Privacy Policy

VESTI Labs, Inc. ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our DRESZI mobile application and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not access or use the Service.

2.1 Information You Provide Directly

• Account Information: When you create an account, we collect your email address, name, and any profile information you choose to provide.
• Wardrobe Content: Photos of clothing items you upload, along with any descriptions, tags, brands, or categories you assign to them.
• Preferences and Settings: Style preferences, calendar integrations, location settings for weather data, and notification preferences.
• Communications: Information you provide when contacting our support team or responding to surveys.
• Payment Information: If you subscribe to premium features, payment details are processed by our third-party payment processor and we do not store full payment card numbers.

2.2 Information Collected Automatically

• Device Information: Device type, operating system version, unique device identifiers, and mobile network information.
• Usage Data: Features used, outfit selections, interaction patterns, session duration, and in-app actions.
• Log Data: IP address, access times, pages viewed, app crashes, and system activity.
• Location Data: With your permission, approximate location data to provide weather-based outfit recommendations. You can disable this in your device settings.

2.3 Information from Third Parties

• Calendar Integration: If you connect your calendar, we access event titles and times (not content or attendees) to contextualize outfit recommendations.
• Authentication Providers: If you sign in via Apple or Google, we receive basic profile information as permitted by those services.

We use the information we collect to:

• Provide the Service: Generate personalized outfit recommendations, manage your digital wardrobe, and deliver core app functionality.
• Improve and Develop: Analyze usage patterns to enhance features, fix bugs, and develop new functionality.
• Personalize Experience: Learn your style preferences over time to provide increasingly relevant recommendations.
• Communicate: Send service-related notices, respond to inquiries, and provide customer support.
• Marketing: With your consent, send promotional communications about new features or offers. You can opt out at any time.
• Safety and Security: Detect and prevent fraud, abuse, and security incidents.
• Legal Compliance: Comply with applicable laws, regulations, and legal processes.

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: Third-party vendors who assist with hosting, analytics, payment processing, customer support, and other operational services, bound by confidentiality obligations.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.
• Legal Requirements: When required by law, subpoena, court order, or to protect our rights, property, or safety.
• With Your Consent: For any purpose you explicitly authorize.

Aggregated and De-identified Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analytics, and product improvement purposes.

We retain your personal information for as long as your account is active or as needed to provide you the Service. We also retain information as necessary to comply with legal obligations, resolve disputes, and enforce agreements.

Wardrobe Photos: Photos are stored locally on your device by default. If you enable cloud backup, encrypted copies are stored on our servers until you delete them or close your account.

Upon account deletion request, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

We implement industry-standard technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Regular security assessments and penetration testing
• Access controls limiting employee access to personal data
• Secure software development practices

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to certain processing activities, including direct marketing.
• Restriction: Request restriction of processing in certain circumstances.
• Withdraw Consent: Where processing is based on consent, withdraw consent at any time.

To exercise these rights, contact us at privacy@dresz.io. We will respond within 30 days.

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by businesses
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising CCPA rights

To submit a request, email privacy@dresz.io or use the in-app privacy settings.

Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

When we transfer data internationally, we use appropriate safeguards such as Standard Contractual Clauses approved by relevant authorities.

The Service is not intended for children under 13 years of age (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@dresz.io, and we will take steps to delete such information.

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the app and updating the "Effective Date" above. For significant changes, we may also provide additional notice via email or in-app notification.

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

VESTI Labs, Inc.
Attn: Privacy
Austin, Texas
Email: privacy@dresz.io

For EU/EEA residents, you also have the right to lodge a complaint with your local data protection authority.