RYSA

Privacy Policy

Last updated: July 25, 2025

At RYSA, we're committed to protecting your privacy and ensuring transparency about how we handle your data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

Data Controller

RYSA is the data controller for the personal information we collect and process. For questions about this policy or your data rights, please contact us using the information provided in the "Contact Us" section below.

Information We Collect

Personal Information

  • • Email address (for account creation and authentication)
  • • Profile information (name, preferences)
  • • Images you upload for washing analysis and outfit recommendations
  • • Text descriptions and questions you submit
  • • Purchase information (product selected, checkout session ID, transaction status)

Important: We do not receive or store full credit card numbers; these are handled directly by Stripe for your security.

Usage Information

  • • How you interact with our AI features
  • • Pages visited and time spent on our service
  • • Device information (browser type, operating system)
  • • IP address and general location information
  • • Credit usage and purchase history

Legal Bases for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract: To provide our AI-powered washing and outfit services
  • Consent: For marketing communications and analytics (where you've opted in)
  • Legitimate Interest: For fraud prevention, security, and service improvement

How We Use Your Information

  • • Provide AI-powered washing guidance and outfit recommendations
  • • Process payments and manage your credit balance
  • • Improve our AI models and service quality
  • • Communicate with you about your account and our services
  • • Analyze usage patterns to enhance user experience
  • • Ensure security and prevent fraud

AI-Generated Content and Automated Decision Making

Our AI suggestions are generated automatically using machine learning models and may contain inaccuracies. They are provided for informational purposes only and should not be considered professional advice. Please verify information before acting on it, especially for delicate fabrics or valuable garments.

We process both text descriptions and uploaded images through AI systems to generate personalized recommendations.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze our service usage. You can control your cookie preferences through our cookie consent banner.

Necessary Cookies

Essential for website functionality, authentication, and security. These cannot be disabled.

  • sb-*-auth-token: Keeps you logged in and manages your session
  • • Cookie consent preferences
  • • Security and anti-fraud tokens

Analytics Cookies

Help us understand usage patterns through Google Analytics 4. Data is anonymized and only fires after you consent via our banner.

  • • Google Analytics cookies (_ga, _ga_*, etc.)
  • • Page views, user interactions, and performance metrics
  • Opt out of Google Analytics

Preference Cookies

Remember your settings and preferences for a personalized experience.

Data Sharing and Third Parties

We work with trusted third-party services to provide our AI-powered features and secure platform:

  • Stripe: Payment processing and fraud prevention. Handles all credit card transactions securely without us storing card details.
  • Google: Identity provider for OAuth sign-in and analytics services (with your consent).
  • OpenAI: Processes your text descriptions and uploaded images to generate AI-powered washing and outfit recommendations.
  • Supabase: Secure authentication, database storage, and file management for your account and uploaded images.
  • Hosting Infrastructure: Cloud hosting providers (such as Vercel, Fly.io, or similar) that run our application securely.

We do not sell your personal information to third parties. Data is only shared as necessary to provide our services and with your explicit consent where required by law.

Data Retention

We retain your data for different periods based on the type of information and legal requirements:

  • Account Data: Until you delete your account, or after 24 months of inactivity
  • Payment Records: 7 years for tax and accounting compliance
  • Server Logs: 30 days for security and debugging purposes
  • Analytics Data: 26 months (Google Analytics standard retention)

Data Security

We implement industry-standard security measures to protect your information, including encryption in transit and at rest, secure authentication, and regular security audits. However, no method of transmission over the internet is 100% secure.

Your Rights and Choices

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct your information
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in a machine-readable format
  • Object: Object to processing based on legitimate interests
  • Restrict Processing: Limit how we process your data in certain circumstances
  • Cookie Control: Manage your cookie preferences at any time

To exercise these rights, please contact us using the information in the "Contact Us" section below.

International Data Transfers

Your information may be processed in countries other than your own, particularly the United States where our service providers (Stripe, OpenAI, Google) operate. We ensure appropriate safeguards are in place to protect your data in accordance with applicable privacy laws, including GDPR and CCPA, using Standard Contractual Clauses (SCCs) and other approved transfer mechanisms.

Children's Privacy

Our service is not intended for children under 13 years of age (or under 16 in some regions). We do not knowingly collect personal information from children under these ages. If you believe we have collected information from a child under the applicable age, please contact us immediately so we can delete such information.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email. Your continued use of our service after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy, want to exercise your data rights, or have concerns about our data practices, please contact us at:

Email: privacy@rysa.app

We aim to respond to all privacy inquiries within 30 days.