CladlyGo – Privacy Policy

Welcome to CladlyGo, your AI Fashion Companion. This Privacy Policy explains how FUZIONATIC PRIVATE LIMITED ("we", "our", or "us") collects, uses, and protects your personal information when you use our mobile application. By using CladlyGo, you agree to the terms described in this policy.

1. Information We Collect

We collect account details (name and email via Google/Apple Sign-In), wardrobe images, text and voice chats, location data (approximate and precise, based on permission), and device/usage information.

2. How We Use Your Information

We use your data to provide AI wardrobe recommendations, weather-based outfit suggestions, personalize your experience, improve our models, and support app performance.

3. Legal Basis for Processing (GDPR)

We process your personal data based on:

1. Your consent when you create an account and accept our terms.
2. Contractual necessity to provide app services.
3. Legitimate interests in improving our AI models and app functionality.
4. Compliance with legal obligations.

You may withdraw consent at any time through app settings or by deleting your account.

4. Voice Data Handling

Voice inputs may be recorded and transcribed for processing. They are stored temporarily and deleted when your account is removed. Voice features are entirely optional.

5. Biometric Data Notice

Voice recordings and wardrobe images may constitute biometric data under certain laws. We collect this data only with your explicit consent. Biometric data is:

1. Stored using industry-standard encryption and secure cloud storage.
2. Retained only as long as needed to provide services or until account deletion.
3. Never sold, leased, or traded.
4. Protected by reasonable security measures including access controls and encryption.
5. Permanently destroyed within 30 days of account deletion.

By using voice or image features, you provide written consent for collection and processing of biometric identifiers.

6. Face Recognition Data Collection

We offer an optional face recognition feature that allows us to identify you in group photos and analyze only your outfits. This feature requires your explicit consent before any collection.

What We Collect: Facial embeddings — mathematical representations of your facial features derived from selfie photos. These are NOT the actual photos, but unique biometric identifiers. Original selfie images are not permanently stored.

Purpose: Identifying you in group photos, analyzing only your outfits, and improving personalized recommendations.

Storage & Security: Facial embeddings are encrypted with AES-256, stored on Google Cloud Platform with strict access controls, and never shared with or sold to third parties.

Deletion Rights: You can delete face data anytime via Settings → Privacy → Delete Face Data. All embeddings are permanently destroyed within 30 days of deletion request.

BIPA Compliance (Illinois): We provide written notice before collection, obtain written consent, disclose retention schedules, and prohibit profit from facial data. Illinois residents may bring a private right of action under BIPA for violations.

GDPR (EU/EEA): Facial data is Special Category data under GDPR Article 9. We obtain explicit consent before processing, and you may withdraw consent, request portability, or request erasure at any time.

CCPA/CPRA (California): You have the right to know, delete, and opt-out. Facial data is "Sensitive Personal Information" under CCPA. We do not sell it.

For questions or to exercise deletion rights: support@fuzionatic.ai

7. Wardrobe Image Handling

Images are stored permanently unless you delete them individually or delete your account, after which they are fully and permanently erased from Firebase Storage.

8. Location Data

We request both approximate and precise location permissions to provide weather-based outfit recommendations. Location is used only in real time and is not stored or shared with advertisers. You can deny location permission and still use the app; weather features will be disabled.

9. Information Sharing

We do not sell personal data. We may share limited data with cloud hosting, AI processing, weather APIs, and analytics providers solely for app functionality. All partners follow strict security standards and are prohibited from using your data for their own purposes.

10. OAuth Sign-In Data Collection

When you sign in with Google or Apple, we collect:

• Google Sign-In: Email address, full name, profile picture (optional), unique Google identifier.
• Apple Sign-In: Email address (or Apple private relay email), full name (if provided), unique Apple identifier.

We do NOT receive your password. You can revoke access at any time via Google Account Settings or your Apple ID settings.

11. Third-Party Service Providers

• Firebase (Google): Authentication, cloud storage, and push notifications. Firebase Privacy Policy
• OpenAI GPT-4: AI-powered outfit recommendations and chat. We send only text descriptions (not raw images). OpenAI Privacy Policy
• Google Gemini AI: AI-powered recommendations. Anonymized text only. Google AI Privacy
• Weather APIs: Location sent in real-time for outfit suggestions. Not stored by the provider.
• Google Cloud Platform: Cloud infrastructure and data storage.

12. Push Notifications

We use Firebase Cloud Messaging (FCM) to deliver push notifications. FCM collects device model, OS version, language, timezone, and IP address for delivery. You can disable notifications in your device settings at any time.

13. Data Retention

• Wardrobe Photos: Until user deletes them or account is deleted.
• Chat Messages: Until account deletion.
• Voice Recordings: Temporary (session-based), auto-deleted after session.
• Facial Embeddings: Until user deletes them or account is deleted (within 30 days).
• Email / Name: Until account deletion + 30-day audit period.
• Location Data: Real-time only — never stored.
• Crash / Performance Logs: 90 days, then auto-purged.

14. Data Security

We implement industry-standard security measures including:

1. End-to-end encryption for data transmission.
2. Encrypted storage for all images and personal information.
3. Secure authentication protocols.
4. Regular security audits and updates.
5. Access controls limiting employee access to personal data.
6. Secure cloud infrastructure with Firebase / Google Cloud Platform.

While we take reasonable precautions, no system is 100% secure.

15. Permissions We Request

• Camera: To photograph and upload wardrobe items.
• Photo Library: To select existing photos of clothing.
• Microphone: For voice chat with the AI Companion.
• Location (Approximate & Precise): For weather-based outfit suggestions.
• Notifications: For outfit reminders and app alerts.

16. AI Data Usage

Some data may be anonymized to improve AI performance. We never use identifiable personal information for external AI training.

17. Cookies and Tracking Technologies

We may use mobile device identifiers and Firebase Analytics to maintain session state, analyze app usage, and remember your preferences. We do not use cookies for advertising or cross-app tracking. You can manage permissions through your device settings.

18. International Data Transfers

Your data may be processed in other countries where our servers or service providers operate. We ensure secure safeguards (including Standard Contractual Clauses for GDPR compliance) are in place for all transfers.

19. Children's Privacy

CladlyGo is not intended for users under the age of 13. We do not knowingly collect personal information from children. If we discover such data has been collected, it will be deleted immediately.

20. Your Rights

You may access, update, or delete your data at any time. Account deletion permanently removes all information.

21. Your Privacy Rights (GDPR & CCPA)

Under GDPR and CCPA, you have the right to:

1. Access: Request a copy of your personal data.
2. Rectification: Correct inaccurate data.
3. Erasure: Request deletion of your data.
4. Data Portability: Receive your data in a structured, machine-readable format.
5. Restrict Processing: Limit how we use your data.
6. Object: Object to certain processing activities.
7. Withdraw Consent: At any time, without affecting prior processing.
8. Non-Discrimination: We will not discriminate against you for exercising your rights.

California residents: We do not sell your personal information.

22. California Privacy Rights (CCPA / CPRA)

Categories of personal information collected in the past 12 months:

• Identifiers (name, email)
• Biometric data (voice, facial embeddings)
• Location data
• Device and usage information
• User-generated content (wardrobe images, chat messages)

We do not sell personal information to any third party. Response timeline for CCPA requests: 45 days.

23. Data Breach Notification

In the event of a data breach, we will:

1. Notify affected users without unreasonable delay.
2. Report to relevant authorities within 72 hours if required by GDPR.
3. Notify the California Attorney General if 500+ California residents are affected.
4. Describe the nature of the breach, types of data affected, and remediation steps.

24. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify you via in-app notification or email. The updated effective date will be reflected at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

25. Contact Us & Data Protection Officer