Updated and Effective as of March 27, 2026

IMPORTANT NOTICE

To use some of our Services (apps, websites, and others), we may ask you to provide specific information such as your name (or nickname), email address, date of birth, information about your feelings and mental well-being, and other onboarding details. Depending on the app product you choose within our ecosystem, additional data – such as a photo of your face, clothing, or physical parameters – may be required (please refer to Section 2.1 of this Policy). To personalize our services, we analyze your visual features from a photo, and consider your preferences. We may analyze photos of your clothes uploaded to the app to find the best matches or pairings. In some cases, you may skip certain onboarding questions by selecting “Skip” or a similar option.

Additionally, we may automatically collect information from your device, including language settings, IP address, time zone, device type, model, and other data points. This data enables us to provide Services, analyse app usage, and enhance specific experiences.

To improve subscription management and engagement tracking, we integrate with Apple’s App Store Server API. This includes using the consumptionRequestReason feature, which collects data about your interactions with subscription content. Certain event data (Customer Account Age, User Account Details, Content Consumption Level, Platform Information, Total In-App Purchase Amount, App Usage Time, and Account Status) may be shared with Apple to enhance subscription management in line with Apple’s guidelines. Apple uses and protects this data per its own Privacy Policy and retains it only as necessary. You may opt out of transferring this event data to Apple by contacting us.

We and third-party vendors, including Amazon, use first-party cookies and third-party cookies to track referrals, analyze user interactions with affiliate links, and optimize your shopping experience.

To determine your colour type, we transmit anonymised categorical styling attributes to our AI service providers. Specifically, we send derived values such as hair colour category, eye colour category, and skin tone category. These attributes are extracted from your submitted photo exclusively at our backend level before any transmission occurs. Your original photos and any user-identifying information (name, email, account ID, device identifiers) are never transmitted to AI providers. All AI requests are routed exclusively through our own backend infrastructure – there are no direct connections between the app and third-party AI providers. Submitted photos are stored on our servers for up to 90 days, after which they are permanently deleted. You may also request earlier deletion at any time via the in-app account settings or by contacting us.

We encourage you to read this Privacy Policy to better understand how we handle your data (Section 2), your data privacy rights (Section 7), and the privacy controls available to you.

Questions? Contact us at applabel@support-team.app.

TABLE OF CONTENTS

1. General

2. Personal Data (Types, Purposes, Legal Basis)

3. Ways of Using Personal Information

4. Third-Party Processing of Personal Data

5. Storage of Personal Information

6. Personal Data Protection

7. User’s Rights

8. Age Requirement

9. Specific Provisions Applicable Under California Privacy Law (CCPA)

10. Contact Details

1. GENERAL

This Privacy Policy describes how APPLABEL LTD – a company incorporated under the laws of the Republic of Cyprus (registration number HE 420476), with registered address at Panagioti Tsangari, 14, 1st floor, Flat/Office 1F, 4047, Limassol, Cyprus (collectively “we”, “us”, or “our”) – collects, uses, stores, transfers, and discloses personal information from Users in connection with our Services.

For the purposes of the General Data Protection Regulation 2016/679 (GDPR) and any implementing legislation, APPLABEL LTD is the data controller responsible for any personal data we process.

Definitions used in this Policy:

“Services” – our Apps, Websites, and any related services or properties we control.
“Apps” – applications and other products produced by us on any platform.
“Websites” – websites and other online properties we control.
“Personal Data” – any information that relates to you as an identified or identifiable individual.
“Anonymous data” – data from which the identity has been removed and which cannot be re-associated with you.
“User / consumer” – any third party that uses our Services.

We reserve the right to update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on the primary access points to the Services or as otherwise required by applicable law. Please review it regularly.

Where applicable, if you do not provide us with the relevant Personal Data, you may not be able to use our Services. You should not use the Services if you do not agree with this Policy or our Terms of Use.

Contact: applabel@support-team.app | Panagioti Tsangari, 14, 1st floor, Flat/Office 1F, 4047, Limassol, Cyprus

2. PERSONAL DATA (TYPES, PURPOSES, LEGAL BASIS)

2.1 Data We Collect

When you use our Services, we may collect, use, receive, process, transfer, and share some of your Personal Data for different legitimate purposes. The types of information we collect depend on how you use the Services and interact with us. The table below sets out the Personal Data we process, the reasons we collect it, and the legal bases we rely on.

Personal Data	Purposes	Legal Basis
Registration Information: name/nickname, email, password, age, gender Location data: IP address, time zone, mobile service provider	To register for the Services and create an account (where applicable). To provide and deliver the Services and track your activity.	Contract (Art. 6(1)(b) GDPR)
Contact data: name, email, content of your question/request, telephone number	To communicate with you and respond to your questions and requests.	Legitimate Interest (Art. 6(1)(f) GDPR)
User-generated content: chat data, photos, texts, communications with support	To provide all features of the Services.	Contract (Art. 6(1)(b) GDPR)
Your photos (including images and avatars), derived visual profile data (color type - eye color, hair color, skin tone), body measurements or any quiz data Note: we do not collect or store your photo albums, even if you grant us access to them. We access only the specific photos you choose to grant us access to using the app.	To build and maintain your personalised visual profile for fashion and styling advice, colour analysis, outfit recommendations, and appearance-based features of the app.	Contract (Art. 6(1)(b) GDPR)
Billing data: name, email, date of birth, purchase details and payment history	For billing, account management and other administrative purposes.	Contract (Art. 6(1)(b) GDPR)
Emotional & well-being data: information about your feelings, mental well-being, health data imported from Apple HealthKit or Google Fit (with your permission)	To provide features of the Services and make recommendations for you.	Consent (Art. 6(1)(a) GDPR)
Device & usage data: device type/model, OS, IP address, language, connection type, advertising IDs (IDFA, GAID), Firebase ID Usage events: session length, push tokens, ad interactions, app installs Diagnostics: logs, error reports Cookies & tracking technologies	To analyse, operate, and improve our Services; understand user behaviour; customise experiences; store app progress; comply with legal obligations. To send push notifications and marketing communications (with your consent). To track advertising performance.	Legitimate Interest (Art. 6(1)(f) GDPR) Contract (Art. 6(1)(b) GDPR) Consent (Art. 6(1)(a) GDPR) for marketing/notifications
Social login data: first/last name, social media ID, profile picture/URL from Facebook, Google, or Apple	To offer an alternative method of registration (voluntary).	Contract (Art. 6(1)(b) GDPR)
Analytics data: user ID, in-app activity data, advertising ID, IP address, location (aggregate)	To optimise app features and events; to track marketing campaign performance.	Legitimate Interest (Art. 6(1)(f) GDPR)
Any information required by law	To comply with legal obligations, including requests from public authorities.	Legal Obligation (Art. 6(1)(c) GDPR)

Legal Basis Reference

Contract: Processing is necessary to fulfil a contract with you or take pre-contractual steps at your request.

Legitimate Interests: Processing serves our legitimate interests (e.g. fraud prevention, service improvement, marketing) and does not override your rights.

Consent: You have given explicit consent, which you may withdraw at any time without affecting prior lawful processing.

Legal Obligation: Processing is required to comply with a legal obligation.

2.2 Payments and In-App Purchases

Our Services allow in-app purchases. In-app purchases are not mandatory. We do not process payments directly; payments are processed via: Apple App Store (apple.com/legal/privacy) and Google Play Store (policies.google.com/privacy).

We may receive billing and payment information that you provide when your purchase is processed by these providers, such as when you purchase a subscription. We do not collect or store payment card details, account numbers, or similar sensitive financial data.

To streamline subscription management, our app integrates with Apple’s App Store Server API, sharing certain event data (Customer Account Age, Account Details, Content Consumption Level, Platform Information, Purchase Amount, App Usage Time, Account Status) with Apple to optimise subscription management per Apple’s guidelines. Apple uses and safeguards this data per its own Privacy Policy.

2.3 Device Permissions

The app may request permission to access your microphone recordings and your photo/video library – to activate voice commands and to allow you to share your achievements on social media. We do not collect or retain access to such data beyond your immediate use.

2.4 Anonymised Data

We may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes. We may use such anonymous information without further notice, as it is not considered Personal Data under applicable law.

3. WAYS OF USING PERSONAL INFORMATION

The primary purpose of this Privacy Policy is to fulfil the provisions of the Terms of Service concluded between the User and APPLABEL LTD. We may use your Personal Data in the following ways:

To provide Services. Our main aim is to perform our contractual obligation and make our Service available to you. We use information you submit and information processed automatically to provide all requested services.
Account setup and administration. We use Registration information and device data to set up and administer your account, provide technical and customer support, verify your identity, and send important account, subscription, and Service information.
Personalisation. We use Personal Data to personalise your experience. Some Services may ask you to share geolocation data, which you may turn off at any time in your device privacy settings. We may ask for age verification if we have reasonable doubts regarding your age.
Interest-based advertising. We may use automatically processed information for marketing purposes (to show ads based on your preferences). To opt out, visit aboutads.info/choices or youronlinechoices.eu (EU users).
To communicate with you. We use your information to send newsletters, marketing notifications, feedback requests, and policy updates, and to respond when you contact us.
Research and development. We use Personal Data for internal research and development to improve and test the features and functions of our Services, understand user behaviour and trends, and detect potential technical issues.
Legal obligations. We may be required to use and retain Personal Data for legal and compliance reasons, such as crime prevention, detection, or investigation; loss prevention; or fraud prevention.
Push notifications. We may send push notifications with confirmations, reminders, and relevant information (if you choose to allow that function). You may disable these at any time in your device settings.
Cookies and tracking. We may use automatically collected information and cookies to: update our applications; remember your preferences; provide customised third-party content and advertisements (with opt-out instructions); monitor the effectiveness of marketing campaigns; and monitor aggregate usage metrics.
AI-Powered Features and Visual Profile.

Our app uses AI technologies provided by third-party AI service providers to power personalised styling, colour analysis, and shopping advisory features, styling recommendations.

What data is processed by AI providers. What is transmitted and what is not. To determine your colour type, we transmit anonymised categorical styling attributes to our AI service providers. Specifically, we send derived values such as hair colour category, eye colour category, and skin tone category. These attributes are extracted from your submitted photo exclusively at our end level before any transmission occurs. All AI requests are routed exclusively through our own backend infrastructure Submitted photos are stored on our servers for up to 90 days, after which they are permanently deleted. You may also request earlier deletion at any time via the in-app account settings or by contacting us.

Anonymisation. The categorical styling values transmitted (e.g., “dark brown hair,” “blue eyes,” “warm skin tone”) are shared by millions of people and cannot individually identify a specific user. Because these values are transmitted without photos, location, name, or any account identifier, re-identification by AI providers is not possible. This data is treated as anonymised for the purposes of AI processing. The App also has its own proprietary formula for calculating colour type that operates independently of AI providers, ensuring continuity of service.

Transparency. Our app displays an informational screen before the colour analysis feature is used, explaining that AI-powered analysis will take place. We provide this notice as a matter of transparency and good practice. No model training. We do not permit either provider to use your data for training or improving their AI models. Neither provider uses this data for model training under paid API agreements. Data retention by AI providers. OpenAI retains API inputs for a maximum of 30 days solely for abuse monitoring and security review, after which they are deleted. Google (Gemini Paid API) retains data for a limited period solely for detecting violations of its Prohibited Use Policy. Both providers delete transmitted data and do not use it beyond these compliance purposes.

4. THIRD-PARTY PROCESSING OF PERSONAL DATA

We may share your information with third-party companies to perform certain services, including hosting, payment processing, analytics, customer support, and marketing. We hereby undertake not to disclose or transfer User personal data to any third parties except the Processors listed in this section, without the User’s personal consent.

Photos: We do not share your photos, selfies, or facial images with third-party AI providers. Instead, anonymised (non-personal) categorical styling attributes, specifically hair colour category, eye colour category, and skin tone category, are extracted from your submitted photo at our backend level and transmitted to AI service providers (OpenAI and Google Gemini) solely for colour type analysis and styling recommendations. These anonymised attributes contain no user identifiers (no name, email, account ID, or device data) and cannot be used to identify you. Photos submitted for analysis are stored only by our hosting provider (Amazon Web Services) under our own infrastructure.

We work with different vendors that help us provide services to you. The following companies are Processors of Personal Data for APPLABEL LTD’s Services. To learn more about each provider’s services and privacy options, please consult their respective privacy policies linked below. We prohibit the service providers we engage from using your data for any purpose that is not related to our contract.

Processor	Purpose & Data Processed	Privacy Policy
Customer Support
HelpDesk (Text, Inc.)	Customer support – processes email address and content of emails.	helpdesk.com/legal/privacy-policy
Advertising Partners
AppLovin Corp	Advertising service. Collects Cookies and Usage Data to find users and show relevant ads. You may opt out via device advertising settings or youronlinechoices.eu.	applovin.com/privacy
AdColony, Inc.	Advertising service.	adcolony.com/privacy-policy
TikTok (Bytedance, Ltd)	Advertising service.	tiktok.com/legal/page/row/privacy-policy/en
Chartboost	Advertising service.	answers.chartboost.com
IronSource Mobile Ltd.	Advertising service.	ironsource.mobi/privacypolicy.html
Unity Technologies	Advertising service.	unity3d.com/legal/privacy-policy
Pinterest	Advertising service.	policy.pinterest.com/en/privacy-policy
Snap Inc.	Advertising service.	snap.com/en-US/privacy/privacy-policy
Analytics Providers
Adjust, Ltd.	Mobile attribution and analytics. Collects Cookies and Usage Data.	adjust.com/terms/privacy-policy
Infrastructure & Payment Providers
Apple, Inc.	Payment processing for App subscriptions. Subscription management via consumptionRequestReason API. Collects payment, banking, and usage data.	apple.com/legal/privacy
Amazon Web Services, Inc.	Hosting and backend infrastructure.	aws.amazon.com/privacy
BunnyWay d.o.o.	Content Delivery Network (CDN).	bunnycdn.com/privacy
Hetzner Online GmbH	Internet hosting.	hetzner.com/rechtliches/datenschutz
Facebook Ireland Ltd.	Conversion measurement, analytics, and advertising. Collects Cookies, device identifiers, Usage Data.	facebook.com/policy.php
Google Inc.	Payment processing (Google Play Store); AdMob advertising. Collects Cookies, advertising identifiers, Usage Data.	policies.google.com/privacy
Other
Competent Authorities	To comply with a legal obligation, court order, or regulatory request.	N/A
Affiliate networks & attribution providers	To enable redirects to partner services, confirm conversions, attribution, fraud prevention, and commission settlement.	N/A (varies by partner)
OpenAI, L.L.C.	AI-powered chat functions and personalisation features.Colour type analysis and AI-powered personalisation. Receives anonymised categorical styling attributes (hair colour category, eye colour category, skin tone category) — no photos, no user identifiers. Retains API inputs for up to 30 days solely for abuse monitoring, then deletes them. Does not use data for model training. AI-powered chat functions and personalisation features.Colour type analysis and AI-powered personalisation. Receives anonymised categorical styling attributes (hair colour category, eye colour category, skin tone category) — no photos, no user identifiers. Retains data for a limited period solely for detecting policy violations (per Data Processing Addendum). Does not use data for model training.	openai.com/privacy
Google LLC (Gemini API)	AI-powered chat functions and personalisation features.Colour type analysis and AI-powered personalisation. Receives anonymised categorical styling attributes (hair colour category, eye colour category, skin tone category) — no photos, no user identifiers. Retains API inputs for up to 30 days solely for abuse monitoring, then deletes them. Does not use data for model training. AI-powered chat functions and personalisation features.Colour type analysis and AI-powered personalisation. Receives anonymised categorical styling attributes (hair colour category, eye colour category, skin tone category) — no photos, no user identifiers. Retains data for a limited period solely for detecting policy violations (per Data Processing Addendum). Does not use data for model training.	policies.google.com/privacy

Tracking and attribution technologies. We and our third-party partners may use tracking and attribution technologies (including partner links, cookies, SDKs, pixels, and mobile advertising identifiers IDFA/GAID) to measure performance, attribute conversions, prevent fraud, and support billing/commission settlement in affiliate programs. Data involved may include online identifiers (click/session IDs, advertising IDs, IP address), device and app information, referral information, and conversion data. We do not receive your payment card details from partners.

Affiliate Program. We may display third‑party products, services, and offers in the Service. If you click an offer and are redirected to a partner’s website/app, or if you later complete an action with that partner (e.g., a purchase or application), we (and our partners and service providers) may use tracking and attribution technologies to (i) measure performance, (ii) attribute conversions to the App, (iii) prevent fraud, and (iv) support billing/commission settlement in affiliate programs. These technologies may include partner links containing identifiers, cookies (in a browser or in‑app browser), SDKs, pixels, and mobile advertising identifiers (IDFA on iOS and GAID on Android), as permitted by applicable law and your device settings.

The data involved may include online identifiers (such as click/session IDs, advertising identifiers, IP address), device and app information (such as device type, operating system, app version), referral/redirect information, and conversion information (e.g., confirmation that an action occurred, time of action, and limited order parameters where applicable). We do not receive your payment card details from partners.

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

5. STORAGE OF PERSONAL INFORMATION

We will keep your Personal Data for the length of time required to provide you with the Service and for the reasons described in this Privacy Policy, unless a longer retention period is required or permitted by law. Afterwards, we delete data within a reasonable timeframe. In all cases, APPLABEL LTD does not retain Personal Data for more than 2 years. At the end of applicable retention periods, processed Personal Data will be deleted or anonymised. We do not store your selfie, the derived photo data is retained for the duration of your active account. If your account remains inactive for 90 or more consecutive days, your visual profile data will be automatically deleted. You may also request deletion at any time via the in-app account deletion request or by contacting us at applabel@support-team.app. We retain visual profile data for the duration of your active account because consistent retention is necessary to provide a seamless, coherent personalised experience across sessions.

Account deletion. If you no longer want us to use your information, you may request that we erase your personal data and close your account. Except for any legal obligation that requires a longer retention period, at the end of applicable periods, processed personal data will be deleted or anonymised.

6. PERSONAL DATA PROTECTION

6.1 Security Measures

Personal data may be processed by both automated and non-automated means, and may be stored at our premises and on our service providers’ servers. We have implemented industry-standard security measures including encryption to protect your personal information. However, transmissions over the internet are never 100% secure and you should not provide personal data if you wish to avoid any risk.

You can help keep your information secure by choosing and protecting your password appropriately, not sharing your password, and preventing others from using your mobile device.

We will not use information received through your use of HealthKit and Google Fit frameworks for advertising or similar services, nor will we sell it.

6.2 International Data Transfers

We operate internationally and provide our Services to users around the world. We and our third-party partners may transfer automatically processed information across borders from your country or jurisdiction to other countries or jurisdictions.

Server locations used include: Cyprus and Germany (European Union). Your data may be processed on servers not located in your country of residence and may be accessed by our support and engineering teams globally. We make every effort to implement appropriate safeguards to guarantee your rights in conformity with this Privacy Policy and applicable law.

Your consent to this Privacy Policy followed by your submission of information represents your agreement to such transfer.

6.3 Technical and Organisational Measures

We implement technical and organisational measures in an effort to protect Personal Data from loss, theft, misuse, and unauthorised access, disclosure, alteration, and destruction, taking into account the nature of the Personal Data and the risks associated with any special categories we process. These measures include pseudonymisation and tokenisation of certain categories of Personal Data.

7. USER’S RIGHTS

We attach great importance to user privacy and explain your data protection rights below. To exercise any right, contact us at applabel@support-team.app or at our registered address. We will respond within one month.

Right to withdraw consent. If we process your data based on consent, you may withdraw it at any time by emailing support@applabel.tech with the subject line “Consent withdrawal” or via the Settings menu in the app. Withdrawal does not affect the lawfulness of prior processing.
Right of access. You may request a copy of the Personal Data we hold about you and information on how and why we process it.
Right to opt out of targeted advertising. You may opt out of interest-based advertising by checking your device privacy settings. On Apple: Settings > Privacy > Advertising > Limit Ad Tracking. On Android: Settings > Google services > Ads > Opt out of Ads Personalisation.
Right to rectification. You may request correction of any Personal Data that is out of date, incomplete, or inaccurate (Art. 16 GDPR).
Right to erasure (right to be forgotten). You may request that we delete your Personal Data, including your account, via the in-app deletion request or by contacting us directly.
Right to object. You may object to our processing of your Personal Data, including processing for direct marketing purposes, at any time.
Right to restrict processing. You may request that we restrict processing of your Personal Data under the conditions set out in Art. 18 GDPR or other applicable law.
Right to data portability. In certain circumstances, you may request that data you have provided to us be given to you in a structured, commonly used, machine-readable format so that you can transfer it to another controller.
Right to complain to a supervisory authority. You have the right to lodge a complaint with a data protection authority. See edpb.europa.eu for contact details. In Switzerland: edoeb.admin.ch.
Right to a free copy of your data. You may request one copy of the personal data undergoing processing free of charge. Additional copies may be provided on a reimbursement basis. We will respond to your request within 30 business days.

8. AGE REQUIREMENT

Our Services are not directed to children and we do not knowingly collect Personal Data relating to children. Children should never disclose personal information without their parents’ prior permission.

We consider a user to be a child if they are under 13 years of age, unless more stringent regulation applies in their country.
For residents of EEA or UK countries, users under 16 are considered children, unless the applicable national data protection regulation specifies another age.

If you become aware that your child has provided us with Personal Data without your consent, please contact us and we will take the required steps to delete such information.

9. SPECIFIC PROVISIONS APPLICABLE UNDER CALIFORNIA PRIVACY LAW (CCPA)

This section provides additional information about how we collect, use, disclose, and otherwise process personal information of individual residents of the State of California within the scope of the California Consumer Privacy Act of 2018 (“CCPA”). Terms defined in the CCPA have the same meaning when used in this section.

Our Services have collected the following categories of personal information from consumers within the last twelve (12) months:

Category	Examples	Collected	We Sell	Sources	Third Parties Shared With
A. Identifiers	Name, IP address, email, account name, online identifiers	YES	NO	User, their Devices	Advertisers, Analytics Providers, Third Parties as legally required
B. California Customer Records (Cal. Civ. Code § 1798.80(e))	Name, address, financial information (processed by payment providers – we do not store payment data directly)	NO	NO	N/A	N/A
C. Protected classification characteristics	Race, color, religion, sex, national origin, etc.	NO	NO	N/A	N/A
D. Commercial information	Records of products or services purchased, payment history	YES	NO	User	Payment Service Providers (Apple, Google)
E. Biometric information	Faceprints, fingerprints, iris scans, or other identifying templates. Note: we collect photos for AI analysis but do not retain original photos or create identification templates – only derived styling data (colour type, etc.) is stored.	NO	NO	N/A	N/A
F. Internet / network activity	Browsing history, interaction with app or advertisements	YES	NO	User, their Devices	Advertisers, Analytics Providers, Third Parties as legally required
G. Geolocation data	Physical location or movements	NO	NO	N/A	N/A
H. Sensory data	Audio, visual, thermal, olfactory information	NO	NO	N/A	N/A
I. Professional / employment information	Job history, performance evaluations	NO	NO	N/A	N/A
J. Non-public education information	Grades, transcripts, financial information	NO	NO	N/A	N/A
K. Inferences	Profile reflecting preferences, characteristics, behaviour, aptitudes	YES	NO	Users, their Devices, Partners	Advertisers, Analytics Providers, Third Parties as legally required

We do not rent, sell, or share Personal Information with non-affiliated companies for their direct marketing uses as contemplated by California’s “Shine the Light” law (Civil Code § 1798.83), unless we have your permission.

Your California Privacy Rights:

Request information about how we have collected and used your personal information during the past 12 months.
Request a copy of the personal information we have collected about you during the past 12 months.
Ask us to delete personal information we have collected from you (subject to certain exceptions).
Right to be Free from Discrimination: we will not discriminate against you for exercising your rights.
Right to opt out of the ‘sale’ of personal information. Note: we do not sell personal information within the last 12 months and have not done so.

To exercise your California privacy rights, email us at applabel@support-team.app. We will need to confirm your identity and California residency. We aim to respond within 45 days; if more time is required, we will inform you in writing.

10. CONTACT DETAILS

APPLABEL LTD

Registered address: Panagioti Tsangari, 14, 1st floor, Flat/Office 1F, 4047, Limassol, Cyprus
Email: applabel@support-team.app
Support: support@applabel.tech

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your data, please do not hesitate to reach out. We take privacy seriously and will respond promptly.

Page of