TRAYVE PRIVACY POLICY

1. INTRODUCTION

Welcome to Trayve. We're building an AI-powered fashion photography platform, and we want to be upfront about how we handle your information.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and how you can control your data. We've tried to write this in plain English, but there are some legal requirements that require formal language - we'll keep those parts as clear as possible.

Who we are:

• Company: Trayve
• Location: Pune, Maharashtra, India (we're an individual business)
• Contact: contact@trayve.app
• Website: https://trayve.app

Who this applies to:

Everyone who uses Trayve - whether you're:

• An individual designer trying out our free plan
• A small fashion brand creating product photos
• A large enterprise with an Enterprise subscription
• Just browsing our website

The basics:

By using Trayve, you're agreeing to this Privacy Policy. If you don't agree with how we handle information, please don't use the Platform. We know that's pretty standard legal language, but we mean it - your privacy matters to us, and we want you to use Trayve only if you're comfortable with our approach.

2. INFORMATION WE COLLECT

We collect various types of information from and about users of our Platform. This information enables us to provide, improve, and protect our Service.

2.1 Information You Provide Directly

A. Account Registration Information

When you create a Trayve account, here's what we collect:

Required Information:

• Username: Your chosen username for the Platform
• Email address: For account access, password resets, and important notifications
• Password: Encrypted and securely stored for login

Optional Information:

• Phone number: You can add this for account recovery (completely optional)
• Business information: If you're using Trayve for your fashion business, you can add your company name

Subscription Information (when you upgrade):

• Billing details: When you choose a paid plan (Creator, Professional, or Enterprise)
• Payment information: Handled securely by DodoPayments (we never see your credit card details)

B. Subscription and Billing Information

When you subscribe to a paid plan, we collect:

• Subscription tier: Free, Creator, Professional, or Enterprise plan selection
• Billing preferences: Monthly or annual subscription preference
• Payment information: Credit card details, billing address (processed through DodoPayments)
• Tax information: VAT/GST number if applicable for your jurisdiction

Note: We do not directly store credit card details. Payment processing is handled by DodoPayments (https://dodopayments.com/) in accordance with their privacy policy and PCI DSS standards.

C. Content You Upload and Create

• Clothing Images: Photos of clothing items you upload for virtual try-on, PostReady, or ShopReady processing
• Outfit Combinations: Complete outfit images created using Outfit Builder
• Model and Pose Selections: Your choices from our model library (22+ models) and pose library (120+ poses across all models, averaging 6 poses per model)
• Generated Content: AI-generated fashion images (Licensed Photos) created through the Platform
• Metadata: Image dimensions, file formats, upload timestamps, processing parameters

D. Communications and Support

• Support requests: Questions, issues, and feedback submitted through our contact page or support system
• Email correspondence: All communications sent to contact@trayve.app
• Chat transcripts: If we implement live chat support
• Survey responses: Feedback you provide through surveys and questionnaires
• Testimonials and reviews: If you choose to provide them

E. User-Generated Content

• Social media integration: Content shared to social media platforms through the Platform (with your permission)
• Collaborative content: If you collaborate with other users or share content
• Public profiles: Any information you choose to make public in your profile

2.2 Information Collected Automatically

A. Device and Browser Information

We automatically collect technical information about your device and browser:

• IP address: Your Internet Protocol address
• Device identifiers: Unique device identifiers (UUID, Android Advertising ID, iOS Advertising Identifier)
• Browser type and version: Chrome, Safari, Firefox, Edge, etc.
• Operating system: Windows, macOS, iOS, Android, Linux
• Device type: Desktop, mobile, tablet
• Screen resolution: Display dimensions and pixel density
• Language preferences: Browser language settings

B. Usage Data and Analytics

Through our analytics tools, we collect:

• Pages visited: Which pages and features you access on the Platform
• Features used: Outfit Builder, Virtual Try-On, PostReady, ShopReady interactions
• Time spent: Duration of sessions and time spent on specific features
• Clicks and interactions: Buttons clicked, forms submitted, navigation patterns
• Search queries: What you search for within the Platform
• Model and pose selections: Which models and poses you use most frequently
• Generation history: Number and types of images generated
• Error logs: Technical errors or issues encountered
• Performance metrics: Load times, processing times, system performance

C. Cookies and Similar Technologies

We use cookies and similar tracking technologies to enhance user experience:

Essential Cookies:

• Authentication cookies (session management)
• Security cookies (fraud prevention)
• Load balancing cookies (server optimization)

Analytics Cookies:

• Usage tracking (feature adoption, user behavior)
• Performance monitoring (speed, errors, crashes)
• A/B testing (feature comparison, optimization)

Preference Cookies:

• Language preferences
• UI customization
• Feature toggles

Third-Party Cookies:

• Google Analytics (if used)
• Advertising cookies (for remarketing, if applicable)

Cookie Control: You can control cookies through your browser settings. However, disabling certain cookies may affect Platform functionality. See Section 8 for detailed cookie management information.

D. Location Data

We collect location information to:

• Localize content and interface
• Comply with local laws and regulations
• Understand user demographics
• Determine applicable tax liability
• Improve advertising efficiency

Location data sources:

• IP address geolocation (approximate location)
• Information you provide (billing address, business location)
• Browser language and timezone settings

2.3 Information from Third-Party Sources

A. Third-Party Authentication

If you authenticate using third-party services (Google, Facebook, etc.):

• User ID: Associated with your third-party account
• Profile information: Name, email, profile picture
• Public profile data: Information you've made public on the third-party platform
• Friend lists or connections: If you grant permission

B. Payment Processor Information

From DodoPayments, we receive:

• Transaction status: Success, failure, pending
• Payment method type: Credit card brand (Visa, Mastercard, etc.)
• Transaction IDs: For reconciliation and support
• Billing errors: Payment failures or issues
• Fraud indicators: Security and fraud prevention data

C. Business Intelligence and Data Enrichment

We may obtain additional business information from third-party data providers:

• Company information: Company size, industry, revenue
• Job titles and roles: To understand user types
• Professional information: LinkedIn public profile data
• Business contact information: For B2B marketing (with appropriate consent)

D. Social Media Platforms

When you interact with our social media presence:

• Public posts and comments: Your interactions on our social media pages
• Shared content: Content you share or tag us in
• Engagement metrics: Likes, shares, comments on our posts

E. Advertising and Analytics Partners

From our advertising and analytics partners, we may receive:

• Conversion tracking: Whether our ads led to Platform signups
• Attribution data: Which marketing channels brought you to us
• Audience insights: Aggregated data about user demographics and interests
• Remarketing data: To show relevant ads to previous visitors

2.4 Information We Do NOT Collect

To protect your privacy, we do NOT intentionally collect:

• Sensitive personal data: Protected health information (PHI), genetic data, biometric identifiers
• Financial account details: We do not store credit card numbers, CVV codes, or bank account information
• Government identification numbers: Social security numbers, passport numbers, national IDs
• Children's personal information: Information from users under 13 without parental consent
• Audio or video recordings: We do not record calls or video without explicit consent
• Precise geolocation: We do not track your exact GPS coordinates

3. HOW WE USE YOUR INFORMATION

Here's what we do with the information we collect. We're being specific about Trayve's actual operations, not just listing every possible thing a company might do.

3.1 Running the Platform

Creating Your Images:

• Process your clothing photos through Google Vertex AI
• Generate images of models wearing your clothes
• Provide access to our library of 22+ AI models and 120+ poses (averaging 6 poses per model)
• Let you use Outfit Builder, Virtual Try-On, PostReady, and ShopReady
• Store your generated images in your account (they're yours to keep)

Managing Your Account:

• Let you log in securely
• Remember your session so you don't have to log in constantly
• Track your credit usage across our four subscription tiers
• Process payments through DodoPayments when you upgrade

Customer Support:

• Answer your questions and help troubleshoot issues
• Fix bugs and improve the Platform based on feedback
• Send you important emails (password resets, billing confirmations, service updates)

3.2 Service Improvement and Development

A. Analytics and Platform Improvement

We use anonymized and aggregated data to improve our Platform functionality and user experience. This includes:

Analytics Data (NOT containing your images):

• Monitor aggregate metrics (total users, generations, features used)
• Analyze traffic and demographic patterns
• Identify popular features and usage trends
• Measure system performance and error rates
• Track feature adoption and user journeys
• Optimize processing speeds and system performance

What We Analyze:

• Which features are used most frequently
• User interface interaction patterns
• Technical performance metrics (load times, error rates)
• Credit usage patterns across subscription tiers
• Aggregated statistics about models and poses selected

B. Product Development

• Monitor aggregate metrics (total users, generations, features used)
• Analyze traffic and demographic patterns
• Identify popular features and usage trends
• Prioritize development of new features
• Test and optimize new AI models before release
• Conduct A/B testing to improve user experience
• Measure effectiveness of Platform updates

C. Personalization and Recommendations

• Recommend models and poses likely to suit your clothing style
• Suggest features relevant to your business needs
• Customize the Platform interface based on your preferences
• Predict the most relevant subscription offerings
• Tailor communications and product recommendations

3.3 Communicating With You

Essential Emails (you can't opt out of these):

• "Your password was reset"
• "Your subscription payment went through"
• "We're doing maintenance tomorrow"
• "Important changes to our Terms or Privacy Policy"

Marketing Emails (you can opt out):

• New features we've launched
• Tips for getting better results with Trayve
• Special promotions or discounts
• Fashion industry insights we think you'd find useful

How to opt out: Click "Unsubscribe" at the bottom of any marketing email, or update your preferences in Account settings. Easy.

3.4 Security and Legal Stuff

Keeping Things Secure:

• Detecting and blocking fraudulent accounts
• Preventing abuse (like people trying to generate inappropriate content)
• Monitoring for suspicious activity
• Protecting against bots and spam

Legal Requirements:

• Complying with privacy laws (GDPR, CCPA, India's DPDP Act)
• Responding to valid legal requests (court orders, subpoenas)
• Enforcing our Terms and Conditions
• Protecting our rights and your safety

4. WHO WE SHARE YOUR INFORMATION WITH

We don't sell your data. Period. But we do work with other companies to run Trayve, and here's who gets access to what:

4.1 Our Service Partners

Google Vertex AI (the AI engine)

• What they get: Your clothing images and the technical parameters for processing
• Why: This is how we generate your fashion images - Vertex AI does the heavy AI lifting
• Their privacy policy: https://cloud.google.com/vertex-ai/docs/general/privacy
• Location: Google Cloud data centers globally

Supabase (our database and storage)

• What they get: Everything - your account info, uploaded images, generated photos
• Why: They store and deliver your data and images
• Their privacy policy: https://supabase.com/privacy
• Location: Multiple regions worldwide

Vercel (website hosting)

• What they get: Technical data like IP addresses, browser info, page visits
• Why: They host our website and make it fast for you
• Their privacy policy: https://vercel.com/legal/privacy-policy
• Location: Global edge network

DodoPayments (payment processing)

• What they get: Your billing info, subscription details
• What they DON'T get from us: Your credit card details (you enter those directly with them)
• Why: They handle all payment processing so we don't have to store payment data
• Their security: PCI DSS compliant
• Their privacy policy: https://dodopayments.com/privacy
• Location: Secure payment infrastructure

PostHog (analytics - if we're using it)

• What they get: Usage data like which features you click, how you navigate
• What they DON'T get: Your actual images
• Why: Helps us understand what features people use so we can improve
• Their privacy policy: https://posthog.com/privacy

4.2 When the Law Requires It

We'll share information if legally required:

• Court orders or subpoenas
• Valid government requests
• Investigating fraud or crime
• Protecting someone's safety

We'll push back on overly broad requests and notify you when legally allowed.

4.3 If Trayve Gets Acquired

If someone buys Trayve or we merge with another company, your information would transfer to them. We'd let you know via email beforehand.

5. CRITICAL POLICY: AI TRAINING AND DATA USAGE

5.1 We DO NOT Use Customer Data for AI Training

What This Means:

1. Your Uploaded Images: Clothing images you upload are used ONLY to provide the service to you and are NOT used to train our AI models
2. Your Generated Photos: Licensed Photos we create for you are NOT analyzed or used for AI model training
3. Your Interactions: While we track which features you use for analytics purposes, your actual image content is never used for AI training
4. Strict Separation: We maintain clear boundaries between user content and AI development processes
5. Your Content Stays Private: Your images remain your private data and are not incorporated into our AI systems

5.2 What We DO Use (Non-Image Analytics Only)

We use anonymized, aggregated analytics data that does NOT contain your images:

Usage Analytics:

• Which features are used (Virtual Try-On, PostReady, ShopReady, Outfit Builder)
• How many generations are created
• Which subscription tiers users choose
• Error rates and system performance
• Feature adoption and user journey patterns

Technical Metrics:

• Processing times and system load
• API response times
• Error logs and crash reports (without image data)
• Network performance

Safety and Moderation:

• Detecting prohibited content types (pornography, violence, copyright violations)
• Improving content filtering algorithms (without storing the actual images)
• Enhancing security and fraud detection
• Identifying and blocking malicious usage patterns

5.3 Marketing Use of Generated Images

We may use generated Licensed Photos for marketing purposes, including:

• Displaying example results on our website (with anonymization)
• Using in marketing materials and presentations
• Showcasing Platform capabilities
• Publishing case studies (with explicit customer approval and attribution)
• Sharing on social media to demonstrate quality

When using your content for marketing, we:

• Remove or anonymize identifying information when possible
• Obtain explicit consent for attribution or company identification
• Allow you to opt-out at any time by contacting contact@trayve.app
• Never use images that contain sensitive or inappropriate content

This is NOT AI training - this is standard marketing use of example outputs, similar to showing portfolio pieces.

5.4 Your Rights Regarding Your Content

Control Over Your Content:

• You can delete your uploaded images at any time
• You can delete your generated Licensed Photos at any time
• You can request deletion of your entire account
• You can opt-out of marketing use of your images

What Happens When You Delete:

• Your images are removed from active storage within 30 days
• Images are purged from backup archives within 90 days
• Your content is NOT retained in AI training datasets (because it was never added to them)
• Marketing uses of anonymized content may persist until manually removed

5.5 Comparison to Industry Practices

Why This Matters:

Many AI platforms bury in their terms that they use customer content for training. Common phrases to watch for:

• "Improve our services and models"
• "Enhance our AI capabilities"
• "Train our algorithms"
• "Machine learning development"

Trayve's Approach:

We use third-party AI services (Google Vertex AI) that have their own, separate training data. Your content is processed through these services but is not retained by them for training purposes, per our data processing agreements.

Transparency:

We believe in being upfront about data usage. Your creative work and product photos should remain yours, not become part of our AI training data.

5.6 Third-Party AI Services

Google Vertex AI:

Our primary AI processing is done through Google Vertex AI. According to Google's data processing terms:

• Customer data is not used to train or improve Google's models
• Data is processed only for the purpose of providing the service
• Data is not retained after processing (except in your account storage)
• Google maintains strict data separation

Our Proprietary Pipeline:

Our own processing enhancements and optimizations also do not use your image data for training. We improve our pipeline through:

• A/B testing of different processing parameters
• Analyzing aggregate performance metrics (not individual images)
• User feedback and feature requests
• General AI research and development (not using customer data)

6. HOW LONG WE KEEP YOUR DATA

Here's our retention approach in plain English:

6.1 While You're Using Trayve

Your Account & Images:

• We keep everything as long as your account is active
• Your uploaded images and generated photos stay until you delete them
• Remember: Your credits never expire, so we keep your account data even if you're not actively using it

Analytics & Logs:

• Usage statistics: About 18-24 months
• Error logs: Long enough to fix bugs and improve things
• System performance data: As needed for optimization

Financial Records:

• Transaction history: 7 years (required by law for accounting/tax)
• Billing information: As long as needed for your subscription

6.2 When You Delete Your Account

Here's what happens:

Within 30 Days:

• Your personal info (username, email, password) is deleted
• Your uploaded images are deleted
• Your generated Licensed Photos are deleted
• Your account settings and preferences are wiped

Within 90 Days:

• Data in backup archives is purged

What Sticks Around:

• Transaction records (legal requirement - we can't delete these for 7 years)
• Anonymized analytics that don't contain your images or personal info
• Data we're required to keep for ongoing legal matters

The Good News: Since we DON'T use your images for AI training, once your data is deleted, it's actually gone. It's not stuck in some AI model somewhere.

6.3 How to Delete Your Data

Delete Specific Images:

Just click delete in your account - simple.

Delete Your Entire Account:

1. Go to Settings → Account → Delete Account, or
2. Email us at contact@trayve.app

We'll confirm your identity (to make sure it's really you), then start the deletion process.

7. DATA SECURITY AND PROTECTION

7.1 Security Measures

We take security seriously and implement multiple layers of protection for your information:

Encryption:

• In transit: All data transmitted to and from our Platform uses SSL/TLS encryption (that's the "https" you see in your browser)
• At rest: Your images and data are encrypted when stored in our databases
• Passwords: We use industry-standard hashing (your actual password is never stored in plain text)

Access Controls:

• Only team members who need access to operate the Platform can access user data
• All access is logged and monitored
• We use multi-factor authentication for administrative access

Infrastructure Security:

We rely on trusted, secure infrastructure providers:

• Google Cloud Platform: Powers our Vertex AI image generation with enterprise-grade security
• Supabase: Provides secure database and storage with built-in protections
• Vercel: Hosts our Platform with DDoS protection and edge security

Application Security:

• Regular security reviews of our code
• Protection against common attacks (SQL injection, XSS, CSRF)
• Rate limiting to prevent abuse
• Content filtering for prohibited material

AI-Specific Security:

• Secure API connections to Google Vertex AI
• Input validation to prevent prompt injection attacks
• Output filtering for safety and content moderation

7.2 Data Breach Response

In the event of a data breach affecting your personal information:

Notification:

• We will notify you within 72 hours of becoming aware of the breach (as required by GDPR)
• Notification will be sent via email to your registered address
• Public notice will be posted on the Platform if a large-scale breach occurs

Information Provided:

• Nature of the breach (what data was affected)
• When the breach occurred and was discovered
• Potential consequences and risks
• Measures we have taken to address the breach
• Recommendations for protecting yourself
• Contact information for further questions

Regulatory Reporting:

• We will notify relevant data protection authorities as required by applicable law
• Cooperation with investigations and regulatory requirements

Remediation:

• Immediate containment and mitigation measures
• Security enhancements to prevent recurrence
• Investigation of root cause
• Implementation of additional safeguards

7.3 Limitations of Security

No Absolute Security: Despite our security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Your Responsibility: You are responsible for:

• Maintaining the confidentiality of your account credentials
• Using strong, unique passwords
• Not sharing your account with others
• Logging out from shared or public devices
• Keeping your contact information up-to-date for security notifications

Acknowledgment of Risk: You acknowledge and accept the inherent security risks of:

• Internet transmission
• Electronic storage
• Cloud computing
• AI processing

If You Suspect Unauthorized Access: Immediately:

1. Change your password
2. Contact us at contact@trayve.app
3. Review your account for suspicious activity
4. Enable additional security measures if available

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 What Are Cookies?

Cookies are small text files stored on your device that help websites remember information about your visit. They're not spyware or malware - they're just a standard way for websites to function properly and remember things like your preferences.

8.2 Cookies We Use

Essential Cookies (Required):

These make the Platform work. Without them, you couldn't log in or use basic features:

• Authentication cookies: Keep you logged in as you navigate
• Session cookies: Track your active session
• Security cookies: Help prevent fraud and protect your account
• CSRF tokens: Prevent cross-site request forgery attacks

Functional Cookies (Helpful):

These remember your preferences to improve your experience:

• Language preferences: Remember your preferred language
• Theme settings: Remember light/dark mode preference
• UI preferences: Remember your interface customizations

Analytics Cookies (Optional):

These help us understand how people use the Platform so we can make it better:

• Usage patterns: What features are popular
• Performance data: How fast pages load
• Error tracking: What problems users encounter

8.3 Third-Party Cookies

Some of our service providers may set their own cookies:

• Payment processing (DodoPayments): May set cookies for fraud prevention and security
• Analytics services: May set cookies for usage analytics

8.4 Managing Cookies

Browser Settings:

You can control cookies through your browser settings:

• Chrome: Settings → Privacy and Security → Cookies
• Firefox: Options → Privacy & Security → Cookies
• Safari: Preferences → Privacy → Cookies
• Edge: Settings → Privacy → Cookies

Important Note: If you block essential cookies, some parts of the Platform may not work properly. You might have trouble logging in or using certain features.

8.5 Do Not Track

Some browsers have a "Do Not Track" (DNT) feature. We respect DNT signals where technically feasible, but note that there's no universal standard for how websites should respond to DNT signals.

9. YOUR PRIVACY RIGHTS

You have significant rights over your personal data. Here's what you can do:

9.1 Rights for All Users

Regardless of where you live, you can:

Access Your Data:

• Get a copy of the personal information we have about you
• See what data we've collected and why
• Request it in a common, portable format

Correct Your Data:

• Fix inaccurate personal information
• Update outdated information
• Complete incomplete records

Delete Your Data:

• Request deletion of your personal information
• Close your account and have associated data removed
• Delete specific images you've uploaded or generated

Object to Processing:

• Opt out of certain types of data use
• Restrict how we use your data
• Withdraw consent you previously gave

9.2 California Residents (CCPA Rights)

If you're a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know:

• Categories of personal information we collect
• Sources of that information
• Business purposes for collecting it
• Categories of third parties we share it with
• Specific pieces of information we have about you

Right to Delete:

Request deletion of personal information we've collected from you (with some exceptions for legal compliance).

Right to Opt-Out of Sale/Sharing:

Good News: We DO NOT sell your personal information. We do not share your personal information for cross-context behavioral advertising. There's nothing to opt out of here because we don't do it.

Right to Correct:

Request correction of inaccurate personal information.

Right to Limit Use of Sensitive Personal Information:

Limit use of sensitive personal information (if applicable) to what's necessary for providing the Service.

Right to Non-Discrimination:

You won't be discriminated against for exercising any of these rights. Same prices, same service quality, same features.

How to Exercise CCPA Rights:

• Email: contact@trayve.app (subject: "CCPA Request")
• We'll verify your identity and respond within 45 days
• You may make up to two requests per 12-month period

9.3 European Union Residents (GDPR Rights)

If you're in the EU/EEA, you have rights under the General Data Protection Regulation:

Right of Access (Article 15):

Get a copy of your personal data and information about how it's processed.

Right to Rectification (Article 16):

Have inaccurate personal data corrected without undue delay.

Right to Erasure (Article 17):

Request deletion of your personal data ("right to be forgotten") when certain conditions apply.

Right to Restrict Processing (Article 18):

Restrict how we process your data in certain circumstances.

Right to Data Portability (Article 20):

Receive your personal data in a structured, commonly used, machine-readable format.

Right to Object (Article 21):

Object to processing based on legitimate interests, direct marketing, or research.

Rights Related to Automated Decision-Making (Article 22):

Not be subject to decisions based solely on automated processing that significantly affect you. For AI image generation:

• AI processing is necessary for our service
• You explicitly consent when using the Platform
• We don't make legal or similarly significant decisions about you based solely on automated processing

Legal Basis for Processing:

We process your data based on:

• Contract performance: Necessary to provide the Service you signed up for
• Legitimate interests: Improving our Platform, preventing fraud
• Consent: Where you've explicitly agreed (which you can withdraw)
• Legal compliance: Where required by law

How to Exercise GDPR Rights:

• Email: contact@trayve.app (subject: "GDPR Request")
• We'll respond within 30 days (may extend to 60 days for complex requests)
• You have the right to lodge a complaint with your local Data Protection Authority

9.4 Indian Residents (DPDP Act Rights)

If you're in India, the Digital Personal Data Protection Act provides you with:

Right to Access Information:

Obtain a summary of your personal data and processing activities.

Right to Correction and Erasure:

• Correct inaccurate or misleading personal data
• Complete incomplete data
• Erase data no longer necessary for the purpose it was collected

Right to Grievance Redressal:

Access our grievance redressal mechanism for privacy concerns.

Right to Nominate:

Nominate another person to exercise your rights in case of death or incapacity.

Consent Withdrawal:

Withdraw consent at any time (though this may affect your ability to use certain features).

How to Exercise DPDP Rights:

• Email: contact@trayve.app (subject: "DPDP Act Request")
• We'll acknowledge within 7 days and provide full response within 30 days

9.5 How to Exercise Your Rights

Self-Service Options:

• Access/download your images: Through your account dashboard
• Delete images: Click delete on any image in your account
• Update account info: Settings → Account
• Delete account: Settings → Account → Delete Account

Contact Us:

• For any privacy request: contact@trayve.app
• Please include "Privacy Request" in the subject line
• We'll verify your identity before processing requests

Verification:

To protect your privacy, we need to verify it's really you before processing requests. We may ask you to:

• Confirm your email address
• Provide information that matches our records
• Confirm your request via email

Response Times:

• We aim to respond to all privacy requests within 30 days
• Complex requests may take up to 60 days (we'll let you know if that's the case)
• CCPA requests: Within 45 days
• GDPR requests: Within 30 days (extendable to 60 days)
• DPDP requests: Acknowledgment within 7 days, response within 30 days

No Fee (Usually):

We don't charge for reasonable privacy requests. We may charge a reasonable fee for:

• Manifestly unfounded or excessive requests
• Additional copies of data requested

10. INTERNATIONAL DATA TRANSFERS

10.1 Where Your Data Goes

Trayve is based in India, but we serve users worldwide. Your data may be processed in:

India:

• Our primary business operations
• Customer support
• Data storage (via Supabase infrastructure)

United States:

• Google Cloud Platform (Vertex AI image generation)
• Vercel (Platform hosting and content delivery)
• DodoPayments (payment processing)

Global CDN:

• Our Platform is delivered through Vercel's global edge network for fast loading

10.2 How We Protect International Transfers

When transferring data internationally, we use appropriate safeguards:

For EU/EEA Data:

• Standard Contractual Clauses (SCCs): EU-approved legal mechanisms for data transfers
• Adequacy decisions: Where the destination country has been deemed adequate by the EU
• Supplementary measures: Additional technical and organizational protections as needed

For All International Transfers:

• Strong encryption in transit and at rest
• Access controls and security measures
• Contractual protections with service providers
• Compliance with applicable data protection laws

Service Provider Compliance:

Our key service providers maintain appropriate certifications and safeguards:

• Google Cloud: SOC 2, ISO 27001, GDPR-compliant
• Supabase: SOC 2 Type II, GDPR-compliant
• Vercel: SOC 2 Type II, GDPR-compliant
• DodoPayments: PCI-DSS compliant

10.3 Your Choices

By using our Platform, you consent to the international transfer of your information. If you're uncomfortable with this, your options are:

• Don't create an account or use our services
• Contact us to discuss specific concerns
• Exercise your privacy rights (see Section 9)

11. CHILDREN'S PRIVACY

11.1 Age Requirements

Minimum Age:

• You must be at least 18 years old to create an account and use Trayve
• In jurisdictions where the age of majority is higher, you must meet that age

No Children's Services:

• We do not knowingly collect data from anyone under 18
• Our services are designed for adult fashion professionals and businesses
• We don't target, market to, or create content for children

11.2 What We Do If We Discover Underage Users

If we become aware that we have collected personal information from someone under 18:

• Account termination: We will immediately terminate the account
• Data deletion: We will delete all associated personal information
• Image deletion: All uploaded and generated images will be deleted
• No refunds: Any credits purchased will not be refunded (per our Terms)

11.3 Reporting Underage Users

If you believe someone under 18 is using our Platform:

• Email us immediately at contact@trayve.app
• Include any relevant information that supports your concern
• We will investigate promptly and take appropriate action

11.4 Parental Rights

If you're a parent or guardian and believe your child has provided personal information to Trayve:

• Contact us immediately at contact@trayve.app
• We will verify your parental authority
• We will delete the child's account and all associated data
• We will provide confirmation of deletion

11.5 COPPA Compliance

While Trayve is not directed at children under 13, we maintain COPPA (Children's Online Privacy Protection Act) compliance by:

• Not knowingly collecting personal information from children under 13
• Requiring age confirmation during account registration
• Promptly deleting any data from users discovered to be under 13

12. CHANGES TO THIS PRIVACY POLICY

12.1 How We Update This Policy

We may update this Privacy Policy from time to time. When we do:

Minor Changes:

• Typo fixes, clarifications, formatting improvements
• We'll update the "Last updated" date
• No special notice required

Significant Changes:

• New types of data collection
• New purposes for using your data
• Changes to data sharing practices
• Material changes to your rights

For significant changes, we will:

• Update the "Last updated" date
• Post a notice on the Platform
• Send email notification to registered users (at least 30 days before changes take effect)
• Give you the opportunity to review and understand the changes

12.2 Your Choices When We Update

When we make significant changes:

If You Agree:

Continue using the Platform after the effective date - your continued use constitutes acceptance.

If You Disagree:

• You can exercise your privacy rights before changes take effect
• You can delete your account
• You can contact us to discuss your concerns

For Existing Data:

• Changes will not retroactively apply to data collected before the change
• New terms apply to data collected after the effective date
• Unless you consent to the new terms for existing data

12.3 Previous Versions

We maintain a record of previous versions of this Privacy Policy. You can request previous versions by contacting us at contact@trayve.app.

13. THIRD-PARTY WEBSITES AND SERVICES

13.1 Links to Other Sites

Our Platform may contain links to third-party websites, applications, or services. This includes:

• Fashion brand websites (when showcasing products)
• Social media platforms
• Our blog or external content sources
• Partner and integration services

13.2 Our Responsibility (Or Lack Thereof)

Important: This Privacy Policy ONLY applies to Trayve. We are not responsible for the privacy practices of third-party sites.

When you click a link and leave our Platform:

• You're subject to that site's privacy policy
• We don't control what they collect or how they use it
• We're not responsible for their content or practices

13.3 Recommendations

Before providing personal information to third-party sites:

• Read their privacy policy
• Understand their data practices
• Check their reputation and security
• Use unique passwords

13.4 Embedded Content

Our Platform may include embedded content (like videos, social media widgets, or interactive features) from third parties. This embedded content:

• May collect data about you
• May use cookies
• Is subject to the third party's privacy policy

14. CONTACT INFORMATION

14.1 How to Reach Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how we handle your data:

Email: contact@trayve.app

This is the fastest way to reach us for any privacy-related questions.

Website: https://trayve.app/contact

Use our contact form for general inquiries.

14.2 Response Expectations

General Inquiries:

• We aim to respond within 2-3 business days

Privacy Requests:

• Acknowledgment within 7 days
• Full response within 30 days (may extend to 60 for complex requests)

Security Concerns:

• Prioritized and addressed as quickly as possible
• Please include "SECURITY" in the subject line for faster routing

14.3 Data Protection Queries

For specific data protection inquiries, include in your email:

• Subject line: "Privacy Request" or "GDPR Request" / "CCPA Request" / "DPDP Request"
• Your account email address
• Specific nature of your request
• Any relevant details or context

14.4 Complaints

If you're not satisfied with our response to a privacy concern:

Internal Escalation:

• Reply to our response and ask for escalation
• We'll have a senior team member review your concern

External Options:

EU Residents: Contact your local Data Protection Authority

California Residents: California Attorney General's Office

Indian Residents: Data Protection Board of India (when operational)

15. ADDITIONAL LEGAL INFORMATION

15.1 Privacy Policy as Contract

This Privacy Policy, together with our Terms and Conditions, forms the legal agreement between you and Trayve. By using our Platform, you agree to both documents.

15.2 Severability

If any part of this Privacy Policy is found to be invalid or unenforceable:

• That specific part will be modified to the minimum extent necessary
• Or removed entirely if modification isn't possible
• The rest of the Privacy Policy remains in full effect

15.3 No Waiver

If we don't enforce a provision of this Privacy Policy in one instance:

• We're not waiving our right to enforce it in the future
• Delay in exercising rights isn't a waiver
• Partial exercise of rights doesn't prevent future enforcement

15.4 Assignment

We may assign this Privacy Policy to:

• A successor in interest (if we're acquired)
• An affiliate or subsidiary
• A party that acquires substantially all of our assets

You may not assign your rights or obligations under this Privacy Policy without our written consent.

15.5 Entire Agreement

This Privacy Policy (along with our Terms and Conditions) represents the entire agreement regarding privacy practices between you and Trayve.

It supersedes any prior privacy-related agreements or understandings.

15.6 Language

This Privacy Policy is written in English. If we provide translations for convenience, the English version controls in case of conflicts.

15.7 Interpretation

In this Privacy Policy:

• "Include" and "including" are not limiting
• Headings are for convenience and don't affect interpretation
• References to "you" include your authorized representatives
• References to "we," "us," or "our" mean Trayve

16. JURISDICTION-SPECIFIC PROVISIONS

16.1 European Union / European Economic Area

Data Controller:

Trayve is the data controller for personal data collected through the Platform.

Legal Basis for Processing:

• Contract: Processing necessary to provide the services you've requested
• Legitimate Interests: Improving our services, preventing fraud, marketing (where appropriate)
• Consent: Where you've explicitly consented to specific processing
• Legal Obligation: Where required by applicable law

International Transfers:

Data transferred outside the EEA is protected by Standard Contractual Clauses and supplementary measures as required.

Data Protection Authority:

You have the right to lodge a complaint with your local data protection authority.

16.2 United Kingdom

UK GDPR:

For UK residents, references to "GDPR" include the UK GDPR (retained EU law as amended).

Data Transfers:

Data transferred from the UK is protected by the UK's adequacy regulations and International Data Transfer Agreements (IDTAs) as appropriate.

Supervisory Authority:

UK residents can contact the Information Commissioner's Office (ICO) for complaints.

16.3 California

CCPA/CPRA Disclosures:

Categories of Personal Information Collected (last 12 months):

• Identifiers (name, email, IP address)
• Commercial information (transaction history)
• Internet activity (usage data, browsing history on our Platform)
• Visual information (photos you upload)
• Inferences drawn from the above

Categories of Personal Information Disclosed for Business Purposes:

• Identifiers (to service providers for payment processing)
• Visual information (to AI providers for image generation)

Categories of Personal Information Sold/Shared: NONE

Shine the Light:

California residents can request information about disclosure of personal information to third parties for direct marketing purposes. Since we don't disclose for direct marketing, there's nothing to report.

16.4 India

Digital Personal Data Protection Act (DPDP):

For Indian residents, we comply with the DPDP Act:

• Data Fiduciary: Trayve acts as a data fiduciary
• Consent: We obtain clear, informed consent before processing
• Purpose Limitation: Data is used only for specified purposes
• Data Minimization: We collect only necessary data
• Data Quality: We take steps to keep data accurate
• Security: Appropriate security measures are implemented

Grievance Officer:

For grievances related to personal data processing:

Email: contact@trayve.app (Subject: "DPDP Grievance")

Response: Within 30 days

16.5 Brazil

LGPD (Lei Geral de Proteção de Dados):

For Brazilian residents:

• You have rights under Articles 17-22 of the LGPD
• Contact us at contact@trayve.app for LGPD-related requests
• You can contact the ANPD (Autoridade Nacional de Proteção de Dados) for complaints

16.6 Canada

PIPEDA:

For Canadian residents:

• We comply with PIPEDA principles for handling personal information
• You have the right to access and correct your personal information
• Complaints can be directed to the Office of the Privacy Commissioner of Canada

16.7 Australia

Privacy Act 1988:

For Australian residents:

• We handle personal information in accordance with the Australian Privacy Principles (APPs)
• You have rights to access and correct your personal information
• Complaints can be directed to the Office of the Australian Information Commissioner (OAIC)

16.8 Other Jurisdictions

If you're in a jurisdiction with specific privacy laws not mentioned above:

• We aim to comply with applicable local privacy laws
• Contact us to discuss specific requirements
• We'll work with you to ensure compliance

17. DISPUTE RESOLUTION

17.1 Informal Resolution First

Before taking formal action, please contact us to try to resolve any privacy concerns:

• Email: contact@trayve.app
• Subject: "Privacy Dispute"
• We'll respond within 15 business days
• Most issues can be resolved through direct communication

17.2 Mediation

If informal resolution doesn't work:

• Either party may request mediation
• Mediation will be conducted by a mutually agreed mediator
• Location: Virtual or Mumbai, India
• Each party bears their own costs; shared mediator costs split equally

17.3 Arbitration

If mediation fails:

• Disputes will be resolved through binding arbitration
• Governed by the Arbitration and Conciliation Act, 1996 (India)
• Single arbitrator mutually selected
• Location: Mumbai, India (or virtual)
• Language: English

Exceptions to Arbitration:

• Claims for injunctive relief
• Claims regarding intellectual property
• Small claims court matters (where available)

17.4 Class Action Waiver

By using our Platform, you agree that any disputes will be resolved individually. You waive the right to:

• Participate in class actions
• Participate in class-wide arbitrations
• Participate in representative actions

Note: Some jurisdictions don't allow class action waivers. If you're in such a jurisdiction, this waiver may not apply to you.

17.5 Regulatory Rights Preserved

Nothing in this section limits your right to:

• File a complaint with a data protection authority
• Exercise statutory privacy rights
• Seek regulatory intervention

17.6 Governing Law

This Privacy Policy is governed by the laws of India, without regard to conflict of law principles.

For EU residents: Your mandatory statutory protections under EU law are not affected.

For California residents: Your CCPA rights are not affected.

18. ACKNOWLEDGMENT AND CONSENT

18.1 Your Acknowledgment

By creating an account and using Trayve, you acknowledge that:

• You've Read This Policy: You've had the opportunity to read and understand this Privacy Policy
• You Consent to Data Collection: You consent to the collection and use of your information as described
• You Understand AI Processing: You understand that your images will be processed by AI systems to provide the services
• You Accept International Transfers: You consent to the international transfer of your data as described
• You're Responsible for Consent: If you upload images of other people, you've obtained their consent

18.2 What You're NOT Consenting To

Just to be crystal clear, by using Trayve you are NOT consenting to:

• ❌ Your images being used to train AI models
• ❌ Your personal data being sold to third parties
• ❌ Your information being shared for targeted advertising
• ❌ Unlimited retention of your data after deletion requests

We respect your privacy. This policy reflects our genuine commitment to protecting your data, not just legal compliance.

18.3 Ongoing Consent

By continuing to use Trayve after any updates to this Privacy Policy, you consent to the updated terms.

18.4 Questions About Consent

If you have any questions about what you're consenting to, please contact us BEFORE using the Platform:

Email: contact@trayve.app

We're happy to explain anything in plain language.