Legal Information

Introduction

This Privacy Policy explains how wiWear ('we', 'us', or 'our') collects, uses, and protects your personal information when you use our outfit tracking service. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller

wiWear operates as the data controller for personal information processed through our service. You can contact us at privacy@wiwear.co for any privacy-related questions or requests.

What Data We Collect

• Account Information: Name, email address, and profile picture from your Google account
• Outfit Photos: Selfies you upload through our service, processed on your device and stored in your Google Drive
• Location Data: Optional geolocation information if you grant permission, embedded in photo EXIF metadata
• User Notes: Any notes or descriptions you add to your outfit photos
• Google Calendar Data: Access only to the app-created 'wiWear' calendar to create outfit events (when calendar storage is enabled in Settings). No access to your personal or work calendars.
• Google Drive Data: Access only to store photos in a dedicated 'wiWear' folder. No access to your existing files, documents, or photos.

Legal Basis for Processing

• Consent: You provide explicit consent when connecting your Google account and granting required permissions (Google Drive and Calendar access). We validate that all required permissions are granted during sign-up. If permissions are missing, we prevent account creation and inform you of the required permissions.
• Contract Performance: Processing is necessary to provide the outfit tracking service you requested.
• Legitimate Interests: We process data to improve our service, prevent fraud, and ensure security.

How We Use Your Data

• Provide and maintain the outfit tracking service
• Store your outfit photos securely in your Google Drive. Photos are resized and optimized on your device (720x1280) before upload to ensure fast performance and efficient storage.
• Optionally create events in a dedicated 'wiWear' calendar with photo attachments when calendar storage is enabled in Settings. No access to other calendars. You can recreate your wiWear calendar from Settings if you lose access to it.
• Store photos exclusively in an isolated 'wiWear' folder. No access to other files or folders.
• Analyze usage patterns to improve our service (anonymized data only)

Data Sharing and Third Parties

We do not sell your personal data. We only share data with trusted service providers who help us operate our service:

• Google: For authentication (OAuth 2.0), minimal Google Drive access (only 'wiWear' folder, no other files), and minimal Google Calendar access (only app-created 'wiWear' calendar, no other calendars)
• Vercel: For hosting the application infrastructure (Vercel Platform)

Data Retention

We retain your personal data for as long as your account is active. When you delete your account, we permanently delete all your data from our database within 30 days. Photos stored in your Google Drive and Calendar events remain in your Google account and must be deleted manually if desired. You retain full control and ownership of all data in your Google Drive and Calendar.

Your Rights Under GDPR

• Right to Access: Request a copy of your personal data we hold.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data (available in Settings).
• Right to Restriction: Request limited processing of your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time by disconnecting integrations or deleting your account.

Cookies and Tracking

We use essential cookies to maintain your session and remember your preferences. We do not use advertising or tracking cookies. You can manage cookie preferences in your browser settings.

Security Measures

We implement industry-standard security measures including encryption in transit (HTTPS/TLS), encryption at rest for stored photos, secure authentication via OAuth 2.0, and regular security audits. However, no method of transmission over the internet is 100% secure.

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure adequate protection through standard contractual clauses and verified that our service providers comply with GDPR requirements.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through a prominent notice on our service. Continued use of the service after changes constitutes acceptance.

Contact Us

For privacy-related questions, to exercise your rights, or to file a complaint, contact us at privacy@wiwear.co. You also have the right to lodge a complaint with your local data protection authority.

Acceptance of Terms

By accessing and using wiWear, you accept and agree to be bound by these Terms of Service. If you do not agree to these terms, please do not use our service.

Service Description

wiWear is a personal outfit tracking application that allows you to capture daily outfit photos and store them securely in an isolated 'wiWear' folder in your Google Drive. Photos are processed and optimized on your device (720x1280 resolution) before upload for fast performance. You can optionally sync photos as events to a dedicated 'wiWear' calendar by enabling calendar storage in Settings. We only have access to files and calendars created by the app - none of your personal documents or calendars. The service is provided 'as is' for personal, non-commercial use.

User Accounts

• You must have a valid Google account to use wiWear
• You are responsible for maintaining the security of your account credentials
• You must notify us immediately of any unauthorized access to your account

User Content and Data

You retain all ownership rights to the photos and content you upload ('User Content'). By using our service:

• You retain full ownership of your outfit photos and notes. Photos stored in your Google Drive are entirely under your control and ownership
• You grant us a limited license to process your content on your device (resize, optimize, add metadata) and upload it to your Google Drive to provide the service
• Data stored in your Google Drive and Google Calendar remains your personal data, accessible and deletable by you at any time through your Google account
• You are solely responsible for the content you upload and must not upload illegal, offensive, or copyright-infringing material

Prohibited Uses

• Use the service for any unlawful purpose or in violation of these terms
• Upload content that is offensive, harmful, defamatory, or violates others' rights
• Upload content that infringes intellectual property rights
• Attempt to disrupt, damage, or impair the service or its infrastructure
• Use automated tools (bots, scrapers) to access the service without permission

Intellectual Property

The wiWear service, including its design, logo, features, and underlying technology, is owned by wiWear and protected by copyright, trademark, and other intellectual property laws. You may not copy, modify, or reverse-engineer any part of our service.

Termination

We reserve the right to suspend or terminate your account at any time for violations of these Terms of Service, illegal activity, or abuse of the service. You may terminate your account at any time through the Settings page. Upon termination, your data will be deleted in accordance with our Privacy Policy.

Disclaimer of Warranties

THE SERVICE IS PROVIDED 'AS IS' AND 'AS AVAILABLE' WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. We do not guarantee uninterrupted or error-free service.

Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, wiWear SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF DATA, REVENUE, OR PROFITS, ARISING FROM YOUR USE OF THE SERVICE. Our total liability shall not exceed the amount you paid us in the past 12 months (if applicable).

Changes to Terms

We may modify these Terms of Service at any time. We will notify users of material changes via email or service notification. Continued use after changes constitutes acceptance of the updated terms.

Governing Law

These Terms of Service are governed by the laws of the European Union and the country where wiWear is registered. Any disputes shall be resolved in the competent courts of that jurisdiction.

Contact Information

For questions about these Terms of Service, contact us at privacy@wiwear.co.

Purpose and Scope

This Data Processing Agreement ('DPA') forms part of the Terms of Service between you ('Data Controller') and wiWear ('Data Processor') regarding the processing of personal data in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

Definitions

• Data Controller: You, the user of wiWear, who determines the purposes and means of processing personal data.
• Data Processor: wiWear, which processes personal data on behalf of the Data Controller.
• Personal Data: Any information relating to an identified or identifiable natural person processed through the service.

Details of Processing

The processing of personal data involves:

• Nature of Processing: Collection (on user's device), browser-side processing (resize, EXIF metadata), storage in an isolated 'wiWear' folder in Google Drive, organization, retrieval, and deletion, plus optional event creation in a dedicated 'wiWear' calendar.
• Purpose of Processing: Providing outfit tracking, Google Drive backup, and optional Google Calendar synchronization services.
• Duration: For the duration of your active account plus retention periods as specified in the Privacy Policy.
• Types of Data: Name, email, profile picture, outfit photos (processed on user's device and stored in Google Drive), location data (optional, embedded in EXIF metadata), notes, Google Drive file metadata, and optional calendar events.
• Data Subjects: Individual users of the wiWear service.

Processor Obligations

wiWear (as Data Processor) commits to:

• Process personal data only on documented instructions from you (the Data Controller)
• Ensure that persons authorized to process data are under obligations of confidentiality
• Implement appropriate technical and organizational security measures (see Security page)
• Only engage sub-processors with your general authorization and under written contract
• Assist you in responding to data subject rights requests (access, deletion, etc.)
• Notify you without undue delay upon becoming aware of a personal data breach
• Delete or return all personal data at the end of service provision, unless legally required to retain
• Make available information necessary to demonstrate compliance and allow for audits

Sub-processors

wiWear engages the following sub-processors to provide the service:

• Google: For authentication (OAuth 2.0), photo storage in isolated 'wiWear' folder (user's Google Drive), and optional calendar events in app-created 'wiWear' calendar
• Vercel: For hosting the application infrastructure (Vercel Platform)

International Data Transfers

Data may be transferred outside the European Economic Area (EEA). We ensure adequate protection through standard contractual clauses approved by the European Commission and by verifying that sub-processors maintain GDPR-compliant data protection standards.

Security Measures

wiWear implements the following security measures:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Role-based access control and authentication via OAuth 2.0
• Regular backups with encrypted storage
• Continuous monitoring and logging of security events

Liability and Indemnification

Each party shall be liable for damages caused by its breach of this DPA in accordance with applicable GDPR provisions (Article 82). wiWear maintains appropriate liability insurance and commits to cooperating in the event of regulatory investigations.

Term and Termination

This DPA remains in effect for as long as wiWear processes personal data on your behalf. Upon termination of the service or account deletion, wiWear will delete or return all personal data as instructed, within the timelines specified in the Privacy Policy.

Contact for DPA Matters

For questions or requests related to this Data Processing Agreement, contact our Data Protection Officer at privacy@wiwear.co.

Our Security Commitment

At wiWear, we take the security of your data seriously. We implement industry-standard security measures to protect your outfit photos, personal information, and account from unauthorized access, disclosure, or loss.

Encryption

• Data in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 (HTTPS)
• Data at Rest: All outfit photos are encrypted at rest in your Google Drive using Google's enterprise-grade encryption (AES-256)
• We follow industry best practices and regularly update our encryption protocols

Authentication and Access Control

• OAuth 2.0: We use Google OAuth for secure, passwordless authentication
• Secure Sessions: Session tokens are encrypted, HTTP-only, and have limited lifetimes
• No Password Storage: We never store or have access to your Google password

Access Control

• Role-Based Access: Only authenticated users can access their own data
• Data Isolation: Each user's data is strictly isolated and not accessible by other users
• Access Logging: We log all access to sensitive data for security monitoring

Infrastructure Security

• Secure Hosting: Our application is hosted on Vercel with enterprise-grade security
• CDN Protection: Content delivery through secure, DDoS-protected networks
• Regular Backups: Automated encrypted backups with geographic redundancy
• 24/7 Monitoring: Continuous monitoring for security threats and anomalies

Compliance and Certifications

• GDPR Compliance: Full compliance with EU General Data Protection Regulation
• Our infrastructure providers (Vercel, Google) maintain SOC 2, ISO 27001, and other security certifications
• We conduct regular security assessments and vulnerability scans

Incident Response

In the event of a security incident affecting your data, we have procedures in place to:

• Detect and contain the incident immediately
• Activate our incident response team
• Notify affected users within 72 hours as required by GDPR
• Implement corrective measures and prevent future occurrences

Your Security Responsibilities

• Keep your Google account credentials secure and use strong passwords
• Monitor your account for suspicious activity
• Review and revoke application permissions if you suspect unauthorized access
• Keep your devices and browsers updated with the latest security patches

Security Vulnerability Reporting

If you discover a security vulnerability in wiWear, please report it responsibly to security@wiwear.co. We appreciate responsible disclosure and will investigate all legitimate reports promptly.

Security Updates

We continuously monitor the security landscape and update our security measures as needed. Material security improvements will be communicated through service updates.

Security Contact

For security-related questions or concerns, contact our security team at security@wiwear.co.