Legal

Privacy Policy

Effective: 23 March 2026

1. Introduction

DayDayDress ("we", "us", or "our") is a Hong Kong-based company that operates the DayDayDress mobile application (the "App") and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service.

We are committed to protecting your privacy in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong ("PDPO"), the European Union General Data Protection Regulation ("GDPR"), the United Kingdom General Data Protection Regulation ("UK GDPR"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), and other applicable data protection laws.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

2. Data Controller

The data controller responsible for your personal data is:

DayDayDress
Hong Kong SAR
Email: support@daydaydress.com

For any questions or concerns regarding your personal data, or to exercise your data protection rights, please contact us at the email address above.

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Account Data

When you create an account, we collect your email address and name. This is necessary to provide you with the Service and manage your account.

3.2 Photographs

We collect photos you upload to the Service, including:

  • Reference photos — photographs of yourself used for virtual try-on generation
  • Garment photos — photographs of clothing items added to your wardrobe

Photos are stored on our cloud infrastructure and used solely for the purposes described in this policy.

3.3 Wardrobe Data

We collect metadata about your clothing items, including category, colour, pattern, material, season, formality level, and tags. Some of this data may be automatically extracted using AI from your garment photos.

3.4 AI-Generated Images

When you use the virtual try-on feature, we store the AI-generated result images associated with your account.

3.5 Usage Data

We collect data about how you use the Service, including try-on counts, outfit combinations created, suggestion history, and feature usage statistics.

3.6 Payment Data

Subscription payments are processed through Apple App Store, Google Play Store, and our payment partner RevenueCat. We do not collect or store your credit card numbers, bank account details, or other financial payment instruments. We receive subscription status, billing period, and transaction identifiers from these payment platforms.

3.7 Device Data

We collect push notification tokens and device platform information (iOS or Android) to send you notifications you have opted into.

3.8 Technical Data

We may collect IP addresses, request timestamps, and other technical information in server logs for security, rate limiting, and service reliability purposes.

4. How We Use Your Data

We use your personal data for the following purposes:

  • Service delivery — to provide virtual try-on generation, wardrobe management, outfit suggestions, and AI-powered garment categorization
  • Account management — to create, maintain, and secure your account
  • Subscription management — to manage your subscription plan, usage quotas, and billing
  • Notifications — to send you push notifications about daily suggestions, try-on completions, and outfit tips (with your consent)
  • Service improvement — to analyse usage patterns and improve the Service
  • Security — to detect, prevent, and address technical issues, abuse, and fraud

5. AI Processing and Third-Party Providers

Our Service uses artificial intelligence to provide virtual try-on and garment categorization features. When you use these features, your data may be processed by the following third-party AI providers:

  • OpenRouter (routing to Google Gemini models) — for analysing garment photos and extracting metadata
  • Kie.ai — for generating virtual try-on images

When you initiate a virtual try-on or upload a garment for AI categorization, the relevant photographs are transmitted to these providers for processing. These transmissions are routed through Cloudflare AI Gateway for security and reliability.

Your photos are sent to AI providers only when you explicitly request a try-on or categorization, and are not retained by these providers after processing. AI providers process your data in accordance with their own privacy policies. We encourage you to review their policies.

6. Data Storage and Security

Your data is stored on Cloudflare infrastructure:

  • Cloudflare D1 (SQLite database) — for account data, wardrobe metadata, and usage records
  • Cloudflare R2 (object storage) — for photographs and AI-generated images

Your photos and personal data are encrypted at rest and are never shared with third parties for marketing, advertising, or any purpose other than providing the Service as described in this policy.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

We retain your personal data for as long as your account remains active. Upon account deletion, we delete all your personal data, including photos, wardrobe data, and AI-generated images.

We process your personal data on the following legal grounds, depending on your jurisdiction:

Hong Kong (PDPO)

  • Consent — you provide consent when creating your account and using the Service
  • Contractual necessity — processing is necessary to provide the Service you have requested
  • Legitimate interests — for security, fraud prevention, and service improvement

European Economic Area and United Kingdom (GDPR / UK GDPR)

  • Consent (Article 6(1)(a)) — for push notifications and optional features
  • Performance of a contract (Article 6(1)(b)) — to provide the Service under our Terms of Use
  • Legitimate interests (Article 6(1)(f)) — for security, analytics, and service improvement, where such interests are not overridden by your rights

California (CCPA/CPRA)

  • We process personal information for business purposes as defined under the CCPA/CPRA
  • We do not sell your personal information to third parties
  • We do not share your personal information for cross-context behavioural advertising

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Under the PDPO (Hong Kong)

  • Right of access — to request access to the personal data we hold about you (Data Protection Principle 6)
  • Right of correction — to request correction of inaccurate personal data

Under the GDPR (EU/UK)

  • Right of access — to obtain confirmation and a copy of your personal data
  • Right to rectification — to correct inaccurate or incomplete data
  • Right to erasure — to request deletion of your personal data
  • Right to restriction — to restrict processing in certain circumstances
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests
  • Rights related to automated decision-making — AI-generated try-on images are a service feature, not automated decisions with legal effects

Under the CCPA/CPRA (California)

  • Right to know — to know what personal information we collect, use, and disclose
  • Right to delete — to request deletion of your personal information
  • Right to opt-out of sale — we do not sell your personal information
  • Right to non-discrimination — we will not discriminate against you for exercising your rights

To exercise any of these rights, please contact us at support@daydaydress.com or use the Privacy & Data settings within the App. We will respond to verifiable requests within 30 days (or within the timeframe required by applicable law).

9. Data Deletion

You can delete your account and all associated data at any time through the Privacy & Data screen in the App, or by contacting us at support@daydaydress.com.

When you delete your account, we permanently remove all your personal data, including your account information, photos, wardrobe data, AI-generated images, and usage history. This action is irreversible.

10. International Data Transfers

Your personal data may be processed and stored on servers located outside your country of residence. Our infrastructure provider, Cloudflare, operates a global network of data centres. Data may be processed in any location where Cloudflare maintains infrastructure.

For transfers of personal data from the EEA or UK, we rely on Cloudflare's data processing agreements, which include Standard Contractual Clauses (SCCs) approved by the European Commission, and other appropriate safeguards as required by applicable law.

11. Children's Privacy

The Service is not directed at children under the age of 16 (or 13 in jurisdictions where that is the applicable age of digital consent). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that data promptly.

12. Cookies and Tracking Technologies

This website does not use cookies or tracking technologies.

The App uses Expo SecureStore to store your authentication token (JWT) locally on your device. This is a functional necessity for keeping you logged in and is not used for tracking. No analytics SDKs or advertising identifiers are used.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you through the App and, where we have your email address, via email. The "Effective" date at the top of this policy indicates when it was last revised.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

DayDayDress
Email: support@daydaydress.com
Jurisdiction: Hong Kong Special Administrative Region

If you are located in the EEA or UK and believe that our processing of your personal data infringes applicable data protection laws, you have the right to lodge a complaint with your local supervisory authority.

If you are located in Hong Kong, you may lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD).