Introduction
Our commitment to privacy and data protection is reflected in this Privacy Policy. It explains how DressApp (“we,” “us,” or “our”) handles information that identifies you or your business—such as contact details, store identifiers, try-on photos, and measurements—as well as other data we process to run our services.
DressApp provides AI-powered virtual try-on for Shopify: shoppers can build a digital body model and preview how products may look on them. By installing our app, using the merchant admin, or using try-on on a participating storefront, you agree to this policy. If you do not agree, please do not install the app or use try-on features.
Scope of this policy
This policy applies to our website, Shopify app, storefront widget, and related DressApp services. It covers how we collect, use, share, and protect information for:
- Merchants who install DressApp from the Shopify App Store (store owners and staff).
- Shoppers who use virtual try-on on a merchant’s Shopify storefront.
It does not cover third-party websites, themes, or apps outside DressApp. Shopify’s own practices are governed by Shopify’s Privacy Policy.
| Audience | Our role | What we process |
|---|---|---|
| Merchants | We process store and account data to deliver the app, billing, and support. | Shop domain, API tokens, catalog sync, subscription usage, merchant contact details. |
| Shoppers | We process data on behalf of the merchant to deliver try-on. Merchants are responsible for storefront notices and lawful bases for shopper data. | Photos, measurements, try-on outputs, session IDs, optional feedback. |
Service provider: DressApp · dressapp-preview.com
Information collection
We collect information directly from merchants and shoppers, automatically through use of our services, and from trusted partners—only as needed to operate virtual try-on within Shopify’s platform rules. We do not sell personal information.
Direct collection
From merchants (app install and admin): store domain and configuration; OAuth tokens to call Shopify on your behalf; product and catalog data (images, variants, sizes, metaobjects where used); contact email, plan status, usage metrics, widget settings; billing via Shopify billing APIs (we do not store full card numbers). We do not request scopes for staff passwords or full payment instruments.
From shoppers (storefront widget): session references (e.g. via Shopify app proxy); photos and measurements for digital models; try-on activity (products viewed, generated images, feedback); optional data in browser session storage for short-lived UI state. We do not intentionally collect shopper emails through granted Shopify API scopes.
Automatic collection
Our services may automatically collect:
- Device and browser information
- IP address, timestamps, and technical logs for security and operations
- Usage data such as try-on counts and feature interactions
Third-party and AI processing
We use subprocessors to host data and run try-on (e.g. cloud storage, Google Gemini and other AI providers). Photos and measurements are sent only to perform the service you request, under our agreements. We may receive limited information from Shopify and infrastructure partners as part of normal app operation.
Use of information
We use information to:
- Install, authenticate, and operate the app with your Shopify store
- Sync catalog data and deliver virtual try-on on product pages
- Create body models, generate try-on images, and save shopper preferences
- Enforce plan limits, metering, and abuse prevention
- Provide dashboards, usage reporting, and customer support
- Improve quality, safety, and reliability of our models
- Comply with law and enforce our terms
We do not use shopper photos or measurements for third-party advertising profiles.
Information sharing
We share information only when necessary:
- With your direction or consent where applicable
- Service providers (Shopify, cloud hosting, AI APIs) who assist delivery under confidentiality and data-processing terms
- Legal and safety when required by law, to protect rights, or during corporate transactions where permitted
| Recipient | Purpose |
|---|---|
| Shopify | Installation, billing, app proxy, platform APIs |
| Cloud infrastructure | Hosting, databases, file storage (e.g. AWS S3 when configured) |
| AI providers | Image generation and validation (e.g. Google Gemini, Replicate where enabled) |
| Authorities | Legal requests and safety |
We may share aggregated or de-identified statistics that do not identify individuals. Merchants generally do not receive shoppers’ original upload photos unless a feature explicitly enables that.
International transfers
DressApp may operate from Israel and use providers in the United States, European Union, and other regions. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.
Data protection
We use administrative, technical, and organizational measures appropriate to the risk— including HTTPS, access controls, and secured credentials. No method of transmission or storage is completely secure; protect your Shopify admin access and use strong passwords.
If we become aware of a data breach that affects your personal information, we will notify affected users and merchants as required by law so you can take protective steps.
Data retention
We retain information only as long as needed for the purposes above, unless law requires longer:
- Merchant and billing records: For the subscription term and a reasonable period after for accounting and disputes
- Shopper models and try-ons: Until deletion request, uninstall, or automated cleanup, subject to backups
- Upload photos: Removed from active storage after model creation where configured; restricted copies may remain for quality review if enabled
- Logs: Typically months unless needed for security incidents
Your rights
General rights
Depending on your location, you may have the right to access, correct, delete, restrict, object to, or port your data, and to withdraw consent where processing is consent-based. We may verify your identity before fulfilling requests.
- Merchants: Contact us using the email below. Uninstalling the app starts shop data handling described under Shopify requirements.
- Shoppers: Contact the merchant whose store you used first; we will assist them or respond where we are the controller.
Region-specific rights
EEA, UK, and Switzerland: Where GDPR applies, we rely on contract, legitimate interests, consent (e.g. for body photos on storefronts), and legal obligation. You may lodge a complaint with your supervisory authority.
California (CCPA/CPRA): We do not sell personal information. You may request access, deletion, and correction as applicable.
Israel: You may have rights to review and correct personal data under applicable law.
Shopify app requirements
As a Shopify App Store app, we implement mandatory compliance webhooks (customers/data_request, customers/redact, shop/redact) per Shopify’s privacy compliance guidance.
When you uninstall the app, we revoke tokens and delete shop configuration and linked shopper data, except where retention is required for law, security, or backups. The storefront may use Shopify’s logged_in_customer_id only to maintain a consistent try-on session—not to access customer records beyond granted scopes.
Children
Our services are not directed at children under 16 (or the age required in your jurisdiction). We do not knowingly collect children’s personal data. Contact us if you believe we have.
Cookies and tracking
- Merchant admin: Shopify and our embedded UI may use cookies for authentication and sessions.
- Storefront widget: Primarily API calls and optional session storage—we do not run third-party ad trackers in the widget. Other apps or themes may set their own cookies.
Changes to this policy
We may update this Privacy Policy from time to time. Changes will be posted here with an updated date. Material changes may be communicated via the app or email where appropriate. Continued use after changes constitutes acceptance where permitted by law.
Contact us
If you have questions about this Privacy Policy or need to exercise your rights, reach out to us—we’re happy to help merchants and shoppers.
Privacy & data requests
Subject line: Privacy — DressApp