superstyle

Security, Privacy & Data Use

What we collect

We collect the minimum data needed to provide the Service: your account information (via Clerk authentication), style preferences from your liked outfits, and images you upload for virtual try-on.

Image handling

  • Uploaded images (selfies, clothing photos) are processed in memory and not stored permanently
  • Any cached images are automatically deleted after 3 days
  • Your images are never used to train AI models
  • Try-on results are returned directly in the API response and not stored server-side

Transport security

  • All API endpoints are served over HTTPS (TLS 1.2+)
  • Plaintext HTTP requests are rejected
  • API traffic is routed through AWS CloudFront with modern TLS configuration

API key security

  • API keys are stored securely in DynamoDB
  • You can generate new keys and revoke old ones at any time from the Developer Portal
  • Every API call is logged with timestamp and endpoint for audit purposes
  • All keys start with ss_ for easy identification in code reviews and secret scanning

Infrastructure

  • AWS Lambda — serverless compute (no persistent servers to compromise)
  • DynamoDB — encrypted at rest with AWS-managed keys
  • CloudFront — edge-level DDoS protection and TLS termination

Data retention

  • All data is processed in the US East (N. Virginia) AWS region
  • No personal data is shared with third parties beyond our subprocessors
  • API usage logs are retained for 90 days
  • You can request deletion of your data at any time

Cookies

We use essential cookies for authentication (Clerk session tokens) and theme preference. We do not use third-party tracking cookies or analytics.

Reporting security issues

If you discover a security vulnerability, please open an issue on our GitHub. We take all reports seriously and will respond within 48 hours.

Contact

Questions about privacy or data handling? Reach out via our GitHub.