Privacy Policy

Last Updated: January 1, 2025

1. Introduction

Welcome to UPDO ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered beauty and hair styling platform.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

  • Name and email address
  • Profile information and preferences
  • Photos you upload for virtual try-ons and AI analysis
  • Chat conversations with our AI stylist
  • Payment information (processed securely through Stripe)

2.2 Automatically Collected Information

When you use our service, we automatically collect:

  • Device information (browser type, operating system)
  • Usage data (pages visited, features used)
  • IP address and location data
  • Cookies and similar tracking technologies

2.3 AI-Generated Data

Our AI systems analyze your photos and preferences to provide personalized recommendations. This analysis is performed securely and the results are stored to improve your experience.

3. How We Use Your Information

We use your information to:

  • Provide and improve our AI styling services
  • Personalize your experience and recommendations
  • Process your transactions and manage your account
  • Communicate with you about updates and promotions
  • Analyze usage patterns and improve our platform
  • Detect and prevent fraud and abuse
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your data based on:

  • Consent: You have given explicit consent for specific purposes
  • Contract: Processing is necessary to fulfill our service agreement
  • Legitimate Interests: We have legitimate business interests that don't override your rights
  • Legal Obligation: We must comply with legal requirements

5. Data Sharing and Disclosure

We may share your information with:

5.1 Service Providers

  • Cloud hosting providers (AWS S3)
  • Payment processors (Stripe)
  • AI and machine learning services
  • Analytics providers

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.3 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests.

We do not sell your personal information to third parties.

6. Your Privacy Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we use your data
  • Portability: Receive your data in a structured format
  • Object: Object to certain processing activities
  • Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at [email protected] or use the settings page.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication
  • Secure data storage with AWS S3
  • Employee training on data protection

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Specifically:

  • Account data: Until you delete your account plus 30 days
  • Transaction records: 7 years (legal requirement)
  • Chat history: Until you delete or 2 years of inactivity
  • Photos: Until you delete or 1 year of inactivity
  • Analytics data: Aggregated and anonymized after 2 years

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for certain countries
  • Privacy Shield certification (where applicable)

10. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information, see our Cookie Policy.

12. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our platform. Your continued use after changes constitutes acceptance.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: [email protected]

Address: UPDO Inc., [Your Address]

Data Protection Officer: [email protected]

15. Supervisory Authority

If you are in the EEA and believe we have not addressed your concerns, you have the right to lodge a complaint with your local data protection authority.