Skip to content
Back to home
MyBestOutfitMyBestOutfit

Privacy Policy

Last updated: February 11, 2026

1. Data Controller

Entity: MyBestOutfit

Address: Spain (full registered address will be published upon company registration)

Email: privacy@mybestoutfit.com

Website: https://mybestoutfit.com

2. Introduction

MyBestOutfit ("we", "us", "our") is a mobile wardrobe management application with artificial intelligence features, available on iOS and Android. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Ley Orgánica 3/2018, de Protección de Datos Personales y Garantía de los Derechos Digitales ("LOPDGDD"), and Ley 34/2002, de Servicios de la Sociedad de la Información y de Comercio Electrónico ("LSSI-CE"). We are committed to a privacy-first architecture: your wardrobe data is stored locally on your device, and your photos never pass through our servers.

3. Data We Collect

We collect different categories of data depending on how you use the app. We have designed our system to minimize the data that leaves your device.

A. Data stored exclusively on your device (never sent to MBO)

  • Garment photos and images stored in local file system
  • Wardrobe database (SQLite): garment metadata, categories, colors, seasons, tags
  • Calendar events accessed via native device APIs
  • Saved outfits and combination history
  • AI avatar images after generation
  • Style preferences and settings

B. Data sent directly to Google (AI processing, never through MBO servers)

  • Garment photos for background removal (EXIF metadata stripped before sending)
  • Photos for avatar generation (EXIF metadata stripped before sending)
  • Photos for outfit visualization (EXIF metadata stripped before sending)

C. Data sent to MBO servers (anonymous, optional)

  • Anonymous style metadata for affiliate matching (e.g., {"style": "casual", "gaps": ["formal-shoes"]}). No photos, names, or locations.
  • Waitlist registration: email address only

D. Data processed by third-party services

  • City name sent to weather API for outfit adaptation (not GPS coordinates)
  • Subscription verification via RevenueCat through Apple App Store / Google Play Store
  • Anonymous landing page analytics via Umami (self-hosted, cookieless, no personal data)

4. How Your Data Is Processed

4.1 Local Processing (on-device)

Your wardrobe is a local SQLite database stored on your device. Your garment photos are saved in local file system storage. Calendar access uses native device APIs — no calendar data ever leaves your phone. All of this data remains on your device and is never transmitted to MyBestOutfit servers.

4.2 AI Processing (Firebase AI SDK / Google Gemini)

When you use AI features (background removal, outfit generation, avatar creation), your photos are sent directly from your device to Google Gemini through the Firebase AI SDK. This is a direct device-to-Google connection — your photos never pass through or are stored on MyBestOutfit servers. Google processes these images under its data processing terms as a processor acting on our behalf. Google Gemini does not use your data to train its models when used through the Firebase AI SDK.

4.3 EXIF Metadata Stripping

Before any photo is sent to Google Gemini for AI processing, MyBestOutfit strips all EXIF metadata from the image. This includes GPS location coordinates, device model and manufacturer, date and time of capture, camera settings, and any other embedded metadata. The AI processor receives only the pixel data of the image, with no identifying information attached.

4.4 Anonymous Metadata for Affiliate Matching

If you enable shopping recommendations, MyBestOutfit sends anonymous style metadata to our servers to match you with relevant product suggestions via Amazon Associates. This data includes only abstract style categories and identified wardrobe gaps (e.g., {"style": "casual", "gaps": ["formal-shoes"]}). No photos, names, device identifiers, or location data are included. This processing is based on your consent and can be disabled at any time in the app settings.

4.5 Subscription Management

Subscription purchases are handled by RevenueCat through Apple App Store (iOS) or Google Play Store (Android). MyBestOutfit receives subscription status information (active/inactive, tier) but does not have access to your payment details (credit card, billing address). Payment processing is handled entirely by Apple or Google.

5. What Leaves Your Device

For complete transparency, here is an exhaustive list of all data that leaves your device when using MyBestOutfit:

1

Garment or avatar photos to Google Gemini: Direct from your device to Google, never through MBO servers. EXIF metadata stripped before transmission.

2

City name to Weather API: To adapt outfit suggestions to current weather. Only your city name, not your GPS coordinates.

3

Anonymous style metadata to MBO server (optional): Only if you enable shopping recommendations. Data like {"style": "casual", "gaps": ["formal-shoes"]}. No photos, no names, no locations.

4

Subscription verification to App Store / Google Play: Standard verification for any app with in-app purchases via RevenueCat.

5

Email address to MBO server (waitlist only): Only if you voluntarily sign up for the pre-launch waitlist on our website.

6. Legal Basis for Processing

We process your personal data under the following legal bases established by Article 6 of the GDPR: - Contract performance (Art. 6.1.b): Processing necessary to provide the MyBestOutfit service, including AI-powered features through Google Gemini. - Consent (Art. 6.1.a): For optional features such as shopping recommendations with anonymous metadata, and for waitlist registration. You can withdraw consent at any time. - Legitimate interest (Art. 6.1.f): For anonymous analytics of our landing page (via cookieless Umami) to improve our service, balanced against minimal impact on your privacy. A Data Protection Impact Assessment (DPIA) has been conducted given the use of AI processing and the potential processing of biometric-adjacent data (avatar generation from photos).

7. International Data Transfers

When your photos are processed by Google Gemini, data may be transferred to Google servers located outside the European Economic Area (EEA). Google LLC participates in the EU-U.S. Data Privacy Framework (DPF), as designated by the European Commission's adequacy decision of July 10, 2023. This provides an adequate level of protection for your personal data under Article 45 of the GDPR. RevenueCat, Inc. (subscription management) is also certified under the EU-U.S. Data Privacy Framework. MyBestOutfit servers that process anonymous style metadata are located within the European Union.

8. Data Retention

- On-device data (wardrobe, photos, calendar, outfits): Retained on your device until you delete them or uninstall the app. MyBestOutfit has no copy of this data. - AI-processed data (Google Gemini): Processed in transit and not retained by Google for model training when used through Firebase AI SDK. Refer to Google's data processing terms for specific retention periods. - Anonymous style metadata: Retained on our servers for up to 24 months from last activity, then automatically deleted. - Waitlist email: Retained until service launch and your registration, or until you request deletion, whichever occurs first. - Subscription data (RevenueCat): Retained according to RevenueCat's data retention policy and applicable tax/accounting obligations. - Landing page analytics (Umami): Aggregated, anonymous data with no personal identifiers. No retention limit applies as no personal data is collected.

9. Your Rights

Under the GDPR and LOPDGDD, you have the following rights regarding your personal data:

  • Right of access: Obtain confirmation of whether we process your personal data and access a copy of it.
  • Right to rectification: Request correction of inaccurate personal data.
  • Right to erasure ("right to be forgotten"): Request deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
  • Right to restriction of processing: Request that we limit the processing of your data in certain circumstances.
  • Right to data portability: Receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object: Object to the processing of your personal data based on legitimate interests.
  • Right to withdraw consent: Withdraw your consent at any time for processing based on consent, without affecting the lawfulness of prior processing.
  • Right not to be subject to automated decisions: Not be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant effects.

To exercise any of these rights, contact us at privacy@mybestoutfit.com. We will respond within 30 days as required by law. No fee is charged for exercising your rights.

You also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Espanola de Proteccion de Datos — AEPD) at www.aepd.es if you believe your rights have been violated.

10. Children's Privacy

MyBestOutfit is not directed to children under 16 years of age (the age of digital consent under Spanish law, Article 7 LOPDGDD). We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information promptly. If you believe we may have collected data from a child under 16, please contact us at privacy@mybestoutfit.com.

11. Cookies and Tracking

The MyBestOutfit landing page (mybestoutfit.com) uses Umami, a self-hosted, cookieless analytics solution. Umami does not use cookies, does not collect personal data, and does not track users across websites. It collects only anonymous, aggregated page view statistics. The landing page may use a technical cookie to store your language preference (set by next-intl). This is a strictly necessary cookie that does not require consent under the LSSI-CE. We do not use third-party tracking cookies, advertising cookies, or any form of cross-site tracking. For full details, see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable legislation. We will notify you of any material changes by posting the updated policy on this page with a new "Last updated" date. For significant changes, we may also notify you through the app. We recommend reviewing this policy periodically.

13. Contact

For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at: Email: privacy@mybestoutfit.com Website: https://mybestoutfit.com Data Protection Officer (DPO): dpo@mybestoutfit.com