MyStyler

Legal

Privacy Policy

Last updated: 25 April 2026

MyStyler is an iOS app built by Workflows AS (Norway) that helps you visualise outfit and style ideas using an AI model. This page explains what information the app handles, why, and the choices you have.

Short version: we only collect what we need to run the app — your Apple sign-in identifier, the reference photos you upload to generate looks, and your purchase history for billing. We do not sell your data, we do not train AI models on it, and you can delete your account at any time.

1. Face data and biometric information

What face data we collect. The portrait and full-body photos you upload during onboarding contain images of your face. We treat these as “face data” in the sense used by App Store Review Guideline 5.1.2 even though we do not perform any biometric matching ourselves.

What we do with it. Your photos are forwarded to OpenAI's Images Edit API for the sole purpose of generating photorealistic outfit suggestions that preserve your likeness. The AI model uses the photos as visual references; it does not extract a face print, identify you against any database, or perform any other biometric analysis. We do not use Apple's Vision framework, Face ID, TrueDepth API, or any on-device face-recognition feature.

What we do NOT do. We do not perform facial recognition, identification, biometric authentication, emotion analysis, or person-matching. We never sell, share, license, or transfer your photos to any party other than the single processor named below. We never use your photos to train AI models — neither ours nor OpenAI's (under the enterprise data-usage agreement that governs our API traffic).

Where it goes. Photos are stored locally on your device only. When you tap Generate, the relevant photo bytes are forwarded once, in-memory, through our Supabase edge function to OpenAI in the United States. They are not written to our database. OpenAI receives the bytes for the duration of a single API call.

How long it's kept.

  • On your device: for as long as you keep the app installed. Replacing or deleting the photos in the Profile screen, or deleting your account, removes them.
  • On our servers: never persisted. Photo bytes pass through edge function memory and are discarded the moment the OpenAI call returns.
  • At OpenAI: retained for up to 30 days for abuse monitoring under OpenAI's enterprise data usage agreement, then deleted automatically. Not used to train models.

You can revoke this processing at any time by deleting your reference photos in the Profile screen, or by deleting your account, which removes all server-side state within 30 days.

2. Who is responsible

The data controller is Workflows AS, registered in Norway. If you have privacy questions or want to exercise any of the rights described below, email petter@workflows.no.

3. What data we collect

a) Account information

When you sign in with Apple we receive a stable Apple user identifier and, if you choose to share it, your email address. If you select “Hide My Email” we receive a private relay address from Apple; we never see your real email.

b) Reference photos

The portrait and full-body photos you add in onboarding (and any wardrobe items you photograph) are stored locally on your device. When you tap Generate, the relevant reference photos and your text prompt are sent to our backend and, from there, to the OpenAI image-edit API so the model can produce looks that resemble you.

We do not retain these reference photos on our servers. They are passed through to the model in memory, then discarded. OpenAI processes them under its enterprise data usage policy, which means they are not used to train OpenAI's models.

c) Generated images

The AI-generated photos are stored on your device in your personal library. They are not uploaded to our backend.

d) Usage + billing data

For each generation we record: the timestamp, which mode was used (standard or wardrobe), how many tokens the AI model consumed, and the computed cost. This lets us meter your credit balance and debug problems. We also record every credit-balance change (purchase, refund, renewal, usage) in an immutable audit log.

e) In-app purchases

When you subscribe or buy a credit top-up, Apple sends us a signed transaction receipt that contains the product ID, purchase date, and Apple transaction identifiers. We use this to grant credits and to sync subscription status (renewal, cancellation, refund). Payment card details never touch our servers — Apple handles all payment processing.

4. Third-party services we rely on

  • Apple — Sign in with Apple, App Store payment processing, App Store Server Notifications.
  • OpenAI — image-edit API that generates your style variations. Requests go through our backend with enterprise-tier data-usage settings so your images are not used to train models.
  • Supabase — authenticated backend storage for your account, credit ledger, and subscription state. Hosted in the EU (eu-west-2 region) under its SOC-2 and GDPR processor agreements.

5. Why we process this data (legal bases)

  • Contract — we need to process your photos, prompts and purchase data to deliver the service you asked for.
  • Legitimate interest — usage metering, fraud-prevention, product improvement on aggregate (never using your photos).
  • Legal obligation — retention of billing records required by Norwegian tax law.

6. How long we keep it

  • Reference photos sent with a generation request: not stored after the API call completes.
  • Account profile, credit balance, subscription state: kept while your account exists; deleted within 30 days of account deletion.
  • Purchase + billing records: retained for 5 years as required by Norwegian accounting law, then deleted.
  • Server logs (anonymised request metadata, errors): rotated out after 90 days.

7. Your rights

Under the EU / EEA General Data Protection Regulation (GDPR) you can:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate or out-of-date data.
  • Delete your account and associated data. You can do this from inside the app under Profile → Delete account, or by emailing petter@workflows.no. Billing records we are legally required to retain will be anonymised.
  • Export your data in a portable format — email us and we'll send a JSON file.
  • Withdraw consent and object to further processing at any time.

You also have the right to complain to the Norwegian Data Protection Authority (Datatilsynet) if you believe we have mishandled your data.

8. Children

MyStyler is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from anyone below that age. If you believe a child has signed in, email us and we will delete the account.

9. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Our backend uses role-level database policies so one user cannot access another user's rows. Apple's signed-transaction receipts are verified against Apple's root certificate before any credit is granted.

10. Changes to this policy

We may update this policy as the product evolves. Material changes will be announced in the app and the “last updated” date at the top of this page will change. Your continued use of MyStyler after the update means you accept the revised policy.

11. Contact

Questions, requests, or complaints: petter@workflows.no.

← Back to MyStyler