Privacy Policy

Effective date: January 1, 2026
Last updated: January 1, 2026

This Privacy Policy ("Policy") describes how MioLook ("we", "us", "our", "Company", "Service") collects, uses, stores, shares, and protects the personal data of users ("you", "User") of the MioLook web application and the associated website miolook.com.

By using our Service, you acknowledge that you have read this Policy and consent to the processing of your data as described herein. If you do not agree with the terms of this Policy, please discontinue use of the Service.

1. Legal Basis for Data Processing

We process personal data on the following legal grounds:

• Consent — upon registration and use of the Service (Art. 6(1)(a) GDPR).

• Performance of a contract — to provide Service features, including AI image processing (Art. 6(1)(b) GDPR).

• Legitimate interest — to ensure security, prevent fraud, and improve the Service (Art. 6(1)(f) GDPR).

• Legal obligations — to comply with applicable laws and regulations (Art. 6(1)(c) GDPR).

2. Data We Collect

2.1. Data You Provide

• Registration data: name (or nickname), email address, password (stored in hashed form using bcrypt algorithm).

• Profile data: gender, age group, style preferences, body measurements — if you choose to provide them.

• Photos and images: photos of clothing, appearance, hairstyles, and makeup that you upload for AI features of the Service.

• Wardrobe data: information about clothing items, categories, brands, seasonality, color characteristics.

• Notes and reminders: text entries you create within the application.

• Support inquiries: content of your messages when contacting us.

2.2. Data Collected Automatically

• Technical data: IP address, browser type and version, operating system, screen resolution, time zone, language settings.

• Usage data: pages visited, session frequency and duration, actions performed (outfit generation, viewing recommendations, wardrobe management).

• Cookies and similar technologies: see Section 8 for details.

2.3. Special Categories of Data

Photos of your face and body may contain biometric data classified as special categories of personal data. We process such data solely based on your explicit consent, given when uploading images. We do not use facial recognition technology for personal identification — processing is directed only at style analysis, hairstyle selection, and makeup visualization.

3. Purposes of Data Processing

We use the collected data for the following purposes:

• Service delivery: account creation and management, AI photo processing, stylist recommendation generation, digital wardrobe storage and organization.

• Personalization: tailoring AI stylist recommendations based on your preferences, selection history, and wardrobe characteristics.

• Visualization: generating images of hairstyles, outfits, and makeup based on your photos.

• Communication: sending service notifications, responding to support inquiries, informing about significant changes to the Service.

• Security: protecting accounts, detecting fraudulent activity, preventing abuse.

• Analytics and improvement: analyzing Service usage in aggregated form to enhance functionality and user experience.

• Legal compliance: fulfilling applicable legal requirements and responding to lawful requests from government authorities.

4. Image Processing and AI

A core feature of MioLook is AI-powered image processing. Important clarifications:

• Uploaded photos are processed for clothing recognition, color analysis, outfit matching, hairstyle generation, and makeup visualization.

• Processing is performed on secure servers using encryption in transit (TLS 1.2+) and at rest.

• We do not sell your photos or share them with third parties for purposes unrelated to Service delivery.

• We do not use your personal photos to train general-purpose AI models without your separate explicit consent.

• You may delete any uploaded images at any time through the Service settings.

5. Data Storage and Protection

5.1. Security Measures

We implement comprehensive technical and organizational measures to protect your data:

• Data encryption in transit (TLS/SSL) and at rest (AES-256).

• Password hashing using the bcrypt algorithm.

• Access restrictions to personal data based on the principle of least privilege.

• Regular encrypted backups.

• Monitoring and logging of system access.

• Protection against unauthorized access, DDoS attacks, and other threats.

5.2. Retention Periods

• Account data: retained for the duration of the account and 30 days after deletion (to allow recovery).

• Photos and images: retained until you delete them or delete your account.

• Wardrobe data and notes: retained until you delete them or delete your account.

• Technical logs: retained for no more than 90 days.

• Payment data: retained in accordance with tax law requirements (up to 5 years).

6. Data Sharing with Third Parties

We do not sell or rent your personal data. We may share data in the following cases:

• Service providers: hosting providers, payment processing services, AI infrastructure providers — solely for Service delivery and under data processing agreements.

• Legal requirements: upon lawful request from government authorities, court orders, or as required by applicable law.

• Rights protection: to protect the rights, property, or safety of MioLook, our users, or the public.

• With your consent: in other cases — only with your explicit consent.

7. International Data Transfers

Your data may be processed in countries other than your country of residence. When transferring data outside the European Economic Area (EEA), we ensure appropriate safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission.

• European Commission adequacy decisions.

• Other mechanisms provided for under Art. 46 GDPR.

8. Cookies and Tracking Technologies

8.1. Types of Cookies Used

• Strictly necessary: ensure Service operation, authentication, security. Cannot be disabled.

• Functional: save your settings (language, theme, display preferences).

• Analytical: help understand how the Service is used, in aggregated and anonymized form.

8.2. Managing Cookies

You can manage cookie settings through your browser preferences. Please note that disabling certain cookies may affect Service functionality.

9. Your Rights

Depending on applicable law, you have the following rights:

9.1. Rights Under GDPR (for EEA and UK Residents)

• Right of access (Art. 15 GDPR) — obtain a copy of your personal data.

• Right to rectification (Art. 16 GDPR) — correct inaccurate or incomplete data.

• Right to erasure (Art. 17 GDPR) — request deletion of your data ("right to be forgotten").

• Right to restriction of processing (Art. 18 GDPR) — restrict processing of your data.

• Right to data portability (Art. 20 GDPR) — receive your data in a machine-readable format.

• Right to object (Art. 21 GDPR) — object to processing based on legitimate interest.

• Right to withdraw consent — at any time, without affecting the lawfulness of processing prior to withdrawal.

• Right to lodge a complaint — with the data protection supervisory authority of your country.

9.2. Rights Under CCPA/CPRA (for California Residents, USA)

• Right to know what personal data is collected and how it is used.

• Right to delete personal data.

• Right to opt out of the sale or sharing of personal data (we do not sell your data).

• Right to non-discrimination for exercising your rights.

• Right to correct inaccurate data.

• Right to limit the use of sensitive personal information.

9.3. How to Exercise Your Rights

To exercise any of the above rights, send a request to privacy@miolook.com. We will respond within 30 days (or within another period established by applicable law). To verify your identity, we may request additional information.

10. Children's Data Protection

The MioLook Service is not intended for individuals under the age of 16 (or under the age established by the laws of your jurisdiction). We do not knowingly collect data from minors. If you discover that a minor has provided us with their data, please contact us — we will promptly delete such data.

11. Automated Decision-Making

MioLook AI recommendations (outfit selection, hairstyles, makeup) are informational suggestions and do not constitute automated decision-making with legal effects on the User within the meaning of Art. 22 GDPR. You are always free to accept, modify, or reject any recommendations.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours (Art. 33 GDPR).

• Notify affected users without undue delay (Art. 34 GDPR).

• Take all necessary measures to minimize the impact and prevent recurrence.

13. Changes to This Policy

We may update this Policy as needed. In the event of material changes, we will notify you by email and/or through a prominent notice in the Service at least 30 days before the changes take effect. Continued use of the Service after changes take effect constitutes your acceptance of the updated Policy.

14. Contact Information

If you have questions, comments, or requests related to personal data processing, please contact us:

• Privacy email: privacy@miolook.com

• General support: info@miolook.com

• Website: miolook.com