-mini. Chooses one primary outfit and two alternates from the items in your wardrobe and writes a one-line explanation.
What the AI does not do
- No training on your content. We do not use your photos, avatars, or wardrobe to train shared or third-party models. Our agreements with our AI providers prohibit the use of API inputs and outputs to train their models.
- No legal or significant automated decisions. The recommendations the app makes do not produce legal effects on you in the sense of Art. 22 GDPR. You can ignore any recommendation, edit it, or remove your data at any time.
- No third-party facial database. The avatar pipeline uses only the selfie you provided. We do not match your face against external biometric databases.
Labelling of AI-generated images
Avatars and try-on renders are AI-generated images. We label them inside the app with an “AI Generated” badge, and images you share carry a “Generated by Wairra AI” watermark. Where it is technically feasible we also mark generated images as artificially generated in their metadata. This reflects the transparency expectations of the EU AI Act for synthetic image content. The renders are stylised illustrations, not photographs — see our Terms of Service for what they should and should not be relied on for.
Your photos and avatars
Photos, avatar source images, pose variants, and try-on renders live in Supabase Storage buckets that are scoped to your user account and protected by Postgres Row-Level Security. The buckets are:
items-raw— the photo as you uploaded it.items— the background-removed garment image.avatars-raw— the selfie you provided.avatars— the four generated avatar poses.try-ons— the cached try-on render for each outfit hash.
Access is gated by a JSON Web Token issued by Supabase Auth and tied to your user ID. No other user can read your bucket contents. We do not expose a public feed and we do not surface your photos to anyone outside your account.
When you share a look from the app, the app creates a temporary, signed link to that single render so the person you share with can view it. The link expires automatically. Anyone you send a live link to can view that image until it expires, so only share looks with people you trust.
When you delete your account, we remove the rows in our database that point at your storage objects and delete the underlying files in all of the buckets above. The hard-delete completes within 30 days.
Face data and biometrics
To create your avatar, the app sends the selfie you provide to our AI image provider (OpenAI), which generates a stylised, full-body avatar that resembles you. Because that selfie shows your face, we want to be precise about what we do — and do not — do with it.
- We use your selfie only to build and refine your avatar and the try-on renders you ask for. We do not use it for any other purpose.
- We do not identify or recognise you. We do not create a faceprint, a face-geometry template, or any other biometric identifier, and we do not match your face against any external database. Your avatar is a generative image, not a face-recognition system.
- We never sell, lease, or trade face data, and we do not use your face to train shared or third-party AI models.
- Retention. Your source selfie stays in your private account while the account is active, so you can regenerate or retake your avatar. It is permanently deleted within 30 days of you deleting your account, along with your generated avatar and your try-on renders.
Depending on where you live, an image of your face may be treated as “biometric” or “sensitive” data. We ask for your agreement to this AI processing before your first avatar or try-on, in an in-app dialog that names the providers involved. If you are a resident of Illinois, Texas, or Washington: we do not collect or store a biometric identifier to identify you; to the extent any face data is regulated in your state, we obtain your consent before the selfie is captured, limit our use to providing the avatar and try-on features, do not sell or disclose it, and follow the retention and destruction schedule above.
Service providers and recipients
We work with a small set of processors who help us deliver the app. Each one is bound by a data-processing agreement that limits what they can do with your data and requires equivalent safeguards.
Processors
- Supabase, Inc. — Authentication, Postgres database, object storage, and Edge Functions. Hosting region: EU.
- Vercel Inc. — Hosting of the wairra.com marketing site.
- OpenAI, OpCo, LLC— AI models for avatar generation, try-on rendering, and outfit recommendation. Called server-side from our Supabase Edge Functions. OpenAI’s API data-handling terms prohibit training on inputs and outputs.
- Replicate, Inc.— AI models for background removal on wardrobe item photos and for generating the image similarity values we use to spot duplicate items. Called server-side from our Supabase Edge Functions. Replicate’s API terms prohibit training on inputs and outputs and their default retention is short-lived.
- RevenueCat, Inc. — Subscription billing orchestration and entitlement management for Wairra+. Receives your app user ID and Apple transaction identifiers from the App Store so we can grant and revoke access to paid features. Receives no photos, wardrobe data, or AI content. Used only when you start a subscription, trial, or credit-pack purchase.
- Apple Inc. — Sign in with Apple, push notification delivery (APNs), Apple WeatherKit for weather data, App Store distribution, and processing of all in-app purchases (subscriptions and credit packs). Apple handles your payment details directly; we never see your card information.
- Google LLC — Google Sign-In.
- Expo / EAS — Build, submission, push token delivery, and over-the-air updates.
- Functional Software, Inc. (Sentry) — Crash and error monitoring, and the in-app bug-report / feedback channel. Session replay and profiling are disabled. When you submit feedback, the message, your name and email, and any screenshot you attach are sent to Sentry so we can resolve the issue. Hosting region: EU.
- PostHog Inc. — Product analytics. Autocapture, session replay, surveys, and group analytics are disabled. Hosting region: EU.
We do not sell your personal information and we do not share it with data brokers or advertising networks.
International transfers
Some of the processors above are based in the United States. When your data is transferred outside the European Economic Area, we rely on the European Commission’s Standard Contractual Clauses (Decision (EU) 2021/914), supplemented where appropriate by additional technical measures (such as TLS in transit, encryption at rest, and scoping access by user). Where the recipient is certified under the EU-US Data Privacy Framework or its UK/Swiss extensions, we rely on that certification as the transfer mechanism.
You can ask us at privacy@liftune.com for a copy of the relevant transfer safeguards.
How long we keep your data
- Account data and content — while your account is active. Deleted on request within 30 days.
- Photos, avatars, and try-on renders — kept in your private account while the account is active so you can edit your wardrobe and regenerate your avatar. Deleting an individual item removes it from your wardrobe; all of your photos — including your source selfie — are permanently deleted within 30 days of account deletion.
- Edge Function logs — 90 days.
- Crash, error, and bug reports — 90 days.
- Product analytics — 12 months for individual-level events, indefinite for aggregated insights.
- Backups — encrypted database backups are retained for up to 30 days and then overwritten.
- Records required by law — kept for the period that German tax and commercial law require (typically 6 or 10 years for invoices and accounting records).
Your rights
If you are in the European Economic Area or the United Kingdom, you have the right to:
- Access the personal data we hold about you (Art. 15 GDPR).
- Have inaccurate data corrected (Art. 16 GDPR).
- Have your data erased (Art. 17 GDPR) — fastest from Profile → Privacy → Delete account.
- Restrict our processing of your data (Art. 18 GDPR).
- Receive your data in a portable, machine-readable format (Art. 20 GDPR) — available from Profile → Privacy → Export my data.
- Object to processing based on legitimate interests (Art. 21 GDPR).
- Withdraw any consent you previously gave (Art. 7 (3) GDPR). Withdrawal does not affect processing carried out before withdrawal.
- Lodge a complaint with your local supervisory authority. In Germany this is the data protection authority of the federal state in which you live.
If you are in the United States, see the next section for your state-specific rights. To exercise any right, email privacy@liftune.com. We will respond within 30 days of receiving a verified request and will explain any extension if a request is unusually complex.
US state privacy rights
Several US states give you privacy rights regardless of where Wairra is based. We honour these rights for residents of any state whose law applies to them.
California (CCPA / CPRA)
California residents have the right to know what personal information we collect and why, to access and delete it, to correct it, and to receive a portable copy. The categories we collect, our purposes, and the processors we share data with are described above. You also have the right to limit the use of sensitive personal information.
- We do not sell or share your personal information and we do not use it for cross-context behavioural advertising. There is no advertising SDK, no IDFA, and no data-broker sharing.
- Sensitive personal information. The only sensitive categories we process are your precise location (used only to fetch local weather) and the photos you upload to build your avatar. We use these solely to provide the features you asked for — never to infer characteristics about you and never for advertising — so no separate “limit” action is required. You can still revoke the underlying permissions in iOS Settings or delete the data from Profile → Privacy.
Other US states
Residents of states such as Virginia, Colorado, Connecticut, Texas, Oregon, and others with comprehensive privacy laws have parallel rights of access, correction, deletion, and portability, and the right to opt out of any sale of personal data, targeted advertising, or profiling that produces legal effects. We do none of those, so there is nothing to opt out of, but we honour recognised universal opt-out signals (such as Global Privacy Control) where they apply. Our processing of sensitive data — including precise location and the face data described above — is limited to providing the service and is based on your consent.
To exercise any of these rights, email privacy@liftune.com. We will not discriminate against you for exercising them.
Security
We apply technical and organisational measures appropriate to the risk, including: TLS for data in transit, encryption at rest for storage and database backups, JWT-scoped access to user content, Postgres Row-Level Security on every table, dedicated buckets for user media, restricted access to production secrets, automated dependency updates, and code review on every change. No system is perfectly secure; if we ever become aware of a breach affecting your personal data, we will notify you and the relevant supervisory authority as required by Art. 33 and Art. 34 GDPR.
Children
Wairra is rated 4+ on the App Store but it is not directed to children, and we do not knowingly collect their personal data. You must be at least 16 years old in the European Economic Area, in line with Art. 8 GDPR (or older where local law sets a higher digital-consent age), and at least 13 elsewhere. Because the app processes photos of your face, we are especially careful here: if we learn that we hold data — including face data — belonging to a child below the applicable age, we delete the account and its content. If you believe a child has provided personal data to us, please contact privacy@liftune.com and we will delete the account.
Changes to this policy
We will update this policy when our processing materially changes — for example when we add a new processor or a new data category. The “Last updated” date at the top of this page changes with each revision. For material changes that affect the rights you can exercise, we will additionally notify you in the app or by email before the change takes effect.
Contact us
For privacy questions, requests, or complaints, please reach out at privacy@liftune.com. Postal mail can be sent to the address listed in our Imprint.
Questions about this page? Write to us at legal@liftune.com.