01One-page summary
The essentials:
- We collect your email, your full-body photo, and photos of the items in your wardrobe.
- We use this data only to put together outfits for you.
- We do not sell your data, do not use your photos to train public AI models, and do not share with advertisers.
- You can delete individual items or delete your entire account directly in the app (Profile → Fine print → Delete my account) — this permanently erases your account, profile, photos, and outfits.
- You can also export your data at any time directly in the app (Profile → Fine print → Export my data).
- We comply with the LGPD (Brazil's general data protection law — Law 13.709/18).
If you only want the essentials, that's it. The details follow below.
02Who is the controller
Stylefi, based in Belo Horizonte, Brazil, is the controller of the personal data collected through the app. This means we are the entity responsible for deciding how and why your data is processed.
03What data we collect
Account data
- First name and last name;
- Email;
- Password (stored hashed — never in plain text);
- Device language and time zone;
- Email verification status (the date and time you confirmed the link we sent by email);
- Referral code: we generate a unique, fixed code for your account, shown on your profile screen. If you signed up using someone else's code, we keep that link (who referred you) so we can credit the bonus when you confirm your email.
Content you upload
- Full-body photo;
- Photos of the items in your wardrobe;
- Descriptions, categories, colors, and tags you add to items;
- Style and occasion preferences.
Usage data
- Outfits generated, saved, regenerated, or discarded;
- Credits used and purchase history;
- Technical logs (device model, app version, crashes).
Data we do NOT collect
- Precise GPS location;
- Your phone's contact list;
- Access to other photos in your gallery beyond the ones you choose to upload;
- Sensitive data (health, religion, political views — unless you spontaneously write them in descriptions, which we ask you to avoid).
04What we use it for
- Operating the service: authenticating your account, displaying your items, generating outfits, processing payments.
- Improving your account experience: more relevant suggestions based on items you've already marked as favorites.
- Communication: transactional emails (signup email verification, password recovery, purchase confirmation) and — if you opt in — product updates.
- Email verification: confirming that the email is yours to unlock app access and protect against automated signups.
- Referral program: recording who referred whom so we can credit the referral bonus when the invited person confirms their email, and applying the anti-abuse limits described in the Terms of Use.
- Support: investigating issues and answering questions you send us.
- Complying with legal obligations: keeping tax records and responding to requests from authorities when legally required.
05Legal bases (LGPD)
| Processing | Legal basis |
|---|---|
| Creating and operating your account | Performance of a contract (Art. 7, V) |
| Processing photos to generate outfits | Consent (Art. 7, I) + Performance of a contract |
| Billing and tax records | Legal obligation (Art. 7, II) |
| Product update / marketing emails | Consent (opt-in) |
| Email verification | Performance of a contract (Art. 7, V) + Legitimate interest (Art. 7, IX, anti-abuse) |
| Referral program (code + referrer/referred link + credit bonus) | Performance of a contract (Art. 7, V) + Legitimate interest (Art. 7, IX, for anti-abuse limits) |
| Fraud prevention | Legitimate interest (Art. 7, IX) |
06Your photos — special handling
Your body and item photos are the heart of Stylefi. We handle them with extra care:
- They sit in a private account, accessible only through your authenticated session;
- They are not indexed, do not appear in searches, and are not published anywhere public;
- They are not used to train public AI models — neither ours nor third parties';
- They are not sold, donated, or shared with advertisers or brands.
You can delete individual items at any time inside the app — they leave your library and stop being used in new outfits.
The full-body photo is essential to how the app works, so it stays linked to your account for as long as it exists. To permanently delete all your photos, just close the account under Profile → Fine print → Delete my account — we confirm with your current password and then delete all files in our storage (Cloudflare R2) and the database in cascade. If you prefer, you can also write to privacidade@stylefi.app.
07Sharing
We do not sell your data. We share only with the service providers strictly necessary, listed below, under contract and with clauses that limit use to strictly operational purposes:
| Category | Provider | What it receives | Where it processes |
|---|---|---|---|
| Image storage | Cloudflare R2 | Body photo, wardrobe item photos, and generated outfits, in a private bucket with authenticated access | Cloudflare's global network (Brazil, US, EU) |
| AI model (outfit generation) | OpenAI | Body photo + photos of the items selected for the outfit, transmitted on each generation to compose the result image. OpenAI states in its terms that it does not use this data to train models. | US |
| Database and backend | Render (managed Postgres and Node servers) | Account data, credits, outfit history, session (no photos) | US |
| Transactional email | Resend | Your email, name, and transactional tokens (email verification, password recovery) | US |
| Landing page analytics | Google Analytics 4 | Anonymized IP, pages visited, traffic source — only after you accept in the cookie banner | US |
| In-app payments | App Store (Apple) and Google Play | Credit purchases in the mobile app; Stylefi never sees or stores card data | US / global |
| Web payments (future) | Card and PIX gateway (to be defined) | Purchases via the web version when available | Brazil |
These partners only receive the minimum data needed for the function described and cannot use it for their own purposes. In particular: none of them receives your photos directly linked to your name or email — the file path in R2 contains only an internal user identifier.
International transfer
Several of the providers above are based in the US. We treat this transfer under Art. 33 of the LGPD (transfer necessary for performance of the contract and backed by standard contractual clauses / DPAs signed with each provider). When Brazilian alternatives with the same technical maturity exist, we evaluate migration.
08Storage and retention
- Active account: your account data, body photo, and item photos remain stored for as long as the account exists — they are essential to running the app.
- Individual items deleted in the app: removed from your library immediately. Technical copies in backups are overwritten within 30 days.
- Account closure: when you use the Profile → Fine print → Delete my account option inside the app, we immediately delete all your files in R2 and the database row, cascading to all related tables (profile, items, outfits, credits, coupons). Any feedback you sent is kept with your identity unlinked (anonymized). Technical copies in backups are overwritten within 30 days.
- Tax records: invoices and billing data are retained for up to 5 years, as required by tax law.
- Technical logs: kept for up to 6 months for issue investigation.
09Security
We apply technical and organizational measures to protect your data:
- Passwords stored with hash + salt (never in plain text);
- Encrypted communication in transit (HTTPS/TLS);
- Images stored in private buckets, with authenticated access;
- Role-based access control within the team;
- Monitoring of suspicious access.
In the event of an incident that could pose a significant risk to you, we will notify you by email and the ANPD (Brazil's National Data Protection Authority) within the legal deadlines.
10Your rights
The LGPD guarantees you a series of rights over your personal data. At any time, you can:
- Confirm that we process your data;
- Access the data we hold about you;
- Correct incomplete, inaccurate, or outdated data;
- Anonymize, block, or delete unnecessary data;
- Port your data to another provider (in a structured format);
- Delete data processed based on your consent;
- Withdraw consent at any time;
- Know who we share your data with;
- Object to processing based on legitimate interest.
Most of these rights can be exercised directly in the app settings:
- Export (portability): Profile → Fine print → Export my data generates a JSON file with everything we keep about you, plus 24-hour links to download your photos.
- Delete: Profile → Fine print → Delete my account permanently erases your account, profile, photos, and outfits, after re-confirming your password.
- Correct name: Profile → Account → Personal details.
If you no longer have the app installed or prefer the web, use the page stylefi.app/privacy-actions: request the email link, then export or delete your account from the browser (deletion still requires your current password).
For the other rights, get in touch (see Contact). We respond within 15 days.
12Children and teens
Stylefi is not intended for anyone under 13 years old. Between 13 and 18, use requires the consent of a legal guardian. If we identify an account created by someone under 13, we remove the account and associated data.
13Changes to this policy
This policy may be updated to reflect changes to the Service, partners, or legislation. Significant changes are communicated by email and/or inside the app, with at least 15 days notice.
14Contact and DPO
Privacy questions or to exercise your LGPD rights, write to privacidade@stylefi.app. This is the channel dedicated to data subjects — we respond within 15 days.
Data Protection Officer (DPO): Wenderson Pires, email privacidade@stylefi.app.
You also have the right to file a complaint with the ANPD (Brazil's National Data Protection Authority): gov.br/anpd.