Privacy Policy
Last updated: May 2026
1. Data Controller
Outfit of the Day ("we", "us", "the service") is operated by Jose Sentis (josesentis.com), based in Spain. For any privacy-related enquiries, contact us at info@josesentis.com.
2. What Data We Collect
- Account information: your email address and hashed password, your chosen username, first name, and last name.
- Profile data: optional profile photo, date of birth, and clothing style preferences you configure.
- Uploaded images: photos of outfits or garments you upload to the References or Wardrobe sections, stored in Supabase Storage.
- Pinterest board data: URLs and pin images you import from public Pinterest boards. Pin images are not stored permanently on our servers.
- AI-generated outfit suggestions: text suggestions produced by an AI model based on your references, stored in your account.
- Technical data: your timezone (detected from your browser) and push notification preferences.
- Push notification tokens: browser subscription tokens used to send you daily outfit reminders (stored only if you enable notifications).
- Usage and cost data: internal records of which AI features and background-removal operations you trigger, including provider name, feature used, and cost in USD. Used solely for internal analytics; never shared with third parties.
- Session data: a single authentication cookie to keep you signed in (see Cookie Policy).
3. Why We Process Your Data
- Contract performance: to create and manage your account and provide the outfit suggestion service.
- Legitimate interests: to improve the service, send you optional daily outfit suggestions, and maintain security.
- Legal compliance: to comply with applicable EU and Spanish law.
We do not use your data for advertising, profiling for third-party purposes, or sell it to any third party.
4. Third-Party Services
Anthropic Claude API — outfit suggestions and wardrobe analysis are generated using the Anthropic Claude API. Your reference images and wardrobe descriptions are sent to Anthropic's servers for processing. Please review Anthropic's Privacy Policy for details on how they handle API data.
Remove.bg — when you use the background removal feature, your clothing item images are sent to Remove.bg's API for processing. Please review Remove.bg's Privacy Policy for details.
Google OAuth / Apple Sign-In — if you choose to sign in with Google or Apple, those providers authenticate your identity and share basic profile information (email address) with us. Your use of these sign-in methods is also governed by Google's Privacy Policy and Apple's Privacy Policy.
Supabase — your data (profile, images, outfits, references) is stored in a Supabase database and object storage, hosted on AWS infrastructure. See Supabase's Privacy Policy.
Netlify — the app is hosted on Netlify. Web request data (including IP addresses) passes through Netlify's infrastructure. See Netlify's Privacy Policy.
Pinterest — board images are fetched from Pinterest's public CDN and displayed within the app. We do not store Pinterest CDN images on our servers.
Google Analytics 4 — if you consent to analytics cookies, we collect anonymised usage data (page views, navigation patterns). IP addresses are anonymised before being sent to Google. No personal data is shared with Google for advertising purposes. You can opt out at any time via the cookie preferences link in the footer. See Google's Privacy Policy for details.
5. Data Retention
Your data is retained for as long as your account is active. Uploaded images and wardrobe items are kept until you delete them. Generated outfits are kept indefinitely unless you delete them. Usage and cost tracking records are retained for internal analytics and are not exposed to users. Push notification tokens are stored until you disable notifications or delete your account. If you delete your account, all associated data is removed within 30 days.
6. Your Rights Under GDPR
As a resident of the EU/EEA, you have the right to:
- Access a copy of the personal data we hold about you.
- Rectification of inaccurate or incomplete data (via your profile settings).
- Erasure ("right to be forgotten") — request deletion of your account and all data.
- Data portability — receive your data in a structured, machine-readable format.
- Objection to processing based on legitimate interests.
- Restriction of processing in certain circumstances.
- Lodge a complaint with the Spanish data protection authority (AEPD) at aepd.es.
To exercise any of these rights, contact us at info@josesentis.com. We will respond within 30 days.
7. Data Security
Passwords are hashed using bcrypt. Session tokens are stored in httpOnly cookies and are not accessible to JavaScript. Data is stored on secure servers. We apply reasonable technical and organisational measures to protect your data against unauthorised access or disclosure.
8. Changes to This Policy
We may update this policy periodically. We will notify you of significant changes via the app or by email. Continued use of the service after changes constitutes acceptance of the updated policy.