Privacy Policy

Last updated: May 11, 2026

This Privacy Policy explains how NotMyColor ("we," "us," and "our") collects, uses, and protects your information when you use our iOS application. By creating an account or using NotMyColor, you agree to the practices described below.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address and the password you choose. Your password is hashed and stored by our authentication provider (Supabase); we never see it and never store it in plain text.

1.2 Profile Information

During onboarding, we ask you to provide:

• Your first name
• Your age range
• Your gender
• Your responses to a style questionnaire (your typical reaction to a photo of yourself, openness to honest feedback, monthly clothing budget, jewelry preference, what you would like to change in your wardrobe, your most honest reason for using the app, and your style vibe)
• Your self-reported physical characteristics used for color analysis: hair color, eye color, skin tone, and wrist undertone

This information is stored in your account in our database (Supabase) and is used to personalize the analysis and the app experience. It is never sold to third parties or used for advertising purposes.

1.3 Photos for Color Analysis

During onboarding, you may take a photo of your face, a photo of your wrist, and optionally additional selfies. These images are sent to our AI partner (OpenAI) solely to determine your seasonal color analysis and undertone. They are not stored on our own servers and are not associated with your profile after the analysis is completed.

1.4 Profile Photo (Avatar)

If you set a profile photo from the Profile screen, the image is stored on your device and synchronized with your account record in our database so that it can be displayed across sessions and devices. You can delete it at any time from the Profile screen.

1.5 Clothing Scan Photos

When you scan a garment using the built-in camera, the photo is:

• Sent to OpenAI for color and garment type analysis
• Saved locally on your device in the app's local storage
• Uploaded to your scan history in our database (Supabase) so that you can access your history across devices

You can delete an individual scan or your entire scan history at any time from the Scans screen.

1.6 Seasonal Color Profile and Scan History

Your detected color season, secondary season, compatibility scores, garment names and types, dominant colors, and the timestamp of each scan are stored in your account so that you can access them across sessions.

1.7 Free Trial Counter

We store the number of scans you have performed, currently capped while we finalize our pricing, in order to enforce free trial limits.

1.8 Local Preferences

The following preferences are stored only on your device using iOS UserDefaults and are never sent to our servers: app language, color theme, notification preference, and sound preference.

2. How We Use Your Information

We use your information to:

• Create your account and authenticate you
• Analyze your photos and determine your seasonal color profile
• Evaluate garments against your personal palette and provide recommendations
• Display and synchronize your scan history across your devices
• Enforce free trial scan limits and, in a future version, manage subscriptions
• Respond to support requests sent to contact@notmycolor.app
• Detect abuse, fraud, or violations of our Terms of Use

We do not use your data for advertising, marketing profiling, or resale to third parties. We currently do not use any analytics or crash reporting SDKs.

3. Third-Party Services and AI Processing

NotMyColor relies on two third-party processors:

3.1 Supabase (Authentication, Database, Storage)

Supabase Inc. (United States) hosts our authentication system and database. Your email, profile data, scan history, and avatar and scan photos are stored in our Supabase project. Supabase is governed by its own privacy policy and acts as a data processor under the GDPR.

3.2 OpenAI (AI Image Analysis)

Color analysis is powered by OpenAI's GPT-4o vision models. The photos you submit, including face, wrist, additional selfies, and clothing scans, are sent to OpenAI's API endpoints in the United States solely for analysis.

According to OpenAI's API data usage policy:

• API inputs and outputs are not used to train OpenAI's models
• OpenAI may retain API requests for up to 30 days for abuse monitoring purposes, after which they are deleted

By using NotMyColor's analysis features, you consent to this processing. If you do not consent, you may use the manual analysis flow during onboarding, which does not send any photos off your device.

3.3 No Other Third Parties

We do not currently use Firebase, Google Analytics, Mixpanel, RevenueCat, Superwall, push notification services, advertising SDKs, or any tracking technologies. If we add any such service in the future, we will update this Privacy Policy and notify you within the application.

4. Sensitive Personal Data

Seasonal color analysis involves processing visual characteristics of your appearance, including your skin tone, hair color, eye color, and wrist undertone, as well as photos of your face and wrist. Under the GDPR, identifiable photos and information about physical characteristics may be considered sensitive personal data. We process this information solely to provide the color analysis service you requested, based on your explicit consent when you start the analysis. This information is never shared with advertisers or third parties for commercial purposes.

5. Data Retention

• Account data, including email, profile, color season, scan history, and avatar, is retained for as long as your account remains active.
• Analysis photos, including face, wrist, and additional selfies submitted during onboarding, are not stored on our servers and may be retained by OpenAI for up to 30 days as described in Section 3.2.
• Clothing scan photos are retained in your scan history for as long as your account remains active and stored locally on your device until you delete the corresponding scan.
• Authentication tokens are stored in the iOS Keychain on your device, refreshed automatically, and deleted when you sign out.

You may delete your account at any time from Profile → Delete My Account. Upon deletion, all personal data associated with your account in our database is permanently deleted within 30 days. Local data on your device is deleted immediately upon sign-out or account deletion.

6. Legal Basis for Processing (GDPR)

• Performance of a contract: account creation, authentication, color analysis, and scan history.
• Explicit consent: processing of photos and sensitive physical information. Consent may be withdrawn at any time by deleting your account or contacting us.
• Legitimate interest: abuse prevention and security.

7. Your Rights (EU / EEA — GDPR)

If you reside in the European Economic Area, you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten"). This is also available via the Delete My Account button.
• Portability — request your data in a machine-readable format.
• Restriction — request that we limit the processing of your data.
• Objection — object to certain types of processing.
• Withdrawal of consent — at any time, without affecting the lawfulness of prior processing.
• Lodge a complaint with your national data protection authority, for example the CNIL in France.

To exercise these rights, contact us at the email address below. We will respond within 30 days.

8. Your Rights (California — CCPA / CPRA)

If you reside in California, you have the right to:

• Know what personal information we collect, use, and disclose.
• Request deletion of your personal information.
• Request correction of inaccurate personal information.
• Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell or share your personal information for advertising purposes.
• Limit the use of sensitive personal information. We use this information only to provide the color analysis service you requested.
• Not be discriminated against for exercising any of these rights.

To exercise these rights, contact us at the email address below.

9. International Data Transfers

Our processors, Supabase and OpenAI, host data in the United States. If you reside in the European Economic Area, the United Kingdom, or Switzerland, your personal data may be transferred to a country that does not provide the same level of data protection as your home country. We rely on the European Commission's Standard Contractual Clauses with our processors to ensure an adequate level of protection.

10. Children's Privacy

NotMyColor is not intended for users under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe that a child has provided us with personal information, contact us and we will promptly delete it.

11. Data Security

We use industry-standard security measures to protect your data in transit (HTTPS/TLS) and at rest, including encrypted storage on Supabase. Authentication tokens are stored in the iOS Keychain. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the application or by email. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact

If you have any questions about this Privacy Policy or how we process your data, you may contact us at:

contact@notmycolor.app