Privacy Policy

Effective date: February 1, 2026

NoGuess (“we”, “us”, “our”) provides AI-powered try-on services for e‑commerce websites. This Privacy Policy explains what information we collect, why we collect it, how we use it, and the choices you have. It applies to information collected via our website (noguess.co), our widget and SDKs (the "Service"), and communications with us.

Summary

• We process images, device metadata, and product metadata to render try-on previews in a user’s environment.
• We minimize retention of personally identifiable images and do not store customer photos permanently unless explicitly required for debugging with consent.
• You can exercise data subject rights (access, deletion, portability) — see the "Your Rights" section.

Information we collect

User-submitted content: Photos, short camera scans, or video frames that users choose to capture and submit to enable try-on previews. These images may include parts of a room, furniture, and in some flows, people’s faces or bodies (only when the customer explicitly participates in a person-facing try-on).

Product data: Product images, SKU identifiers, dimensions and metadata that merchants provide to render previews and match assets.

Device & technical data: Device model, operating system, browser, IP address, screen size, camera and sensor metadata necessary to anchor products in the scene, and telemetry needed to diagnose errors.

Usage data: Events and logs (e.g., try-on started, try-on completed, add-to-cart events) to evaluate feature performance and enable analytics.

How we use information

• To generate realistic try‑on previews in the user's environment in real-time.
• To operate, maintain, and improve the Service, including model accuracy, detection, occlusion handling, lighting, and scale estimation.
• To provide merchant-facing analytics and product performance metrics (aggregated, non-identifying where possible).
• To communicate about account setup, billing, support, security notices, and policy changes.
• To comply with legal obligations and protect rights and safety.

Legal basis for processing (EEA/GDPR)

If you are located in the European Economic Area, we rely on the following legal bases depending on the processing activity: (a) performance of a contract to provide the Service; (b) legitimate interests such as security, fraud prevention, and product improvement (where these interests are not overridden by users' rights); and (c) consent for processing special categories of data or where required by law.

Sharing and processors

We do not sell personal data. We share information only as described below or with your consent:

• Service providers: Cloud hosting, content delivery, analytics, error monitoring, and payment processors who act as data processors on our behalf under contract.
• Merchants: Merchants integrating NoGuess receive event data and, where the merchant requests, product and try-on metadata needed to attribute conversions and support customer service.
• Legal obligations: When required by law, court order, or to respond to legal process.
• Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction — we will notify affected users where required by law.

International transfers

We may transfer personal data outside your country, including to servers in the United States and the EU. Where transfers occur from the EEA to jurisdictions without an adequacy decision, we rely on standard contractual clauses, an appropriate data transfer mechanism, or explicit consent where necessary.

Data retention

We retain data only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and for legitimate business purposes. By default:

• Session images used to render previews are processed in real-time and deleted promptly unless retained for debugging with explicit customer consent.
• Event logs and aggregated analytics are retained for up to 24 months by default unless otherwise requested.

Security

We use administrative, technical, and physical safeguards to protect personal data. This includes encryption in transit (TLS), encryption at rest where appropriate, role-based access controls, monitoring, and regular security assessments. While we strive to protect your data, no system is completely secure — if a breach occurs we will follow applicable notification laws and inform affected parties as required.

Children

Our Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal data without parental consent, contact us and we will take steps to delete such information.

Cookies and tracking

We and our service providers use cookies and similar technologies for site functionality, analytics, and performance. You can control cookies via your browser settings; however, disabling cookies may affect the Service's functionality.

California residents (CCPA)

If you are a California resident, you have the right to request: (a) disclosure of categories of personal information collected and the purposes for which it was collected; (b) deletion of personal information (subject to exceptions); and (c) to opt-out of sales of personal information (we do not sell personal information). To exercise these rights, contact us at the address below.

Your rights and choices

Depending on your jurisdiction, you may have the right to access, rectify, update, port, restrict or delete your personal data, and to object to or withdraw consent. To exercise your rights, please contact us at the email below. We will verify identity before responding to requests and will respond within the timeframe required by applicable law.

Third-party links and content

Our website may include links to third-party sites and services that are governed by their own privacy policies. We are not responsible for their practices.

Changes to this policy

We may modify this Privacy Policy from time to time. We will post the updated policy with a revised effective date. For material changes, we will provide additional notice as required by law.

Data Processing Addendum (DPA)

We provide a Data Processing Addendum for merchants that require it. Contact us at the address below to request a DPA or to discuss specific contractual terms (e.g., SCCs, SSO, encryption, and audit rights).

Contact

If you have questions, requests, or concerns about this Privacy Policy or our practices, email: info@noguess.co, or mail: NoGuess, Riga, Latvia.

This policy is provided for informational purposes and does not create any contractual or legal rights beyond those set out in a separate agreement between you and NoGuess.