Privacy Policy

How sök handles your personal data, written in plain English.

Who we are

sök is a mobile fashion-styling app. The service is operated by Anastasiia Tokar (sole proprietor, based in Poland), who is the data controller for the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR").

Contact for privacy questions or data-access requests: privacy@sokfashion.com

What data we collect

• Account data — your email address and an authentication token, created when you sign up.
• Style profile — your aesthetic preferences, body silhouette, color analysis answers, fashion experience level, gender (used only to scope outfit recommendations), home city for weather, and the seven style-axis sliders you set during onboarding.
• Closet photos — photos of clothing items you upload, plus AI-generated metadata (category, colors, fabric, season) and any notes you add.
• Inspiration board — images you pin as inspiration.
• Outfit history — daily outfits the AI composes for you, ones you approve, swap, or skip, plus any wear events you log.
• Feedback signals — your thumbs up/down on outfits and chat replies, your swipes on Discover items, and any freetext you write when correcting Andy (the AI stylist).
• Usage counters — daily counts of how often you use AI-driven features, to enforce your plan's limits.

We do not collect device identifiers, advertising IDs, contacts, microphone audio, or precise location.

Why we collect it (legal basis)

• Performance of a contract (Art. 6(1)(b) GDPR) — to provide the styling service you signed up for.
• Legitimate interest (Art. 6(1)(f) GDPR) — to improve outfit quality by learning from your feedback signals. You can withdraw participation at any time by deleting your account.

We do not rely on consent for marketing because we don't send marketing emails.

Who we share data with (sub-processors)

We send the minimum necessary data to a small set of trusted services:

• Supabase (Singapore / US) — database, authentication, and storage for your account and photos.
• Anthropic (US) — the Claude AI model that generates Andy's outfit suggestions, gap analysis, and chat replies. We send the text of your style profile and the metadata of items in your closet; we send photo URLs when Andy needs visual context (your inspiration board pins, or candidate retailer images he picks between).
• remove.bg / Kaleido (Germany) — removes the background from each closet photo you upload, leaving the garment on a transparent backdrop.
• SerpAPI (US) — proxies image search queries to find retailer product photos for the gap recommendations.
• Open-Meteo (Germany) — public weather forecasts for your home city, so outfits match today's temperature.

Transfers to providers outside the EEA are made under Standard Contractual Clauses or other safeguards as required by the GDPR.

How long we keep data

We keep your account data and content as long as your account exists. When you delete your account from inside the app (Settings → Delete my account), we permanently erase your account, all linked rows (closet items, outfits, history, inspiration), and the files in storage within 24 hours. We do not keep backups of deleted accounts.

Aggregated, non-personally-identifying logs of edge function activity may be retained up to 30 days for debugging.

Your rights under the GDPR

You have the right to:

• Access the personal data we hold about you
• Have it corrected if it's wrong
• Have it erased (the in-app "Delete my account" handles this; for any leftover requests, email us)
• Restrict or object to specific processing
• Receive a copy of your data in a portable format
• Withdraw any consent you've previously given
• Lodge a complaint with the Polish Personal Data Protection Office (UODO) — uodo.gov.pl

To exercise these rights, email privacy@sokfashion.com. We aim to respond within 30 days.

Children

sök is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, email us and we'll delete it.

Security

Your data is encrypted in transit (TLS). Access to production data is restricted to the controller. Photos are stored in signed-URL buckets with short-lived access tokens; only your client and our edge functions can fetch them.

Changes to this policy

If we change anything material, we'll update this page and reset the effective date. Continuing to use sök after a change means you accept the updated policy.