PRIVACY POLICY

• Full name (or legal entity name)
• Email address
• Password (stored hashed via Supabase Auth)
• Language preferences (locale)
• Registration date and email verification

• Stripe customer identifier (stripe_customer_id)
• Subscription plan and Credit balance
• Transaction information (amounts, dates, status)

Wizia AI does not store card numbers. Payments are processed entirely by Stripe, Inc. in compliance with PCI DSS standards.

• Product photos: images of goods uploaded by Merchants for the AI photo studio
• Personal photos: face/body photos for Virtual Try-On
• AI-generated images: outputs from AI model processing
• Custom scenes and models: reference images for custom photo scenes

• Identifiers: visitor_id, session_id, fingerprint, shop_user_id
• Page context: URL, title, referrer
• UTM parameters: utm_source, utm_medium, utm_campaign
• Device: screen size, viewport, DPR, connection type
• Server-enriched: IP address, user agent, OS, browser, device type
• Geolocation: country, region, city (derived from IP)
• Behavioral data: event type, event data, timezone, language
• Bot marker

• Type and count of AI generations (photo studio, VTO, video)
• Credits used and AI model provider
• File storage metadata
• Date and time of actions

• Device fingerprint
• Merchant identifier
• Date and request count

• Hashed IP address (HMAC) at registration
• User agent at registration

• Canvas fingerprint hash
• WebGL renderer/vendor
• AudioContext hash
• Persistent visitor_id (localStorage)
• Session_id (sessionStorage)
• Cross-site behavioral path
• Identity Stitching data
• Purchase funnel data
• Additional device data: hardware concurrency, touch points

• Behavioral profiles and scores (purchase intent, style affinity, engagement)
• Features extracted from photos (body type, style preferences)
• Predictive models and market insights
• Cross-merchant behavioral models

• Product photos — images of goods uploaded by Merchants (typically do not contain personal data)
• Personal photos for Virtual Try-On — face and/or body photos for visualization

1. Technical preprocessing: resize, format conversion (HEIC → JPEG), compression via Sharp
2. AI processing: sent (base64) to Google Gemini and/or OpenAI — processors under Art. 28 GDPR
3. Storage: generated images in secured cloud storage (Supabase Storage) with RLS
4. Demo mode: photos are not stored — result returned as data URI

Photos may be processed to extract: body type and proportions, approximate demographics, style and color preferences, product compatibility predictions.

These features may be:

• used internally for improvement and personalization
• sold to third parties in anonymized form without additional consent
• sold in identifiable form only with explicit consent

Per Recital 51, processing of photographs is not automatically considered processing of biometric data under Art. 9. The Controller applies the precautionary principle and treats photos with facial features as potentially falling within Art. 9 scope.

You may request deletion via account settings or hello@wizia.ai. Deletion from active systems — within 30 days. Backup archives — within 90 days.

With consent per Art. 11 of the Terms, data may be shared with: fashion brands and retailers, analytics and marketing companies, AI and technology partners, advertising networks, market research companies, insurance and financial institutions.

• Anonymized: may be sold without consent (Recital 26)
• Identifiable profiles: only with explicit consent
• Buyers: must sign a Data Use Agreement prohibiting re-identification

Data that does not allow identification does not constitute personal data (Recital 26) and may be used without restriction.

Disclosure without consent when required by: law, court order, or protection of rights/safety.

In mergers/acquisitions, data may be transferred with prior notice to users.

• Behavioral scoring: purchase probability, engagement, customer value
• Purchase prediction: when and what the user is likely to buy
• Style affinity: preferred styles, colors, brands, sizes
• Photo analysis: body type, proportions, demographics
• Cross-merchant profiling: behavioral profile across multiple Merchants

Combination of computer vision AI models, machine learning models, and statistical models. Input data: 3.3, 3.4, 3.5, 3.8. Results → Derived Data (3.9).

• Content and recommendation personalization
• Price differentiation (by Merchants/third parties — outside Controller's control)
• Third-party decisions based on sold Derived Data

Right not to be subject to automated decisions; to request human intervention; to express your point of view; to contest the decision. Contact: hello@wizia.ai. Response: within 30 days.

AI models undergo periodic bias audits. Profiling may not lead to discrimination based on protected characteristics.

Cookie banner on first visit. Essential cookies cannot be disabled. Also manageable through browser settings.

The widget stores visitor_id, session_id, fingerprint in localStorage/sessionStorage. The Merchant is responsible for including this in their own policy.

JavaScript-based technology: Canvas Fingerprinting, WebGL Fingerprinting, AudioContext Fingerprinting, additional parameters (hardware concurrency, touch points). Persistent identifiers (visitor_id, session_id). Identity Stitching on login. Server-side enrichment (IP, user agent, geolocation, bot marker).

Wizia Pixel links behavior across multiple Merchant websites. Opt-out: cookie banner, clearing localStorage, Private/Incognito mode, or request to hello@wizia.ai.

Residents of other EU/EEA states may file a complaint with their local supervisory authority.

European Commission ODR platform: https://ec.europa.eu/consumers/odr