dragolea.

§ legal / privacy

Privacy
Policy.

Effective 8 April 2026 GDPR aligned

This policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and what rights you have. We aimed to make it readable; please reach out if anything is unclear.

01 — Who we are

Data controller

The data controller is DRAGOLEA DANIEL-ȘTEFAN PERSOANĂ FIZICĂ AUTORIZATĂ, a sole proprietorship (Persoană Fizică Autorizată) registered in Romania (fiscal code RO52427919, trade registry F2025032209005), with registered address at Satul Săftica, Comuna Balotești, Județul Ilfov, cod poștal 077017, Romania. For any questions about this policy or to exercise your rights, contact us at privacy@dragolea.com.

02 — What we collect

Categories of data

We collect only what we need to run the Services. Depending on how you use dragolea.com and AI Wardrobe Stylist, we may collect:

  • Account data — email address, display name, hashed password, authentication provider (Google), email verification status, date of account creation.
  • Profile data — optional style preferences, body measurements, weather preferences, onboarding answers you choose to provide.
  • Wardrobe content — photos of clothing items you upload, AI-generated categorization (type, color, pattern, occasion), descriptions and notes.
  • Body imagery — the optional full-body photo you upload to enable virtual try-on. This is treated as special content and is not shared beyond the AI processing required to generate try-on results.
  • Generated content — outfits, try-on images, packing lists, and other AI-generated outputs linked to your account.
  • Usage data — product interactions, feature usage, session metadata, device information (OS, model, app version), approximate location inferred from IP for weather features.
  • Payment data — purchase records linked to Google Play, Apple, or Stripe transaction IDs. We do not store your card number; payments are processed by the respective payment providers.
  • Communications — emails you send to our support addresses, in-app content reports, and correspondence related to your account.

03 — How we use your data

Purposes and legal bases

We process personal data for the following purposes, relying on the legal bases identified under the EU General Data Protection Regulation (GDPR):

  • To provide the Services — authenticating you, storing your wardrobe, generating AI outputs you request, processing payments. Legal basis: performance of a contract.
  • To keep the Services secure — detecting and preventing fraud, abuse, spam, and unauthorized access. Legal basis: legitimate interest and legal obligation.
  • To comply with the law — tax records, consumer protection, responding to lawful requests. Legal basis: legal obligation.
  • To communicate with you — account verification, password resets, important service announcements. Legal basis: performance of a contract.
  • To improve the Services — analyzing aggregated usage to fix bugs and prioritize features. Legal basis: legitimate interest. We do not use your wardrobe content or AI outputs to train third-party AI models.

04 — AI Processing

How AI uses your content

AI Wardrobe Stylist sends your uploaded photos and text prompts to third-party AI providers to deliver features:

  • Google Gemini (Google LLC) — used for clothing categorization, outfit generation, packing list creation, gap analysis, and color analysis. Photos and text prompts are sent to Google's API endpoints and processed under Google's API terms.
  • OpenAI (OpenAI, LLC) — used for virtual try-on imagery via the GPT Image 1.5 model. Your body photo and clothing item images are sent to OpenAI's API endpoints and processed under OpenAI's API terms.

Both providers process data on our behalf. According to their published API policies, data sent through the API is not used to train their models. We retain generated images on our infrastructure (Cloudflare R2) linked to your account so you can view them later; you may delete them at any time.

05 — Who we share data with

Sub-processors and recipients

We share personal data only with the service providers necessary to run the Services. Each acts as a data processor on our behalf:

  • Railway Corp (US) — application and database hosting.
  • Cloudflare, Inc. (US) — image storage (R2), CDN, and DNS.
  • Google LLC (US) — Gemini AI processing, Google Sign-in, Google Play Billing.
  • OpenAI, LLC (US) — GPT Image 1.5 for virtual try-on.
  • Stripe, Inc. (US / Ireland) — web-based payments.
  • RevenueCat, Inc. (US) — subscription lifecycle management.
  • Resend (Resend Inc., US) — transactional email delivery.
  • Apple Inc. (US) — when iOS is supported, for App Store payments.

Transfers outside the European Economic Area are made subject to appropriate safeguards, including the European Commission's Standard Contractual Clauses where applicable. We do not sell personal data, and we do not share it with third parties for their own marketing purposes.

06 — Retention

How long we keep data

We keep personal data only for as long as necessary to provide the Services and to comply with legal obligations:

  • Account data and content — kept while your account is active. Deleted within 30 days of account deletion, except where retention is required by law (e.g. tax records).
  • Uploaded images (clothing, body photos, try-on results) — removed from Cloudflare R2 when you delete them in-app or when you delete your account.
  • Payment and billing records — retained for the period required by Romanian tax law (currently 10 years for accounting records).
  • Logs and technical data — retained for up to 90 days for security and troubleshooting.

07 — Your rights

What you can ask us to do

Under the GDPR and Romanian data protection law, you have the following rights:

  • Access — obtain a copy of the personal data we hold about you. You can export your data in JSON format directly from the app's Profile screen.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — delete your account and associated data, either in-app or via our web deletion page .
  • Restriction — ask us to limit processing in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format (JSON export).
  • Objection — object to processing based on our legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time (without affecting lawful processing before withdrawal).
  • Complain — lodge a complaint with the Romanian data protection authority (ANSPDCP, dataprotection.ro ) or with the authority in your EU country of residence.

To exercise your rights, email privacy@dragolea.com. We will respond within 30 days.

08 — Children

Age restrictions

The Services are not intended for children under 13 (or the minimum age of digital consent in your country, whichever is higher). We require users to confirm their age at registration. If you believe we have inadvertently collected data from a minor, please contact privacy@dragolea.com and we will remove it promptly.

09 — Security

How we protect data

We apply reasonable technical and organizational measures to protect personal data: TLS encryption in transit, at-rest encryption for storage, hashed and salted passwords, JWT authentication, per-endpoint rate limiting, strict access controls on production infrastructure, and security headers (Helmet). No system is perfectly secure; if a breach occurs that puts your rights at risk, we will notify you and the competent authority as required by law.

10 — Cookies

Website cookies

This website (https://dragolea.com) does not use tracking cookies or third-party analytics. It serves as a static presence for DRAGOLEA DANIEL-ȘTEFAN PERSOANĂ FIZICĂ AUTORIZATĂ and hosts our legal documentation and support information.

The AI Wardrobe Stylist mobile application does not use cookies in the traditional web sense, but it does store authentication tokens and local preferences on your device to keep you signed in and to remember your choices.

11 — Changes to this policy

Updates over time

We may update this policy to reflect changes in our practices, the Services, or legal requirements. The "Effective" date at the top will always reflect the latest version. If changes are material, we will notify you through the Services or via email before they take effect.

12 — Contact

How to reach us

For privacy-related questions, data requests, or concerns, contact:

Postal: DRAGOLEA DANIEL-ȘTEFAN PERSOANĂ FIZICĂ AUTORIZATĂ, Satul Săftica, Comuna Balotești, Județul Ilfov, cod poștal 077017, Romania.