Wardra

Privacy Policy

Last updated: March 2026

1. Who We Are

Wardra is a mobile application operated by Sebastian Bruckner-Hrubesch, based in Vienna, Austria. For the purposes of the EU General Data Protection Regulation (GDPR), we are the data controller. You can reach us at contact@wardra.ai.

2. What Data We Collect

2.1 Data You Provide Directly

  • Account information: Email address, display name, and password (or third-party sign-in credentials) when you create an account.
  • Photos: Images of your clothing items and, optionally, a full-body reference photo of yourself. These photos are uploaded to our servers for processing.
  • Wardrobe data: Garment categories, colours, and outfit combinations you create within the app.
  • Purchase and browsing activity: Items you view, tap, or purchase through affiliate links within the Explore/Marketplace tab.
  • Support correspondence: Messages you send to our support channels.

2.2 Data We Generate or Derive

  • AI-processed images: Background-removed garment cutouts, garment classifications, extracted colour palettes, and body-landmark coordinates derived from your photos using computer vision models (rembg, CLIP, K-means clustering, MediaPipe Pose).
  • Virtual try-on images: When you use the catalogue try-on feature, composite images are generated by third-party virtual try-on services (Google Vertex AI and/or FASHN.ai). These services receive the minimum image data needed to perform the try-on and are contractually bound to not retain or reuse your images.

2.3 Data Collected Automatically

  • Device and usage data: Device type, operating system, app version, crash logs, session duration, screens viewed, and anonymised interaction events.
  • IP address: Collected with network requests; not stored long-term in identifiable form.

3. Why We Process Your Data (Legal Bases)

Under the GDPR, we rely on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)): To provide the core wardrobe management and virtual try-on features you signed up for, and to manage your subscription.
  • Legitimate interest (Art. 6(1)(f)): To improve the app, fix bugs, prevent fraud, and display relevant product recommendations. We balance these interests against your rights and conduct impact assessments where appropriate.
  • Consent (Art. 6(1)(a)): For optional analytics, marketing communications, and any processing that goes beyond the core service. You can withdraw consent at any time in the app settings.

4. How We Use Your Photos

We understand that body photos and clothing images are sensitive. Here is exactly what happens:

  • Garment photos are processed by our servers to remove backgrounds, classify the garment type, and extract dominant colours. The processed cutout is stored; the original photo is retained only as long as needed for processing and then deleted from our pipeline servers.
  • Your body reference photo is stored securely and used solely to render garment overlays on your silhouette within the app. It is never shared with other users.
  • For catalogue try-on, your body photo and the selected product image are sent to a third-party virtual try-on API. These providers process the images in real-time and do not store them after the response is returned.
  • We never use your photos to train machine learning models, and we never sell or license your images to third parties.

5. Third-Party Services and Data Sharing

We share data with the following categories of service providers, all of whom are contractually obligated to protect your data:

  • Infrastructure: Supabase (database and authentication, hosted in the EU).
  • Virtual try-on: Google Cloud (Vertex AI) and/or FASHN.ai — receive image data only as needed for try-on processing.
  • Affiliate commerce: Skimlinks, and potentially CJ Affiliate and Rakuten — receive anonymised click and conversion data when you interact with product links. These providers may set cookies in the in-app browser.
  • Subscription management: RevenueCat — processes subscription status and purchase receipts from Apple/Google. RevenueCat does not receive your photos or wardrobe data.
  • Analytics and crash reporting: Anonymised usage events and crash logs.

We do not sell your personal data. We do not work with data brokers.

6. International Data Transfers

Some of our service providers (notably Google Cloud and RevenueCat) may process data outside the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or the provider's participation in an adequacy framework recognised by the European Commission.

7. Data Retention

  • Account data and wardrobe data are retained for as long as your account is active.
  • Raw uploaded photos are deleted from processing servers within 48 hours of processing. Processed cutouts are retained as part of your wardrobe.
  • Virtual try-on images are generated on-the-fly and are not permanently stored on our servers.
  • If you delete your account, all personal data (including photos, wardrobe data, and purchase history) will be permanently deleted within 30 days, except where retention is required by law (e.g. tax records for completed transactions).

8. Your Rights Under the GDPR

As an EU/EEA resident, you have the right to:

  • Access your personal data and receive a copy of it.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten"). You can delete your account directly in the app.
  • Restrict processing in certain circumstances.
  • Data portability: Receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at contact@wardra.ai. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde, dsb.gv.at).

9. Children's Privacy

Wardra is not directed at children under 16. We do not knowingly collect personal data from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at contact@wardra.ai.

10. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS) and at rest, row-level security on database tables, regular security reviews, and access controls limiting who can access personal data. However, no method of electronic transmission or storage is 100% secure.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via an in-app notification or email before the changes take effect. Continued use of the app after the effective date constitutes acceptance of the updated policy.

12. Contact

Data Controller: Sebastian Bruckner-Hrubesch

Address: Pyrkergasse 2c/13, 1190 Vienna, Austria
Email: contact@wardra.ai