AI
Traion.me
AITraiOn.me

Privacy Policy

Last updated: January 2025

This Privacy Policy describes how TraiOn.me, a business registered in Dubai, United Arab Emirates ("TraiOn.me", "we", "us", "our"), collects, uses, discloses, and protects personal data in connection with the TraiOn.me website, virtual try-on widget, merchant dashboard, Shopify/WooCommerce integrations, and related services (collectively, the"Services").

1. Roles and Responsibilities

For most processing of personal data related to End Users (shoppers) using the virtual try-on widget on a Merchant's digital properties:

  • The Merchant is the "data controller" (or equivalent under Applicable Law); and
  • TraiOn.me acts as the "data processor" (or "service provider").

For personal data processed in connection with our own website, marketing, and business operations (e.g., Merchant contact details), TraiOn.me may act as an independent data controller.

2. Categories of Data We Process

2.1 Merchant Data

We may collect and process the following Merchant-related data:

  • Business name, store name, URL, and platform (e.g., Shopify, WooCommerce).
  • Business contact details (email address, name, role, phone number, where provided).
  • Account credentials (hashed passwords or access tokens, depending on integration).
  • Billing information (processed via third-party payment providers; we do not store full card numbers).
  • Product catalog information (images, SKUs, variants, descriptions).

2.2 End User Data

When End Users interact with the TraiOn.me widget, we process:

  • End User Images (photos uploaded or captured via camera for the try-on experience).
  • AI Output generated based on those images and product data.
  • Binary feedback (e.g., "like"/"dislike") and selected reason tags (e.g., fit, color, style).
  • Technical identifiers (IP address, browser type, device information, basic logs).
  • Session-level identifiers or pseudonymous IDs used for analytics and short-term history.

2.3 Technical and Usage Data

We may collect technical and usage information such as:

  • Log files, error logs, and diagnostic data.
  • Timing metrics (e.g., generation time, time spent in try-on popup).
  • Aggregated and anonymized statistics about try-on usage and performance.

3. Purposes and Legal Bases (GDPR / UK GDPR)

We process personal data for the following purposes and on the following legal bases:

3.1 Provision of the Services

  • To authenticate Merchants and provide access to the dashboard.
  • To ingest Merchant product catalogs and connect to Third-Party Platforms.
  • To generate AI Output for End Users using the widget.

Legal bases: performance of a contract (with Merchants); legitimate interests (to operate a functional platform); and, for End Users, consent obtained by Merchant where required.

3.2 Billing and Account Management

  • To process payments for Credits and other fees.
  • To send invoices, receipts, and billing notifications.

Legal bases: performance of a contract; legal obligation (tax, accounting).

3.3 Analytics, Product Improvement, and Security

  • To measure usage, improve models, and optimize user experience.
  • To detect abuse, fraud, and security incidents.
  • To produce aggregated and anonymized reports for Merchants.

Legal bases: legitimate interests (improving and securing the Services).

3.4 Communications

  • To send transactional emails and notifications (e.g., low credit alerts, integration errors).
  • To respond to support inquiries.

Legal bases: performance of a contract; legitimate interests.

3.5 Marketing (Limited)

We may send Merchants information about new features or promotions, subject to Applicable Law. Merchants can opt out of non-essential marketing communications at any time.

Legal bases: legitimate interests; consent where required.

4. Image Processing, Retention, and Auto-Deletion

End User Images and corresponding AI Output are processed solely for generating virtual try-on experiences and closely related features (e.g., very short-term history or recovery of a recent session).

Unless otherwise required by law or explicitly agreed in writing:

  • End User Images and AI Output are retained for no longer than 24 hours from generation.
  • We implement automated routines to delete such images and outputs after this period.
  • We do not use End User Images or AI Output to train general-purpose models.

5. Cookies and Similar Technologies

We use cookies or similar technologies to support core functionality (e.g., session management, security) and basic analytics. We do not use third-party advertising cookies in connection with the widget.

Merchants may have their own cookie banners and policies on their stores; End Users should refer to the relevant store's cookie policy for details on that store's use of cookies.

6. Data Sharing and Subprocessors

We may share personal data with:

  • AI processing providers that generate try-on images under our instructions.
  • Hosting and infrastructure providers (e.g., cloud storage, database hosting).
  • Payment processors for billing and fraud prevention.
  • Email delivery services for transactional communications.
  • Professional advisors (legal, accounting) where necessary.

All such Subprocessors are bound by appropriate data protection and confidentiality obligations, and may only process personal data as instructed by TraiOn.me.

7. International Transfers

Because TraiOn.me operates globally, personal data may be transferred to and processed in countries outside the jurisdiction in which it was collected, including countries that may not provide the same level of data protection as the European Economic Area (EEA) or the United Kingdom.

Where required by Applicable Law, we implement appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs) or equivalent mechanisms, for cross-border transfers of personal data.

8. Data Retention

We retain personal data for no longer than necessary for the purposes described above:

  • End User Images and AI Output: up to 24 hours (except where longer retention is required by law or for security investigations).
  • Merchant account and billing data: for the duration of the relationship and as required by tax, accounting, or other legal obligations (typically up to 7–10 years).
  • Analytics and logs: typically 12–24 months, in aggregated or pseudonymized form where possible.

9. Security

We implement technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, including:

  • Encryption in transit (HTTPS/TLS) and at rest where appropriate.
  • Access controls, least privilege, and logging.
  • Content moderation and safe-guardrails to reduce abusive or prohibited content.
  • Regular monitoring and updates of our infrastructure.

No security measure is perfect. Merchants are responsible for securing their own systems, credentials, and integrations with TraiOn.me.

10. Children's Data

The Services are not directed to children under the age of 16, and we do not knowingly collect personal data from children under 16 without appropriate consent. Merchants must not encourage or allow minors to upload images in violation of Applicable Law.

11. Data Subject Rights (GDPR / UK GDPR / Similar Laws)

Depending on your location, you may have the following rights in relation to your personal data:

  • Right of access to personal data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten").
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to certain processing, including direct marketing.
  • Right to withdraw consent at any time, where processing is based on consent.

Where TraiOn.me acts as a data processor (for End User data), requests should typically be directed to the relevant Merchant (the data controller). We will assist Merchants in responding to such requests in accordance with contractual and legal obligations.

Where TraiOn.me acts as a data controller (e.g., for Merchant contact data), you may exercise your rights by contacting us at support@traion.me.

12. Additional Disclosures for Certain Jurisdictions

If you are located in a jurisdiction with specific privacy legislation (e.g., California, certain GCC or EU member states), you may have additional rights and protections under local law. We will honor those rights to the extent required by Applicable Law.

13. Data Processing Agreement (DPA)

For Merchants subject to GDPR, UK GDPR, or similar data protection laws, TraiOn.me offers a Data Processing Agreement that further governs the processing of personal data on their behalf. In case of conflict between this Privacy Policy and the DPA, the DPA shall prevail for data protection matters.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in technology, Applicable Law, or our practices. We will post the updated version on this page with an updated "Last updated" date. In case of material changes, we may also notify Merchants via email or dashboard notification.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact us at:

TraiOn.me
Email: support@traion.me