Privacy Policy

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

• photos of your outfit
• photos that may include your face (selfies)

Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

• biometric data derived from uploaded photos

Payment Data. We may collect data necessary to process your payment if you make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data is processed and stored by the respective platform you use:

• Apple App Store: Payments are handled by Apple. Their privacy policy is available at https://www.apple.com/legal/applepayments/privacy-notice/
• Google Play Store: Payments are handled by Google. Their privacy policy is available at https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=privacynotice

Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:

• Mobile Device Access: We may request access or permission to certain features from your mobile device, including your contacts, camera, and other features. You may change access in your device’s settings.
• Push Notifications: We may request to send you push notifications. You may opt out in your device’s settings.

This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for internal analytics and reporting purposes.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and information about how and when you use our Services. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

The information we collect includes:

Log and Usage Data: Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings, and information about your activity in the Services (such as date/time stamps, pages viewed, searches, actions performed, system activity, error reports, and hardware settings).

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, analyze outfit photos using artificial intelligence (AI), communicate with you, ensure security and fraud prevention, and comply with legal obligations. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To allow you to upload outfit photos and receive AI-based evaluations using Google Gemini
• To enable sign-in using your Google or Apple account
• To process payments for subscriptions and one-time purchases via App Store or Google Play
• To operate, maintain, and improve the performance and functionality of the OutfitGPT app
• To respond to inquiries, provide support, and send important service notifications
• To detect, investigate, and prevent fraudulent or unauthorized use of the app
• To comply with legal obligations, platform policies, and applicable data protection laws
• To save or protect an individual’s vital interest, such as to prevent harm

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law — such as your consent, to comply with legal obligations, to fulfill our contractual duties, to protect your rights, or to serve our legitimate business interests.

If you are located in the European Union (EU) or United Kingdom (UK), this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. Accordingly, we may rely on the following legal bases:

• Consent: We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose — for example, uploading and analyzing outfit photos using AI. You can withdraw your consent at any time.
• Performance of a Contract: We may process your information when it is necessary to fulfill our contractual obligations to you — for example, to provide the OutfitGPT app features after registration or payment.
• Legal Obligations: We may process your information where it is necessary for compliance with legal obligations — for example, accounting, tax, or regulatory requirements.
• Vital Interests: We may process your information to protect your vital interests or the vital interests of another individual — for example, in emergencies.
• Legitimate Interests: We may process your information when it is reasonably necessary to achieve our legitimate business interests — such as improving our AI evaluation models, securing our app, or analyzing usage to enhance the user experience.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable Canadian law to process your information without your consent, including, for example:

• If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
• For investigations and fraud detection and prevention
• For business transactions provided certain conditions are met
• If it is contained in a witness statement and necessary to assess, process, or settle an insurance claim
• For identifying injured, ill, or deceased persons and communicating with next of kin
• If there are reasonable grounds to believe a person has been, is, or may be a victim of financial abuse
• If obtaining consent would compromise the availability or accuracy of information used to investigate a legal breach
• If disclosure is required by law, subpoena, warrant, or court order
• If produced in the context of employment or business and used consistently with its intended purpose
• If collected solely for journalistic, artistic, or literary purposes
• If the information is publicly available and specified by regulation

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share your information in specific situations described in this section and/or with certain categories of third parties necessary to operate and improve OutfitGPT.

We may share your data with third-party vendors, service providers, contractors, or agents (third parties) who perform services for us or on our behalf and require access to your personal information to carry out that work. These third parties are contractually obligated to:

• Use your information only as instructed by us
• Not disclose your data to unauthorized parties
• Protect the confidentiality and integrity of your data
• Store your information only for the time we allow, not longer than one year

The categories of third parties we may share your personal information with include:

• Data Analytics Services: For usage monitoring, performance optimization, and AI model improvement
• Cloud Infrastructure Providers: For secure data hosting and storage (e.g., image uploads, login sessions)
• AI Processing Providers: Such as Google, for processing images using Google Gemini
• Authentication Services: To allow sign-in via Google or Apple accounts
• Payment Processors: Apple or Google, to manage in-app purchases and subscriptions

Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, acquisition, financing, sale of company assets, or transition of services to another provider. In such cases, the new entity must adhere to this privacy notice or notify you of material changes.

5. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?

In Short: We are not responsible for the safety or privacy of any data you share with third-party services that are not affiliated with OutfitGPT, even if they are linked within the app.

The OutfitGPT app may contain links to third-party websites, online services, or mobile applications — for example, links to the privacy policies of Apple or Google, or external resources used for login or payment. These third parties are not under our control, and we do not endorse or take responsibility for their content, privacy practices, or security measures.

Any personal information you provide to these third parties is not covered by this privacy policy. We strongly recommend that you review the individual privacy policies of any external websites, services, or platforms you interact with via OutfitGPT. Your interactions with those platforms are governed entirely by their terms and policies.

We are not liable for any loss or damage resulting from your use of such third-party websites or services. If you have questions about how a third party uses your information, please contact them directly.

6. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

In Short: We may transfer, store, and process your personal information in countries other than the one in which you reside.

OutfitGPT may work with service providers, including AI platforms (e.g. Google Gemini), cloud storage, analytics, and authentication providers, that are located outside of the country you are in. As a result, your information may be transferred to and stored on servers in countries such as the United States, Germany, or Ireland — depending on the infrastructure of our service partners.

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, please note that some of these countries may not have data protection laws that are as strict as those in your country. However, we take appropriate safeguards to ensure that your personal data remains protected in accordance with this privacy notice and applicable laws.

European Commission’s Standard Contractual Clauses (SCCs): Where required, we use the European Commission’s Standard Contractual Clauses for data transfers to ensure adequate protection of your information. These clauses contractually oblige recipients of personal data to safeguard it in compliance with European data protection regulations. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We retain your personal data only for as long as necessary to fulfill the purposes described in this privacy policy — unless you request its deletion or we are legally required to keep it for a longer period.

Uploaded outfit photos, AI evaluation results, and other personal data will be stored as long as you actively use the app or until you request deletion. You can request deletion of your data at any time by contacting us.

In certain cases, we may be legally obligated to retain data beyond your deletion request — for example, to comply with tax, commercial, or legal obligations, or to resolve disputes.

Once the retention period expires or a valid deletion request is processed, we will delete or anonymize your personal data in a secure and irreversible manner.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We protect your personal data using a combination of technical and organizational security measures.

We take data protection seriously and have implemented appropriate safeguards to secure your information. These include secure communication protocols (e.g. HTTPS), encrypted storage of sensitive content, role-based access controls, and regular monitoring of our systems for vulnerabilities and potential attacks.

Outfit images and AI-related data are stored securely and processed using trusted cloud infrastructure and AI services that follow current industry security standards.

However, no method of data transmission over the Internet or method of electronic storage is completely secure. Therefore, we cannot guarantee absolute security. You are responsible for keeping your device secure and for ensuring that access credentials (such as login via Apple or Google) are not shared with others.

9. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to individuals under 18 years of age.

The OutfitGPT app and its services are not intended for use by children under the age of 18. By using the app, you confirm that you are at least 18 years old or that you are the parent or legal guardian of a minor who is using the app with your consent.

We do not knowingly collect or process personal data from users under 18 years of age. If we become aware that we have inadvertently collected personal information from a user under the age of 18, we will deactivate the account and take appropriate steps to delete the data from our systems. If you believe we may have collected data from a minor, please contact us immediately at info@horize.de.

10. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your location (e.g. EEA, UK, Switzerland), you have certain rights regarding your personal data — including the right to access, correct, delete, or restrict the processing of your data.

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, the General Data Protection Regulation (GDPR) or equivalent laws grant you the following rights:

• The right to request access to the personal data we hold about you
• The right to request rectification of inaccurate or incomplete data
• The right to request erasure of your data (right to be forgotten)
• The right to restrict or object to certain types of processing
• The right to data portability, where applicable
• The right not to be subject to automated decision-making, including profiling

To exercise any of these rights, contact us at info@horize.de. We will review and process your request in accordance with applicable data protection laws.

If you believe that we are unlawfully processing your personal data, you also have the right to lodge a complaint with your local data protection authority. For users in Germany, this would be the Landesbeauftragte für Datenschutz of your federal state.

Withdrawing Your Consent

If we rely on your consent to process your personal data, you can withdraw that consent at any time by contacting us. Please note that withdrawing consent does not affect the legality of processing prior to the withdrawal.

Opting Out of Marketing

If we send promotional communications, you may opt out at any time by replying with (STOP) or (UNSUBSCRIBE), or by contacting us directly. We may still send you necessary service-related communications such as login confirmations or critical updates.

If you have questions or comments about your rights, reach out to info@horize.de.

11. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers, some mobile operating systems, and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.

Currently, no uniform technology standard for recognizing and implementing DNT signals has been finalized. Therefore, like many digital services, OutfitGPT does not respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

If a standard for online tracking is adopted in the future that we are required to follow, we will update this privacy notice accordingly.

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of California, Colorado, Connecticut, Utah or Virginia, you are granted specific rights regarding access to your personal information.

What categories of personal information do we collect?

We have collected the following categories of personal information in the past twelve (12) months:

We will use and retain the collected personal information as needed to provide the Services or for:

• Category A – As long as the user has an account with us
• Category L – As long as the user has an account with us

We may also collect other personal information outside of these categories through direct interactions, customer support, surveys, contests, and service delivery.

California Residents

California Civil Code Section 1798.83, also known as the “Shine The Light” law permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided.

If you are under 18 years of age, reside in California, and have a registered account with the Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).

CCPA Privacy Notice

This section applies only to California residents. Under the California Consumer Privacy Act (CCPA), you have the rights listed below.

The California Code of Regulations defines a “resident” as:

• Every individual who is in the State of California for other than a temporary or transitory purpose
• Every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

All other individuals are defined as “non-residents.”

If this definition of “resident” applies to you, we must adhere to certain rights and obligations regarding your personal information.

Your rights with respect to your personal data

Right to request deletion of the data — Request to delete

You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of their right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities.

Right to be informed — Request to know

Depending on the circumstances, you have a right to know:

• whether we collect and use your personal information;
• the categories of personal information that we collect;
• the purposes for which the collected personal information is used;
• whether we sell or share personal information to third parties;
• the categories of personal information that we sold, shared, or disclosed for a business purpose;
• the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose;
• the business or commercial purpose for collecting, selling, or sharing personal information; and
• the specific pieces of personal information we collected about you.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.

Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights

We will not discriminate against you if you exercise your privacy rights.

Right to Limit Use and Disclosure of Sensitive Personal Information

If we collect any of the following:

• social security information, driver’s licenses, state ID cards, passport numbers
• account login information
• credit card numbers, financial account information, or credentials allowing access to such accounts
• precise geolocation
• racial or ethnic origin, religious or philosophical beliefs, union membership
• the contents of email and text, unless we are the intended recipient of the communication
• genetic data, biometric data, and health data
• data concerning sexual orientation and sex life

you have the right to direct us to limit our use of your sensitive personal information to only what is necessary to perform the Services.

Once we receive your request, we are no longer allowed to use or disclose your sensitive personal information for any other purpose unless you provide consent.

Please note that sensitive personal information that is collected or processed without the purpose of inferring characteristics about a consumer is not covered by this right.

To exercise your right to limit use and disclosure of sensitive personal information, please email info@horize.de.

Verification process

Upon receiving your request, we will need to verify your identity. These verification efforts may require you to provide information so that we can match it with information you have previously provided. We may also contact you via previously provided communication methods.

We will only use personal information provided in your request to verify your identity. If necessary, we may request additional information to complete verification, which will be deleted once completed.

Other privacy rights

• You may object to the processing of your personal information.
• You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the information.
• You can designate an authorized agent to make a request on your behalf under the CCPA.
• You may request to opt out from future selling or sharing of your personal information to third parties.

To exercise these rights, you can contact us by email at info@horize.de.

Colorado Residents

This section applies only to Colorado residents. Under the Colorado Privacy Act (CPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

• Right to be informed whether or not we are processing your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to request deletion of your personal data
• Right to obtain a copy of the personal data you previously shared with us
• Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects (profiling)

To submit a request to exercise these rights described above, please email info@horize.de.

If we decline to take action regarding your request and you wish to appeal our decision, please email us at info@horize.de. Within forty-five (45) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

Connecticut Residents

This section applies only to Connecticut residents. Under the Connecticut Data Privacy Act (CTDPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

• Right to be informed whether or not we are processing your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to request deletion of your personal data
• Right to obtain a copy of the personal data you previously shared with us
• Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects (profiling)

To submit a request to exercise these rights described above, please email info@horize.de.

If we decline to take action regarding your request and you wish to appeal our decision, please email us at info@horize.de. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

Utah Residents

This section applies only to Utah residents. Under the Utah Consumer Privacy Act (UCPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

• Right to be informed whether or not we are processing your personal data
• Right to access your personal data
• Right to request deletion of your personal data
• Right to obtain a copy of the personal data you previously shared with us
• Right to opt out of the processing of your personal data if it is used for targeted advertising or the sale of personal data

To submit a request to exercise these rights described above, please email info@horize.de.

Virginia Residents

Under the Virginia Consumer Data Protection Act (VCDPA): “Consumer” means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

“Personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person. “Personal data” does not include de-identified data or publicly available information.

“Sale of personal data” means the exchange of personal data for monetary consideration.

If this definition of “consumer” applies to you, we must adhere to certain rights and obligations regarding your personal data.

Your rights with respect to your personal data

• Right to be informed whether or not we are processing your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to request deletion of your personal data
• Right to obtain a copy of the personal data you previously shared with us
• Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects (profiling)

To exercise your rights under the Virginia VCDPA, you may contact us by email at info@horize.de.

If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

Verification process

We may request that you provide additional information reasonably necessary to verify you and your consumer request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.

Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

Right to appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at info@horize.de. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Attorney General to submit a complaint.

13. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: You may have additional rights based on the country you reside in.

Australia and New Zealand

We collect and process your personal information under the obligations and conditions set by Australia’s Privacy Act 1988 and New Zealand’s Privacy Act 2020 (Privacy Act).

This privacy notice satisfies the notice requirements defined in both Privacy Acts, in particular: what personal information we collect from you, from which sources, for which purposes, and other recipients of your personal information.

If you do not wish to provide the personal information necessary to fulfill their applicable purpose, it may affect our ability to provide our services, in particular:

• offer you the products or services that you want
• respond to or help with your requests

At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us by using the contact details provided in the section “HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?”

If you believe we are unlawfully processing your personal information, you have the right to submit a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner and a breach of New Zealand’s Privacy Principles to the Office of New Zealand Privacy Commissioner.

Republic of South Africa

At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us by using the contact details provided in the section “HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?”

If you are unsatisfied with the manner in which we address any complaint with regard to our processing of personal information, you can contact the office of the regulator, the details of which are:

The Information Regulator (South Africa)
General enquiries: enquiries@inforegulator.org.za
Complaints (complete POPIA/PAIA form 5): PAIAComplaints@inforegulator.org.za & POPIAComplaints@inforegulator.org.za

14. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes in the app or by directly sending you a notification via the contact information we have on file (e.g. email). We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at info@horize.de or contact us by post at:

Jan Hamsch und Kai Hamsch GbR
Schutternstr. 23a
77974 Kürzell
Germany

16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To submit such a request, please send an email to info@horize.de with a clear description of your request. We will respond in accordance with applicable data protection laws.