Fiu-Fiu LogoFiu-Fiu
Start

Privacy Policy

Last updated: October 7, 2025

1. Introduction

Fiu-Fiu ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our AI-powered virtual try-on service. This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Information We Collect

2.1 Personal Information You Provide

  • Account Information: Email address, name, and authentication credentials (managed by Clerk)
  • Payment Information: Billing details and payment method information (processed and stored by Stripe, not directly by us)
  • Uploaded Images: Photos you upload to create your virtual model

2.2 Automatically Collected Information

  • Usage Data: Information about how you interact with our Service, including features used and generation history
  • Device Information: IP address, browser type, operating system, and device identifiers
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to enhance your experience

2.3 AI-Generated Content

We store the images generated by our AI system based on your uploaded photos and clothing selections.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Service Delivery: To provide AI-generated virtual try-on functionality
  • Account Management: To create and manage your account
  • Payment Processing: To process transactions and manage subscriptions
  • Service Improvement: To analyze usage patterns and improve our Service (we do NOT use your uploaded images or generated content for AI model training)
  • Communication: To send service-related notifications and respond to your inquiries
  • Security: To detect, prevent, and address fraud, security issues, and prohibited uses
  • Legal Compliance: To comply with legal obligations and enforce our Terms of Service

Under GDPR, we process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing necessary to provide the Service you requested
  • Legitimate Interests: For service improvement, security, and fraud prevention
  • Legal Obligation: When required by law
  • Consent: For optional features or marketing communications (where applicable)

5. How We Share Your Information

5.1 Third-Party Service Providers

We share your information with the following third-party service providers who assist us in operating our Service:

  • Clerk: Authentication and email services
  • Stripe: Payment processing (Stripe maintains its own privacy policy)
  • Google: Data storage and cloud infrastructure
  • Cloudflare: Content delivery network and security services

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5.4 We Do Not Sell Your Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Retention

We retain your personal information as follows:

  • Active Accounts: We store your uploaded images and generated content while your account remains active
  • Inactive Accounts: All user data, including uploaded images and generated content, is automatically deleted after 2 years of account inactivity
  • Account Deletion: If you delete your account, we will delete your personal information within 30 days, except where we are required to retain it for legal purposes
  • Payment Records: Billing information may be retained longer to comply with tax and accounting requirements

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Secure authentication systems via Clerk
  • Regular security assessments and monitoring
  • Access controls and data minimization practices
  • Secure cloud infrastructure via Google and Cloudflare

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Privacy Rights

8.1 GDPR Rights (EU/EEA Users)

If you are in the European Union or European Economic Area, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
  • Right to Restriction: Request limited processing of your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

8.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we collect
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: We do not sell your personal information
  • Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights
  • Right to Limit Use of Sensitive Information: Request limits on use of sensitive personal information

8.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@fiu-fiu.com. We will respond to your request within 30 days (or as required by applicable law).

9. International Data Transfers

Your personal information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from your jurisdiction. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with service providers that ensure GDPR-level protection

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Required for the Service to function (e.g., authentication)
  • Performance Cookies: Help us understand how users interact with the Service
  • Functional Cookies: Remember your preferences and settings

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Service.

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information immediately.

12. AI and Image Processing

Important information about how we handle your images:

  • No AI Training: We do NOT use your uploaded images or generated content to train our AI models
  • Image Ownership Verification: We do not verify that you own or have permission to upload images. You are solely responsible for ensuring you have the necessary rights
  • Image Quality: AI-generated images may contain errors or quality issues inherent to AI technology
  • Your Ownership: You retain ownership of the images you generate through our Service

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Updating the "Last updated" date at the top of this page
  • Sending you an email notification (for significant changes)

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@fiu-fiu.com General Support: support@fiu-fiu.com Data Protection Officer: privacy@fiu-fiu.com Jurisdiction: Portugal

Summary of Key Points

  • We collect images, account info, and usage data
  • We do NOT use your images for AI training or sell your data
  • Data is deleted after 2 years of inactivity
  • Third parties: Clerk (auth), Stripe (payments), Google (storage), Cloudflare (CDN)
  • You have rights to access, correct, delete, and port your data
  • Contact privacy@fiu-fiu.com to exercise your privacy rights