Back to Home

Privacy Policy for Omby.me

1. Introduction: Our Commitment to Your Privacy

Welcome to Omby.me. ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our mobile application and services (collectively, the "Service").

This policy is designed to be transparent and to help you understand your privacy rights. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. The Information We Collect and Why

We collect information to provide and improve our Service to you. The types of personal information we collect and our purposes for collecting it are outlined below. In compliance with regulations like the GDPR, we believe in providing this information in a clear, accessible format.

Valuable Table: Summary of Data Processing Activities

The following table summarizes the categories of data we collect, our purposes for collection, and the legal basis for processing under the GDPR.

Data Category Examples of Data Collected Primary Purpose of Collection & Use (Legal Basis)
Identity & Contact Data Name, email address, username, password. To create and secure your account, and to communicate with you about your account or our Service. (Legal Basis: Performance of a Contract)
User-Provided Content (Special Category Data) Photographs and videos of your outfits, which may contain images of you and reveal biometric data. To provide the core AI style analysis and outfit recommendation features of the Service. (Legal Basis: Explicit Consent)
Technical & Usage Data IP address, device type and ID, operating system, app version, crash logs, feature usage analytics (e.g., which buttons are tapped). To ensure the app functions correctly, provide technical support, maintain the security of our Service, and to analyze usage patterns to improve our Service. (Legal Basis: Legitimate Interest)
Inferred Data AI-derived style profiles, color harmony preferences, silhouette analysis, and other fashion-related attributes inferred from your User Content. To personalize and improve your in-app experience and the accuracy of future recommendations provided to you. (Legal Basis: Legitimate Interest)

3. How and Why We Use Your Information

We use the information we collect for the purposes described below.

3.1. To Provide and Maintain the Omby.me Service

Core Functionality: We use your User-Provided Content (your photos) as the primary input for our AI engine to generate your personalized style analysis and outfit recommendations. This is the central purpose of our Service.

Account Management: We use your Identity & Contact Data to create your account, authenticate you when you log in, and send you important service-related communications.

Service Improvement and Security: We use Technical & Usage Data to monitor the performance of our app, diagnose and fix technical issues, prevent fraud and abuse, and understand how users interact with our features to guide future development.

3.2. Our Policy on AI Model Training

We believe in transparency and respecting your data. Therefore, we want to be explicitly clear about how we handle your data in relation to our AI models.

We do not use your personal photos or videos to train or improve our general, underlying artificial intelligence models.

The analysis performed on your photo is transient and specific to your request. To provide the Service, our AI processes your photo to generate an analysis. After this process is complete, the photo is permanently deleted from our active servers in accordance with our Data Retention policy (see Section 6). This practice is a core part of our commitment to your privacy, ensuring your personal images are not used for purposes beyond providing the service you have requested. This approach aligns with the principle of data minimization and distinguishes our Service from others that may use personal data for widespread model training.

4. Our Legal Basis for Processing Data (GDPR)

For users in the European Economic Area (EEA) and the United Kingdom (UK), we process your personal data based on the following legal grounds as required by the GDPR:

  • Performance of a Contract: We process your Identity & Contact Data to fulfill our contractual obligation to provide and maintain your user account.
  • Explicit Consent: Your User-Provided Content (photos) contains sensitive personal data (biometric data). We will not and cannot process this data without your explicit, affirmative consent, which we will request at the time you upload a photo. You may withdraw this consent at any time.
  • Legitimate Interest: We process Technical & Usage Data and Inferred Data based on our legitimate interest in maintaining and improving our Service, ensuring its security, and personalizing your experience, provided these interests are not overridden by your rights and freedoms.

5. How We Share and Disclose Information

We do not sell your personal information. We may share your information only in the limited circumstances described below:

  • Service Providers: We may share your information with third-party vendors and service providers who perform services on our behalf, such as cloud hosting (e.g., Amazon Web Services, Google Cloud Platform), data analytics, and customer support. These providers are given access to your information only as is reasonably necessary to provide the service under contractual obligations to protect your data and are prohibited from using it for any other purpose.
  • Legal Compliance and Safety: We may disclose your information if we believe it is necessary to comply with a law, regulation, legal process, or governmental request; to protect the safety of any person; to address fraud, security, or technical issues; or to protect our rights or property.
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be sold or transferred as part of that transaction. We will notify you of any such deal and outline your choices in that event.

6. Data Retention and Deletion

We practice data minimization and retain your personal information only for as long as necessary to fulfill the purposes for which it was collected.

Specifically for your User-Provided Content (Photos): User-uploaded photos are permanently deleted from our active servers within 72 hours of the AI analysis being completed and delivered to you.

This short retention period is designed to give you time to review your analysis while minimizing the time your sensitive data is stored on our systems. Other data, such as your account information, will be retained as long as your account is active. If you delete your account, we will take steps to delete your information within a reasonable timeframe, subject to any legal obligations to retain it for longer periods (e.g., for financial record-keeping or fraud prevention).

7. Data Security Measures

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: We use encryption (such as SSL/TLS) to protect your data in transit and encryption at rest for data stored on our servers.
  • Access Controls: We limit access to your personal information to employees and authorized service providers who need to know that information in order to operate, develop, or improve our Service.
  • Regular Audits: We regularly review our information collection, storage, and processing practices to guard against unauthorized access to our systems.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure.

8. Your Privacy Rights and How to Exercise Them

Depending on your location, you may have certain rights regarding your personal information under laws like the GDPR and the CCPA. We are committed to upholding these rights for all our users. These rights may include:

  • The Right to Access: You have the right to request a copy of the personal information we hold about you.
  • The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate.
  • The Right to Erasure (Deletion): You have the right to request that we delete your personal information, under certain conditions.
  • The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information, under certain conditions.
  • The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • The Right to Object: You have the right to object to our processing of your personal information, under certain conditions.
  • The Right to Opt-Out of Sale/Sharing (CCPA): We do not sell your personal information.

To exercise any of these rights, please contact us at hey@omby.me. We will respond to your request in accordance with applicable law.

9. Children's Privacy

Our Service is not directed to individuals under the age of 13, and we do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.

10. International Data Transfers

Your information, including personal data, may be transferred to—and maintained on—computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located in the EEA or UK, this means your data may be transferred outside of these regions. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, and we will rely on legal mechanisms such as the European Commission's Standard Contractual Clauses to safeguard transfers.

11. Policy Updates and Contact Information

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy within the app and updating the "Last Updated" date at the top of this policy. You are advised to review this Privacy Policy periodically for any changes.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: hey@omby.me

Last updated: September 2025