Privacy Policy

GarmentAI – AI Clothing Extraction & Editing Tool

Last Updated: April 12, 2026

Chrome Web Store Compliance: This extension complies with the Chrome Web Store User Data Policy and only collects the minimum amount of data necessary for the extension to function.

1. Overview

GarmentAI is a browser extension designed to help users process fashion images using AI technology. Our features include background removal, clothing extraction, outfit swap, and face swap capabilities.

We respect user privacy and are committed to protecting personal data. This policy explains what data we collect, how we use it, and your rights regarding your information.

2. Data Collection

We collect minimal data necessary for the extension to function:

• Email Address: Used for account creation and authentication
• User ID: Unique identifier for your account
• Usage Statistics: Number of AI processing jobs performed (for quota tracking)
• IP Address: Collected for security and fraud prevention purposes
• Uploaded Images: Temporarily processed for AI operations, then deleted
• Payment Information: Processed through PayPal and PayOS (we do not store credit card details)
• Gemini or Grok API Key (optional): If you provide your own Gemini or Grok API key in Settings, it is stored locally in your browser only and never transmitted to our servers

3. How We Use Your Data

• Authentication: Verify your identity and manage your account via Supabase
• AI Processing: Process your uploaded images to provide background removal, clothing extraction, outfit swap, and face swap features
• Quota Management: Track your credit usage and remaining balance
• Payment Processing: Process credit purchases via PayPal (USD) and PayOS (VND)
• Customer Support: Respond to your inquiries and provide assistance
• Service Improvement: Analyze usage patterns to improve our AI models and features

4. Image Processing and Storage

Important Information About Your Images:

• Temporary Processing: Images are uploaded to our Supabase backend for AI processing
• Processing Time: Images are processed in real-time (typically 5-30 seconds)
• Automatic Deletion: Processed images are automatically deleted from our servers after 24 hours
• No Long-Term Storage: We do not permanently store your uploaded images
• Secure Transmission: All image uploads use HTTPS encryption
• No Third-Party Sharing: Your images are never shared with third parties

5. Permissions Usage

The extension requests the following Chrome permissions:

• storage: Store user preferences, authentication tokens, and quota data locally in your browser
• unlimitedStorage: Store processed images temporarily in browser cache
• activeTab: Access the current tab to enable right-click context menu on images
• contextMenus: Add "Open in Clothing Extractor" option to right-click menu on images
• <all_urls>: The content script only listens for right-click events on image elements to populate the context menu. It does not read, modify, or transmit any page content or user data.
• generativelanguage.googleapis.com: Send images to Google Gemini AI for processing when the Gemini runtime is active. Images are sent directly from your browser to Google's API.
• api.x.ai: Send images to xAI Grok for processing when the Grok runtime is active. Images are sent directly from your browser to xAI's API.
• supabase.co: User authentication, quota management, and retrieving the managed shared runtime pool metadata. Only the masked key and active model information are exposed to the extension — the full key is never transmitted.
• securedgateway.link: Open the activation/payment page on first install and for credit purchases via PayOS/PayPal.

6. Third-Party Services and Data Sharing

We share your data with the following third-party services to provide our functionality. We do not sell your personal data to anyone.

Third-Party Services We Use:

• Supabase (Database & Authentication):
  • Data shared: Email address, user ID, hashed password, usage statistics, IP address
  • Purpose: Account management, authentication, and data storage
  • Privacy policy: https://supabase.com/privacy
• PayPal (Payment Processing - USD):
  • Data shared: Email address, payment information
  • Purpose: Process credit purchases in USD
  • Privacy policy: https://www.paypal.com/privacy
  • Note: We do NOT store your credit card information
• PayOS (Payment Processing - VND):
  • Data shared: Email address, payment information
  • Purpose: Process credit purchases in VND
  • Privacy policy: https://payos.vn/privacy
  • Note: We do NOT store your credit card information
• AI Processing Services:
  • Data shared: Uploaded images (temporarily)
  • Purpose: Perform AI operations (background removal, clothing extraction, outfit/face swap)
  • Retention: Images are processed and immediately deleted. No permanent storage.

Important: We do NOT sell, rent, or trade your personal information to third parties for marketing purposes. Data is only shared with the services listed above to provide our core functionality.

7. Data Storage and Security

• Local Storage: Authentication tokens and preferences are stored locally in your browser
• Cloud Storage: Account data is stored securely on Supabase with encryption
• Password Security: Passwords are hashed using industry-standard encryption before storage
• HTTPS: All data transmission uses secure HTTPS connections
• Access Control: Only authorized personnel have access to backend systems
• Regular Audits: We conduct regular security audits to protect your data

8. Data Retention

We retain your personal data only for as long as necessary to provide our services and comply with legal obligations:

• Account Information: Email address, user ID, and hashed password are retained while your account remains active. If you delete your account, this data is permanently removed from our systems within 30 days.
• Usage Statistics: Number of AI processing jobs performed is stored for 1 year for service operation, quota management, and analytics purposes.
• Uploaded Images: Images uploaded for AI processing are automatically and permanently deleted from our servers after 24 hours. No images are retained beyond this period.
• IP Address Logs: IP addresses collected for security and fraud prevention are retained for 90 days, then automatically deleted.
• Payment Records: Transaction records (not credit card details) are retained for 7 years to comply with tax and legal requirements.

User-Initiated Deletion: You may request deletion of your account and all associated data at any time by contacting us at nezychannel@gmail.com. We will process your request within 30 days and confirm deletion via email.

9. Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data stored in our systems
• Correction: Update or correct your personal information at any time
• Deletion: Request deletion of your account and all associated data. We will process deletion requests within 30 days.
• Export: Request a machine-readable copy of your data for portability
• Withdraw Consent: Stop using the extension at any time and request data deletion
• Data Portability: Receive your data in a structured, commonly used format

To exercise these rights, contact us at: nezychannel@gmail.com

We will respond to your request within 30 days and may require identity verification to protect your privacy.

10. Admin Dashboard

Our admin dashboard at https://securedgateway.link/payos/admin/ allows authorized administrators to:

• View user accounts and usage statistics
• Track IP addresses for security purposes
• Manage user quotas and credits
• Delete user accounts upon request

Access to the admin dashboard is restricted and protected by authentication.

11. Children's Privacy

Our extension is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by:

• Updating the "Last Updated" date at the top of this policy
• Posting a notice in the extension
• Sending an email notification (for significant changes)

Your continued use of the extension after changes constitutes acceptance of the updated policy.

13. International Data Transfers

Your data may be transferred to and processed in countries other than your own, including the United States and Vietnam. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

14. Cookies and Tracking

The extension does not use cookies or tracking technologies. We do not track your browsing activity outside of the extension's functionality.

15. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you within 72 hours via email and provide information about:

• The nature of the breach
• The data affected
• Steps we are taking to address the breach
• Recommended actions you should take

16. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to deletion of personal information
• Right to non-discrimination for exercising your rights

17. GDPR Compliance (EU Users)

If you are in the European Union, you have rights under the General Data Protection Regulation (GDPR):

• Legal basis for processing: Consent and legitimate interests
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority
• Right to object to processing
• Right to restriction of processing

18. Gemini and Grok API Key Management

The extension uses a managed shared runtime pool to power AI processing. Depending on the active runtime configuration, the pool may route to Gemini or Grok:

• Server-side storage: API keys are stored securely on our backend and never fully exposed to the extension or end users
• Key hint only: The extension only receives masked key information and the active model label for display purposes in Settings
• Auto selection: The active runtime model is read from Supabase at runtime and the extension uses that provider automatically
• User-provided key: You may optionally enter your own Gemini or Grok API key in Settings. This key is stored locally in your browser only, never sent to our servers, and takes priority over the managed pool
• No managed-key exposure: Managed shared-pool keys are never transmitted to or stored on user devices. Optional user-provided Gemini or Grok keys are stored locally in the browser only.

© 2026 GarmentAI. All rights reserved.
Built with ❤️ by Thao from Hanoi, Vietnam