Effective Date: December 5, 2025

App: Ori (iOS)

Website: https://ori.so

QUICK SUMMARY

• We do not sell your personal data.
• We do not track you across other companies' apps or websites for targeted advertising.
• Your photos and body data are used only to power styling, fit suggestions, optional try-on previews, basic analytics, and support.
• We do not use Face ID, TrueDepth camera, or any biometric facial recognition technology.
• You control what you share and can request deletion of your data.

WHAT WE COLLECT & WHY

Information you provide

Account & Profile (optional unless required for purchases): Name, email, language, style preferences, approximate size, height, and similar profile details. Used to create your profile, personalize recommendations, sync across devices, and restore purchases.

Photos of your face and body: Ori uses your photos to better understand your proportions and to generate more accurate outfit and style suggestions. Used only to provide styling and fit-related features, and—if available—AI try-on previews.

Preferences & feedback: Likes, dislike actions, saved outfits, style choices, and feedback you send us. Used to improve recommendations and the app experience.

Support messages: Emails, in-app support requests, screenshots, crash IDs. Used to answer your questions and resolve issues.

Information we collect automatically

Device & App Info: Device model, OS version, app version, language, region, basic system diagnostics. Used to keep the app secure, compatible, and functioning well.

Usage & Analytics: Aggregate usage events such as which screens are opened, which features are used, and general performance metrics. Used to improve Ori, not to build advertising profiles.

We do not collect your payment card details; purchases are processed by Apple.

FACE DATA & PHOTO PRIVACY

This section specifically addresses how Ori handles photos containing your face, in compliance with Apple's App Store Guidelines.

What face data does Ori collect?

Ori collects a single selfie photo that you voluntarily upload to use the virtual try-on feature. This photo typically includes your face and upper body. We do not use Apple's Face ID, TrueDepth camera, ARKit face tracking, or any biometric facial recognition systems. The photo is treated as a standard image file, not as biometric data.

How is face data used?

Your selfie photo is used exclusively for: • Virtual Try-On Feature: When you select clothing items to try on, your selfie is sent to Google's Gemini AI API to generate a visualization of you wearing the selected clothing. • Profile Display: Your selfie may be displayed within the app as your profile photo.

We do not: • Perform facial recognition or identity verification • Extract facial geometry, landmarks, or biometric identifiers • Use your face data for advertising or marketing purposes • Analyze facial expressions or emotions

Who has access to face data?

Your face data is shared only with: • Supabase (Storage Provider): Your selfie is securely stored in Supabase cloud storage (AWS-backed infrastructure) using encryption at rest and in transit. • Google Gemini AI (Processing Provider): When you initiate a virtual try-on, your selfie is sent to Google's Gemini AI API solely to generate the try-on image. Google processes this data according to their Gemini API Terms of Service and does not use API data to train their models.

No other third parties receive access to your photos. We do not sell or share photos for advertising.

Where is face data stored?

• Primary Storage: Supabase cloud storage (AWS infrastructure, US region) • Temporary Processing: Google Cloud (during Gemini AI processing only)

All data is encrypted in transit (TLS 1.2+) and at rest.

How long is face data retained?

• Your selfie is retained for as long as you have an active account and have not deleted it. • You can delete your selfie at any time from the Profile or Settings screen within the app. • When you delete your selfie, it is permanently removed from our storage within 24 hours. • If you delete your account, all associated photos are permanently deleted within 30 days. • Temporary processing data at Google Gemini is not retained after the API response is returned.

Your control over face data

You have full control over your face data: • Upload: You choose whether to upload a selfie. The app functions without it, but virtual try-on features require a photo. • View: You can view your stored selfie in the Profile and Settings screens. • Delete: You can delete your selfie at any time from within the app. • Account Deletion: Request full account deletion by contacting [email protected].

PHOTOS, BODY DATA & AI PROCESSING

Permissions: Ori will ask for access to your camera and photo library only so you can capture or select images.

Use of images: Your photos and any derived body/fit data are used solely to provide styling, body-shape insights, and try-on related features. They are not used to verify your identity.

On-device where possible: When technically possible, processing is performed on-device.

Cloud processing (if needed): For virtual try-on features, images are sent securely to Google's Gemini AI API to generate outfit visualizations. These images are processed in real-time and are not retained by Google after processing. On our servers, images are kept only as long as necessary to provide the feature and for a short grace period (for example, up to 48 hours) for retries and technical troubleshooting, after which they are deleted or anonymized.

Training & improvement: Your photos and body data are not used to train models or improve our systems unless you explicitly opt in to a clearly labeled "Help improve Ori" or similar setting. This setting is off by default and can be changed at any time. Google Gemini AI does not use API data to train their models.

Sensitive information: We treat photos of your face and body as sensitive. We use encryption in transit and limit internal access.

HOW WE USE YOUR DATA

We use the information we collect to: • Provide and improve our styling and try-on features. • Personalize outfit and style recommendations for you. • Operate optional premium features or subscriptions. • Provide support and communicate with you about the app. • Keep Ori secure, prevent fraud or abuse, and comply with legal obligations. • Run privacy-preserving analytics to understand feature usage in aggregate.

SHARING

We do not sell your data.

We may share your data only with:

Service Providers: Companies that help us with analytics, crash reporting, secure cloud processing, and storage. They can only use your data to perform services for us and must protect it. • Supabase: Database and file storage (including selfie photos) • Google Gemini AI: Virtual try-on image generation • RevenueCat: Subscription management

Apple: For processing in-app purchases and subscriptions.

Retailers & external sites (at your direction): When you tap through to a product on a retailer's website or app, their privacy policies apply to any data you provide there.

Legal & Safety: If required by law or legal process, or if necessary to protect users, our rights, or the service.

We do not allow third-party advertising networks to track you across other apps and sites from within Ori.

TRACKING & ADS

• Ori does not use third-party advertising SDKs for cross-app behavioral tracking. • If we ever introduce advertising that requires tracking, we will request your explicit consent (e.g., via Apple's App Tracking Transparency prompt) and update this policy.

DATA RETENTION

• Account & profile data: kept while your account is active. • Photos used for styling: stored only as needed to provide features; you can delete them at any time from the app. • Face data (selfies): retained until you delete them or delete your account. See "Face Data & Photo Privacy" section for details. • Analytics & logs: kept for a limited time (typically 12–24 months) before being aggregated or deleted. • Legal retention: in some cases we may keep certain records if required by law.

You can contact us to request deletion of your account and associated data. We will honor your request unless we must retain certain data for legal, security, or fraud-prevention reasons.

YOUR RIGHTS & CHOICES

Depending on your location, you may have rights to: • Access, correct, or delete your personal data. • Request a copy of your core data in a portable format. • Object to or restrict certain processing. • Withdraw consent where we rely on consent (for example, model training).

You can exercise many of these controls in the app settings. For additional requests, contact us by email.

CHILDREN

Ori is intended for users 13+ (or the age of digital consent in your region). We do not knowingly collect data from children under that age. If you believe a child has used Ori, contact us and we will delete the data where required.

INTERNATIONAL TRANSFERS

We may process data in countries other than your own. Where required, we use lawful transfer mechanisms and safeguards (such as Standard Contractual Clauses) to protect your data.

SECURITY

We use industry-standard security measures, including encryption in transit, access controls, and monitoring. No system is completely secure, but we work to protect your information and will notify you and regulators of significant incidents when required by law.

THIRD-PARTY LINKS

Ori may link to external websites or apps (for example, retailer sites). Their terms and privacy policies apply when you use them.

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective Date" and may notify you in-app or by email.

CONTACT

If you have questions or requests about privacy, you can contact us:

Email: [email protected] Support: https://comet-lawyer-09c.notion.site/Ori-App-Support-2b08f1c9cdc480b2b0d8d568b4099036