Privacy Policy

1. General Information & Controller

This Privacy Policy clarifies the nature, scope, and purpose of the processing of personal data within our website and service "TryYourWig".

2. Hosting & Content Delivery Network (CDN)

• Data Processed: IP addresses, technical access logs (browser type, timestamp).
• Purpose: To ensure the operational security and speed of our online offer.
• Legal Basis: Art. 6(1)(f) GDPR (Legitimate Interest).

3. The Virtual Try-On Service (Core Functionality)

• Data Processed: User-uploaded selfie (facial image) and the selected wig image.
• AI Provider: We utilize Google Gemini (via API) to perform the image synthesis. Google acts as our sub-processor.
• Biometric Data: Our system analyzes facial geometry to map the wig correctly. We do not create or store a unique biometric template for the purpose of identifying you. The analysis is strictly for image synthesis.
• Zero Retention Policy: We operate on a "Process & Delete" basis. The selfie is sent to the API for generation, the result is delivered to the user's browser, and once the session ends or the browser window is closed, the original selfie and the generated image are permanently deleted from our servers. We do not retain user photos to train our models.

4. Purchase & Subscription (B2B)

• Data: Name, Business Name, Billing Address, Email, Payment Identifier.
• Purpose: Contract performance, billing, and customer management.
• Legal Basis: Art. 6(1)(b) GDPR (Performance of a Contract).
• Retention: Invoices and tax-relevant data are stored for 10 years acc. to German Tax Law (§ 147 AO).

5. Payments

We do not store credit card numbers. We use external payment processors:

• Stripe Inc. (San Francisco, USA)
• PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg)

Legal Basis: Art. 6(1)(b) GDPR.

6. International Data Transfers

Some of our service providers (e.g., Google, Stripe) are located in the USA. We ensure your data is protected because these providers participate in the EU-U.S. Data Privacy Framework (DPF) or we have concluded Standard Contractual Clauses (SCCs) with them.

7. Cookies & Local Storage

• Strictly Necessary Cookies: Required for the login area and shopping cart (e.g., Stripe session).
• Analytics: If we use tools like Google Analytics, we will ask for your consent via a Cookie Banner before loading them.

8. Your Rights (Data Subject Rights)

As a user, you have the following rights under the GDPR:

• Art. 15: Right of access to your stored data.
• Art. 17: Right to deletion ("Right to be Forgotten").
• Art. 18: Right to restriction of processing.
• Art. 77: Right to lodge a complaint with a supervisory authority (e.g., Bayerisches Landesamt für Datenschutzaufsicht).