Privacy Policy

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Last updated: January 15, 2026

1. Introduction

Welcome to Myra ("we," "our," or "us"). This Privacy Policy explains how After9Labs collects, uses, discloses, and safeguards your information when you use our Myra application, an AI-powered outfit maker and clothes changer service.

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy.

2. Information We Collect

2.1 Personal Information You Provide

When you use Myra, we may collect:

  • Account information (email address, username, password)
  • Profile information (name, profile picture)
  • Photos and images you upload for outfit creation and AI clothes changing
  • Body measurements and preferences you provide for better fitting suggestions
  • Wardrobe inventory data (clothing items, categories, colors)
  • Outfit combinations and styling preferences
  • Payment information (processed securely through third-party providers)

2.2 Automatically Collected Information

We automatically collect certain information when you use our service:

  • Device information (device type, operating system, unique device identifiers)
  • Log data (IP address, browser type, access times, pages viewed)
  • Usage data (features used, interactions with the app)
  • Location data (with your consent, for regional fashion recommendations)

2.3 AI-Generated Content

When you use our AI clothes changer feature, we process your uploaded images to generate virtual try-on results. These images are processed using AI technology and may be temporarily stored for service delivery purposes.

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain the Myra service
  • Process AI-powered outfit creation and virtual clothes changing
  • Personalize your experience with style recommendations
  • Manage your digital wardrobe and outfit calendar
  • Process transactions and send related information
  • Send service updates, security alerts, and support messages
  • Improve and optimize our AI algorithms and service features
  • Detect, prevent, and address technical issues and fraud
  • Comply with legal obligations

4. AI Processing and Image Data

Important: Our AI clothes changer and outfit maker features require processing of your photos and images, which may contain your face data (facial features and biometric information). Here's how we handle this data:

  • Images are processed securely using AI technology to generate virtual try-on results
  • Your original images remain yours; we do not claim ownership of user-uploaded content
  • AI-generated images are created solely for your personal use within the app
  • We do not use your personal photos to train our AI models without explicit consent
  • You can delete your images and AI-generated content at any time from your account

For detailed information about how we collect, use, share, and protect your face data and biometric information, please see Section 4.1 below.

4.1 Face Data and Biometric Information

When you upload photos to use our virtual try-on features, these photos contain your face data (facial features and biometric information). This section explains how we collect, use, share, and protect this sensitive information.

Collection of Face Data

  • Face data is collected as part of the photos you upload through our app
  • Face data is embedded within the complete image files you provide (we do not extract or store face data separately)
  • We collect face data only when you choose to upload photos for virtual try-on generation
  • You can choose not to upload photos containing your face, though this will limit the functionality of our virtual try-on features

Use of Face Data

Face data is used exclusively for the following purposes:

  • Virtual Try-On Generation: To generate images where you appear wearing different outfits while preserving your exact facial features, hair, pose, and expression
  • Identity Preservation: Our AI systems are specifically configured to preserve your facial features, hair, pose, and expression in generated images

Face data is NOT used for:

  • User identification or authentication
  • Training AI models (we do not use your photos to train our AI models)
  • Marketing or advertising purposes
  • Analytics or tracking
  • Any purpose other than generating your personal virtual try-on images

Sharing of Face Data with Third Parties

Face data (contained in your uploaded photos) is shared with the following third-party service providers for the purposes of content moderation, service delivery, and generating your virtual try-on images:

  1. OpenAI (openai.com)
    • Purpose: To perform content moderation to prevent inappropriate content uploads.
    • Data Shared: Reference images containing face data
    • Data Handling: Images are processed according to OpenAI's privacy policy (https://openai.com/policies/privacy-policy)
    • Retention: Images are processed temporarily and not stored permanently by OpenAI beyond their standard API processing windows
  2. Google Gemini (via OpenRouter)
    • Purpose: To generate the final virtual try-on images
    • Data Shared: Reference images containing face data
    • Data Handling: Images are processed according to Google's privacy policy (https://policies.google.com/privacy) and OpenRouter's privacy policy (https://openrouter.ai/privacy)
    • Retention: Images are processed temporarily and not stored permanently by Google or OpenRouter beyond their standard API processing windows
  3. Cloudflare R2 (r2.cloudflare.com)
    • Purpose: Secure storage of your images
    • Data Stored: Complete reference images (containing face data) and generated images
    • Security: Images are stored with encryption and transferred over encrypted HTTPS connections

Storage of Face Data

  • Primary Storage: Face data is stored in Cloudflare R2 object storage (distributed data centers)
  • Database: Image metadata and references are stored in our Convex database (the actual image files containing face data are stored in R2, not in the database)
  • Temporary Processing: Images are temporarily processed in memory during AI generation, then stored in R2
  • Security: All images are transferred over encrypted HTTPS connections and stored with appropriate security measures

Retention of Face Data

  • User-Controlled Retention: Face data is retained until you explicitly delete the associated image through the app
  • Immediate Deletion: When you delete an image, the face data (and all associated images) are immediately and permanently deleted from our storage systems
  • Account Deletion: If you delete your account, all face data and associated images are deleted within 30 days
  • No Automatic Expiration: There is no automatic expiration or time-based deletion of face data - it is retained until you choose to delete it
  • Failed Generations: If an image generation fails, the reference image (containing face data) is still stored until you delete it

Your Rights Regarding Face Data

You have the following rights regarding your face data:

  • Access: You can access your face data by viewing your uploaded photos in the app
  • Deletion: You can delete your face data at any time by deleting images in the app (deletion is permanent and cannot be undone)
  • Account Deletion: You can request deletion of your account, which will result in deletion of all associated face data within 30 days
  • Control: You control when and which photos containing face data are uploaded and stored

Security Measures

We implement appropriate technical and organizational security measures to protect your face data:

  • Encryption of data in transit (HTTPS) and at rest
  • Secure servers and infrastructure (Cloudflare R2)
  • Access controls and authentication measures
  • Regular security audits and updates

Please note that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your face data, we cannot guarantee absolute security.

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

  • Service Providers: With trusted third parties who assist in operating our service (hosting, AI processing, payment processing, analytics)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly agree to sharing

We do not sell, trade, or rent your personal information to third parties for their marketing purposes.

6. Data Storage and Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Secure servers and infrastructure
  • Regular security audits and updates
  • Access controls and authentication measures

Please note that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. When you delete your account, we will delete or anonymize your personal data within 30 days, unless retention is required by law.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Portability: Request transfer of your data in a machine-readable format
  • Restriction: Request limitation of processing
  • Objection: Object to certain types of processing
  • Withdraw Consent: Withdraw consent for processing based on consent

To exercise these rights, please contact us at contact@after9labs.com

9. Children's Privacy

Myra is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer your data, we ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

11. Third-Party Services

Our service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

After9Labs

Email: contact@after9labs.com

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━