Privacy Policy
Last updated: March 27, 2026
1. Data controller
The data controller for your personal data is [COMPANY_NAME], with tax ID [CIF], registered at [FULL_ADDRESS] (hereinafter, "Trikapp" or "we").
You can contact us at any time at privacy@trikapp.es.
2. What data we collect
2.1 Data you provide directly
- User account: email address, username, display name and profile picture.
- Wardrobe content: photographs of clothing items you upload and the metadata you add (name, brand, description).
- Outfits and posts: clothing combinations you create, descriptive text, hashtags and the visibility setting you choose (public, followers only or private).
- Social interactions: profiles you follow, content you like or save as favorites.
- Communications: messages you send us via support email.
2.2 Automatically generated data
- AI analysis: when you photograph a garment, our AI (Gemini Vision, by Google) analyzes the image to automatically detect its category, colors, material, season, print and silhouette. These attributes are stored alongside the item.
- Semantic embeddings: numerical representations (vectors) generated from the attributes of your clothes and outfits for natural text search and personalized suggestions. These vectors do not contain personally identifiable information.
- Style DNA: if you use this feature, we generate a personal style profile (dominant color palette, category distribution, preferred silhouettes) from the items in your wardrobe.
2.3 Technical and usage data
- Device data: model, operating system, app version, Firebase installation identifier.
- Usage analytics: screens visited, features used, session duration. This data is collected in aggregate form through Firebase Analytics / Google Analytics 4.
- Crash reports: diagnostic data in case of app crashes (Firebase Crashlytics). These do not include personal data, only technical error information.
2.4 Subscription data
If you subscribe to a premium plan, payment processing is handled directly by Apple (App Store) or Google (Google Play). We do not store credit card details or financial information. Through RevenueCat (our subscription management provider), we only receive: active plan type, start and expiry dates, and subscription status.
3. How we use your data
| Purpose | Legal basis (GDPR) |
|---|---|
| Manage your account and authentication | Performance of contract (Art. 6.1.b) |
| Provide the digital wardrobe, outfits and social network service | Performance of contract (Art. 6.1.b) |
| Analyze garments with AI and generate automatic classifications | Performance of contract (Art. 6.1.b) |
| Generate personalized outfit suggestions and Style DNA | Performance of contract (Art. 6.1.b) |
| Display your public content in the social feed | Performance of contract (Art. 6.1.b) |
| Manage premium subscriptions | Performance of contract (Art. 6.1.b) |
| Improve the app through aggregate analytics | Legitimate interest (Art. 6.1.f) |
| Detect and fix technical errors | Legitimate interest (Art. 6.1.f) |
| Prevent fraud and abuse | Legitimate interest (Art. 6.1.f) |
| Service communications (important changes, security) | Performance of contract (Art. 6.1.b) |
4. Who we share your data with
We do not sell your data to third parties or share it for advertising purposes. We only share information with the providers strictly necessary to deliver the service:
| Provider | Purpose | Location |
|---|---|---|
| Google Cloud Platform (Cloud Run, Cloud Storage) | Hosting, image storage, database | EU (europe-west1) |
| Firebase (Google) | Authentication, analytics, crash reporting | EU |
| Vertex AI / Gemini (Google) | AI clothing analysis, embedding generation | EU (europe-west1) |
| RevenueCat | In-app subscription management | USA (with signed DPA) |
All our providers operate under Data Processing Agreements (DPA) compliant with the GDPR. For providers outside the EEA, adequate safeguards exist (Standard Contractual Clauses or adequacy decisions).
5. International transfers
Our main servers are located in the European Union (Google Cloud region europe-west1, Belgium). Some third-party services may process data in the United States under the safeguards of the EU-US Data Privacy Framework or Standard Contractual Clauses of the European Commission.
6. How long we keep your data
| Data type | Retention period |
|---|---|
| Account and profile | While your account is active |
| Clothes, outfits, posts | While your account is active. If deleted, moved to trash for 30 days then permanently removed. |
| Analytics data | 14 months (Firebase Analytics configuration) |
| Crash reports | 90 days |
| Subscription data | While active + legal tax retention period (5 years) |
When you delete your account, we will delete or anonymize all your personal data within a maximum of 30 days, except for data we are legally required to retain.
7. Your rights
Under the GDPR, you have the following rights:
- Access: request a copy of your personal data.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request deletion of your data ("right to be forgotten").
- Restriction: restrict processing in certain circumstances.
- Portability: receive your data in a structured, machine-readable format.
- Objection: object to processing based on legitimate interest.
- Withdraw consent: at any time, without retroactive effect.
To exercise any of these rights, send an email to privacy@trikapp.es specifying your username and the right you wish to exercise. We will respond within a maximum of 30 days.
If you believe we have not adequately addressed your request, you may file a complaint with the Spanish Data Protection Agency (AEPD) or your local supervisory authority.
8. Security
- All communications are encrypted via HTTPS/TLS.
- Images are stored in Google Cloud Storage with restricted access via signed URLs with expiry.
- Authentication is managed through Firebase Auth (JWT tokens).
- Data is stored in monitored databases with restricted access.
- We perform periodic security and dependency reviews.
9. Children's privacy
Trikapp is not directed at children under 13. We do not knowingly collect data from children under this age. If we discover we have collected data from a child under 13, we will delete it immediately. If you are a parent or guardian and believe your child has provided us with personal data, contact us at privacy@trikapp.es.
10. Privacy by default
In Trikapp, all your content is private by default. Only you can see your clothes, outfits and closets until you decide to change the visibility to "public" or "followers only". The social network is an option, not a requirement.
11. Artificial intelligence and automated decisions
- Analysis is performed exclusively to improve your app experience (auto-classification, suggestions, search).
- It has no legal effects nor significantly affects you in any similar way.
- You can edit or delete any AI-generated classification at any time.
- Images are processed on Google Cloud servers in the EU and are not used to train third-party AI models.
12. Changes to this policy
We may update this privacy policy periodically. If we make material changes, we will notify you through the app or by email before the changes take effect. The "last updated" date at the top of this page indicates when it was last modified.
13. Contact
- Email: privacy@trikapp.es
- Address: [FULL_ADDRESS]