Back to Home

Privacy Policy

Last updated: April 2026

1. Introduction

This Privacy Policy describes how Leroy Labs LLC (“we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you use StyleIt (“the Service”). StyleIt is an AI-powered virtual try-on platform available through our website at styleit.fit, our mobile application for iOS and Android, and our Chrome browser extension. By using any of these platforms, you agree to the practices described in this policy.

2. Information We Collect

We collect the following categories of information:

a) Account Information

When you create an account, we collect your email address and name through our authentication provider. You may also sign in via third-party OAuth providers, in which case we receive your name and email from that provider.

b) Profile Data

To personalize your virtual try-on experience, you may provide additional profile information including gender, date of birth, height, weight, body type, skin tone, style preferences, budget range, and country. This information helps our AI generate more accurate results.

c) Photos and Images

You upload photos for the virtual try-on feature, including full-body photos, face photos, and clothing/accessory images. You may also save clothing items to your virtual wardrobe.

d) Usage Data

We collect information about how you use the Service, including features accessed, credits consumed, try-on generations performed, interaction patterns, and timestamps of activity.

e) Device and Technical Data

We automatically collect technical information such as browser type, operating system, IP address, device identifiers, screen resolution, and referring URLs when you access the Service.

f) Payment Information

Payment transactions are processed entirely by our third-party payment processor. We do not store your credit card numbers, bank account details, or other sensitive financial information on our servers. We receive only transaction confirmation details such as subscription status, plan type, and billing dates.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, maintain, and improve the StyleIt service
  • Process AI-powered virtual try-on requests using your photos and profile data
  • Manage your account, subscription, and credit balance
  • Personalize AI-generated results based on your profile and preferences
  • Send service-related communications (e.g., subscription confirmations, credit alerts)
  • Detect, investigate, and prevent fraud, abuse, or unauthorized access
  • Aggregate and analyze usage data to improve our features and user experience
  • Comply with legal obligations, enforce our Terms of Service, and protect our rights

4. Lawful Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following lawful bases as defined under the General Data Protection Regulation (GDPR):

  • Consent: For processing your photos and images for AI-powered virtual try-on. You provide consent when you upload photos and initiate a try-on generation. You may withdraw consent at any time by deleting your photos and ceasing use of the Service.
  • Contract Performance: For processing necessary to provide the Service you have subscribed to, including account management, credit allocation, and subscription billing.
  • Legitimate Interests: For service improvement, analytics, fraud prevention, and security measures, where such interests are not overridden by your data protection rights.
  • Legal Obligation: For compliance with applicable laws, including tax and accounting requirements, and responding to lawful requests from public authorities.

5. Photo and Image Data

Your photos are central to how StyleIt works, and we take their protection seriously:

  • Photos you upload for virtual try-on are transmitted securely to our servers and then sent to our AI inference provider for processing.
  • Your photos are not stored permanently on our servers after the AI processing is complete. They are held only transiently during the generation process.
  • We do not use your photos to train any AI or machine learning models. Your images are used solely to generate your requested virtual try-on results.
  • Generated try-on result images are stored in your account history and are accessible until you choose to delete them.
  • Profile body photos and face photos you upload for your profile are stored securely in encrypted cloud storage and are used only for rendering your try-on results.
  • Wardrobe images you save are stored in encrypted cloud storage and remain accessible until you delete them from your wardrobe.

6. AI Processing

StyleIt uses artificial intelligence to generate virtual try-on images. Here is how the AI processing works:

  • When you request a virtual try-on, your person photo and clothing images are sent to our AI inference provider's API for processing.
  • Our AI provider processes these images to generate realistic virtual try-on results showing how the clothing would look on you.
  • The AI processing is performed on our provider's infrastructure. Their data handling is governed by their data processing terms and privacy policies.
  • Your data is not used by our AI provider to traintheir general AI models when processed through their API service.
  • AI-generated images are approximations and may not perfectly represent actual fit, color, or appearance of clothing items.

7. Data Sharing and Third-Party Processors

We do not sell your personal information. We share data with the following third-party service providers who assist us in operating StyleIt. Each provider is bound by data processing agreements to protect your data:

  • Authentication provider — Manages user authentication and account security. Processes your email, name, and login credentials.
  • Payment processor — Handles all subscription billing and credit purchases. Processes payment details directly; we never see or store your card information.
  • AI inference provider — Processes your photos temporarily to generate virtual try-on images.
  • Cloud storage provider — Secure encrypted storage for profile images, wardrobe items, and generated try-on results.
  • Analytics provider — Collects anonymized usage data to help us improve the Service.
  • Database provider — Stores account data, profile information, and transaction records.
  • Caching provider — Temporarily stores non-sensitive operational data for improved performance.

We may also share data when required by law, to protect our legal rights, or in connection with a merger, acquisition, or sale of assets (with prior notice to affected users where practicable).

8. “Do Not Sell or Share” Notice (CCPA)

We do not sell or share your personal information as defined under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). We have not sold or shared personal information in the preceding 12 months. We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA.

9. Data Retention

We retain your data for the following periods:

  • Account data (email, profile information): Retained for as long as your account is active. Deleted upon account closure request.
  • Photos uploaded for try-on: Processed transiently and not stored permanently after AI generation is complete.
  • Profile and wardrobe images: Retained until you delete them or close your account.
  • Generated try-on images: Retained in your history until you delete them or close your account.
  • Usage and analytics logs: Retained for up to 90 days in identifiable form, then aggregated or deleted.
  • Payment and billing records: Retained as required by applicable tax and accounting laws (typically 7 years).

10. Data Security

We implement industry-standard security measures to protect your information:

  • All data in transit is encrypted using TLS 1.2 or higher
  • Data at rest is encrypted using AES-256 encryption in our storage systems
  • Authentication is managed by a SOC 2 Type II compliant provider
  • Access to production systems is restricted through role-based access controls
  • We conduct regular security reviews and vulnerability assessments
  • Payment processing is handled by a PCI DSS Level 1 certified processor

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Your Rights Under GDPR

If you are located in the EEA, UK, or Switzerland, you have the following rights under the GDPR. We will respond to your requests within one month, free of charge:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you and information about how it is processed.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data. You can also update most profile data directly through your dashboard.
  • Right to Erasure (Art. 17): Request deletion of your personal data. You can delete your try-on history, wardrobe items, and profile photos through your dashboard, or request full account deletion by contacting us.
  • Right to Restrict Processing (Art. 18): Request that we limit how we process your data in certain circumstances.
  • Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format, or request transfer to another controller where technically feasible.
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we have compelling legitimate grounds.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right Regarding Automated Decisions (Art. 22): You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Our AI generates visual try-on images for your review and does not make automated decisions affecting your legal rights.

To exercise any of these rights, contact us at hi@leroylabs.io. You also have the right to lodge a complaint with your local data protection supervisory authority.

12. Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights. We will respond to verifiable requests within 45 days:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the purposes, and the third parties with whom we share it.
  • Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions (e.g., legal compliance, completing a transaction).
  • Right to Opt-Out of Sale: We do not sell your personal information. No opt-out action is necessary.
  • Right to Correct: Request correction of inaccurate personal information we maintain about you.
  • Right to Limit Use of Sensitive Information: Request that we limit the use and disclosure of sensitive personal information to what is necessary to provide the Service.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, quality of service, or access for exercising these rights.

To submit a request, email us at hi@leroylabs.io. We may need to verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

13. Children's Privacy (COPPA)

StyleIt is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. Our Terms of Service require users to be at least 13 years old. If you are under 18, you must have parental or guardian consent to use the Service.

If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly. If you believe we may have collected data from a child under 13, please contact us immediately at hi@leroylabs.io.

14. International Data Transfers

StyleIt is operated by Leroy Labs LLC in the United States. If you access the Service from outside the United States, your data may be transferred to, stored in, and processed in the United States or other countries where our service providers operate.

For users in the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission where applicable. Our third-party processors maintain their own compliance with international data transfer requirements.

15. Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

  • Essential Cookies: Required for authentication and session management. These are set by our authentication provider and are necessary for the Service to function. They cannot be disabled.
  • Analytics Cookies: We use analytics cookies to collect anonymized usage data to understand how users interact with our Service and to identify areas for improvement.
  • No Advertising Cookies: We do not use advertising or marketing cookies. We do not engage in behavioral advertising or cross-site tracking.

You can control cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from using the Service. The Chrome extension does not set or access cookies.

16. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify the relevant supervisory authorities within 72 hours of becoming aware of the breach, as required under GDPR (Art. 33), where the breach is likely to result in a risk to your rights and freedoms.
  • Notify affected users without undue delay via email and/or in-app notification, describing the nature of the breach, the data affected, and the measures we are taking in response.
  • Take immediate steps to contain, assess, and remediate the breach, including engaging security professionals where appropriate.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will update the “Last updated” date at the top of this page. For material changes, we will notify you via email or through an in-app notification before the changes take effect. Your continued use of the Service after such notification constitutes acceptance of the updated policy.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Leroy Labs LLC
Email: hi@leroylabs.io

For GDPR-related inquiries, you may also contact your local data protection authority. For CCPA-related inquiries, California residents may also submit requests through the methods described in Section 12 above.