Outfit of the day

Privacy Policy

Last updated: May 2026

1. Data Controller

Outfit of the Day ("we", "us", "the service") is operated by Jose Sentis (josesentis.com), based in Spain. For any privacy-related enquiries, contact us at info@josesentis.com.

2. What Data We Collect

  • Account information: your email address and hashed password, your chosen username, first name, and last name.
  • Profile data: optional profile photo, age, and clothing style preferences you configure.
  • Uploaded images: photos of outfits or garments you upload to the References or Wardrobe sections.
  • Pinterest board data: URLs and pin images you import from public Pinterest boards.
  • AI-generated outfit suggestions: text suggestions produced by an AI model based on your references, stored in your account.
  • Technical data: your timezone (detected from your browser) and notification preferences.
  • Session data: a single authentication cookie to keep you signed in (see Cookie Policy).

3. Why We Process Your Data

  • Contract performance: to create and manage your account and provide the outfit suggestion service.
  • Legitimate interests: to improve the service, send you optional daily outfit suggestions, and maintain security.
  • Legal compliance: to comply with applicable EU and Spanish law.

We do not use your data for advertising, profiling for third-party purposes, or sell it to any third party.

4. Third-Party Services

Outfit suggestions are generated using the Anthropic Claude API. Your reference images and wardrobe descriptions are sent to Anthropic's servers for analysis. Please review Anthropic's Privacy Policy for details on how they handle API data.

Pinterest board images are fetched from Pinterest's public CDN and displayed within the app. We do not store Pinterest CDN images on our servers.

5. Data Retention

Your data is retained for as long as your account is active. Uploaded images and wardrobe items are kept until you delete them. Generated outfits are kept indefinitely unless you delete them. If you delete your account, all associated data is removed within 30 days.

6. Your Rights Under GDPR

As a resident of the EU/EEA, you have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectification of inaccurate or incomplete data (via your profile settings).
  • Erasure ("right to be forgotten") — request deletion of your account and all data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Objection to processing based on legitimate interests.
  • Restriction of processing in certain circumstances.
  • Lodge a complaint with the Spanish data protection authority (AEPD) at aepd.es.

To exercise any of these rights, contact us at info@josesentis.com. We will respond within 30 days.

7. Data Security

Passwords are hashed using bcrypt. Session tokens are stored in httpOnly cookies and are not accessible to JavaScript. Data is stored on secure servers. We apply reasonable technical and organisational measures to protect your data against unauthorised access or disclosure.

8. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via the app or by email. Continued use of the service after changes constitutes acceptance of the updated policy.