AnyaSelf Docs

Privacy Policy

AnyaSelf Privacy Policy

Privacy Policy

Effective date: March 10, 2026

This Privacy Policy explains how AnyaSelf ("we", "us", "our") collects, uses, discloses, and protects information when you use our web application.

1. Information We Collect

  • Account data: name, email, profile information when you register or sign in via Google OAuth.
  • Household data: household names, member profiles, roles (Parent/Guardian, Adult Member, Child Member), and display names.
  • Wardrobe data: clothing items, images, style preferences, outfits, and purchase metadata you input.
  • Usage data: pages visited, features used, mission interactions, session timestamps, and performance metrics.
  • Device & technical data: browser type, OS, IP address, and device identifiers.
  • Voice data: audio captured during Aura voice sessions is processed in real-time for speech-to-text via Google Gemini Live. Audio is not stored after transcription.
  • Commerce data: product offers, search queries, and cart preparation job details.
  • Browser session data: Hyperbeam session recordings and DOM interactions when using the interactive shopping feature.

2. How We Use Information

  • To provide and maintain the service, authenticate users, and personalize the experience.
  • To power AI-assisted styling recommendations via the Vertex AI agent.
  • To execute Virtual Try-On (VTO) inference using person and garment images you provide.
  • To automate cart preparation on external e-commerce sites, at your direction.
  • To improve our features, diagnose issues, and analyze usage patterns.
  • To maintain audit trails for purchase approvals and security events.
  • To communicate important account and service information.

3. Household & Family Data

AnyaSelf uses a Household model where family members share access to wardrobe items, purchase requests, and styling missions. All data is scoped to the household:

  • Parent/Guardian members have approval authority over purchase requests.
  • Child members cannot initiate purchases without guardian approval.
  • Household deletion (DELETE /households/{id}) permanently removes all associated data including members, items, outfits, requests, and audit logs.

4. Children's Privacy (COPPA Compliance)

AnyaSelf supports household members designated as Child Members. We take special care with children's data:

  • Child members are added only by a Parent/Guardian member.
  • Child members cannot create purchase requests or confirm checkouts independently.
  • All purchase actions for child members require explicit Parent/Guardian approval.
  • Parents/Guardians can review, modify, or delete any child member's data.
  • Parents/Guardians can remove child members from the household at any time.

If you believe a child under 13 has been added without proper parental consent, contact us immediately at privacy@anyaself.com.

5. Cookies & Third-Party Services

We use cookies and similar technologies for session management, analytics, and functional purposes. Third-party services include:

  • Google Firebase Auth — authentication and identity management
  • Google Cloud Platform — compute, storage, AI inference (Vertex AI, Gemini Live)
  • Hyperbeam — ephemeral cloud browser sessions for shopping automation
  • Unsplash — public fashion inspiration feed imagery

Each third-party processes data under their own privacy policies.

6. Data Sharing & Disclosure

We do not sell personal information. We may share data:

  • With service providers who perform services on our behalf (Google Cloud, Hyperbeam)
  • When required by law, regulation, or legal process
  • To protect rights, safety, and property

7. Data Retention & Deletion

  • We retain data as necessary to provide the service and comply with legal obligations.
  • Right to deletion: You can delete your household and all associated data via DELETE /households/{id} or by contacting privacy@anyaself.com.
  • Right to access: You can retrieve all your data via the API at any time.
  • Right to portability: All data is available in structured JSON format via the API.

8. Data Subject Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate personal data
  • Erasure — Request deletion of your personal data
  • Restriction — Request restriction of processing
  • Portability — Receive your data in a structured, machine-readable format
  • Objection — Object to processing based on legitimate interest

To exercise these rights, contact privacy@anyaself.com. We will respond within 30 days.

9. Security

We take commercially reasonable measures to protect data, including:

  • JWT-based authentication with token expiry
  • Encrypted data in transit (HTTPS/WSS)
  • Household-scoped data isolation — no cross-household data access
  • Ephemeral confirmation tokens for purchase checkout (memory-only, 15-minute TTL)
  • Audit logging of all security-relevant events

No system is 100% secure. See our Security & Trust Model for technical details.

10. Changes to This Policy

We may update this policy. We will post changes here with a revised effective date.

Contact

For privacy inquiries, email privacy@anyaself.com.

Changelog

What changed and when.

Terms of Service

AnyaSelf Terms of Service

On this page

Privacy Policy1. Information We Collect2. How We Use Information3. Household & Family Data4. Children's Privacy (COPPA Compliance)5. Cookies & Third-Party Services6. Data Sharing & Disclosure7. Data Retention & Deletion8. Data Subject Rights (GDPR)9. Security10. Changes to This PolicyContact