← Back

Privacy Policy

Last updated: May 18, 2026

1. Introduction

Tupple Inc., a Delaware corporation ("Tupple," "we," "our," or "us"), operates the WeatherStyle mobile application ("App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information. By using the App, you agree to this Policy. If you do not agree, do not use the App.

Data Controller: Tupple Inc., Delaware, USA. Contact: Tuppleapp@tupple.io.

2. Information We Collect

Account Information

When you sign in via Google or Apple, we receive your email address and basic profile information from the authentication provider. We do not receive or store passwords. If you use Apple's "Hide My Email," we receive only the relayed address.

Profile Preferences

Style preferences, gender, temperature sensitivity, color palette, wake-up time, and timezone, used to personalize recommendations.

Location Data

City-level location you manually enter (city name, latitude, longitude) for weather forecasts. We do not use GPS or track real-time location.

Photos & Biometric Information

If you use the Try-On feature, you may upload a photo of yourself. Photos containing your face may constitute biometric information under Illinois BIPA, Texas CUBI, and "special category" data under GDPR Article 9. By uploading a Try-On photo, you provide your explicit, informed consent for Tupple and our AI subprocessors (Google Gemini) to process facial features and likeness solely for the purpose of generating outfit visualizations for you. You may withdraw consent at any time by deleting your Try-On photo in Settings, which removes it from our storage and stops further processing. We do not sell, trade, or disclose biometric data, and we do not use it for identification, advertising, or AI model training. Try-On photos and composites are stored privately, accessible only to you, and are deleted when you remove them or delete your account.

AI-Generated Content

We generate outfit text and images via AI providers (see Subprocessors below). Your inputs (text prompts, photos) are sent to these providers, processed transiently to generate outputs, and the resulting outputs are stored in our private storage accessible only to you.

Payment Information

iOS subscriptions and credit purchases are processed by Apple In-App Purchase. Payment is charged to your Apple ID at confirmation. We do not receive your Apple payment credentials. Web payments are processed by Stripe, Inc.; we do not store card numbers or bank details. We receive only payment status, subscription state, and transaction metadata. See Apple's Privacy Policy and Stripe's Privacy Policy.

Push Notification Tokens

If you opt in to notifications, we store your APNs/FCM push token to deliver scheduled outfit notifications. You can revoke this in your device settings at any time.

Credit & Referral Data

Credit balances, monthly reset dates, and referral relationships are stored to operate the credit and referral systems.

3. How We Use Your Information & Legal Bases (GDPR)

Where GDPR applies, we rely on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)): Providing outfit recommendations, processing payments, managing your account, delivering notifications.
  • Explicit consent (Art. 6(1)(a) & Art. 9(2)(a)): Try-On biometric processing, push notifications, optional features.
  • Legitimate interests (Art. 6(1)(f)): Securing the App, preventing abuse, improving service reliability, operating the referral program.
  • Legal obligation (Art. 6(1)(c)): Tax records, responding to lawful requests.

4. Subprocessors & Third-Party Services

We share data with the following subprocessors strictly to provide the App. Each is bound by their own privacy terms:

  • Supabase (USA) — Authentication, database, file storage. Privacy
  • Google Gemini (USA) — AI text & image generation; receives prompts and Try-On photos transiently. Privacy
  • OpenWeather (UK) — Weather forecasts; receives city coordinates only. Privacy
  • ElevenLabs (USA) — Text-to-speech for outfit narration; receives outfit text. Privacy
  • Stripe, Inc. (USA) — Web payment processing. Privacy
  • Apple Inc. (USA) — Sign in with Apple, In-App Purchases, push notifications via APNs. Privacy
  • Google LLC (USA) — Sign in with Google, FCM push delivery. Privacy

5. International Data Transfers

Tupple Inc. is based in the United States, and our subprocessors are primarily located in the USA. If you access the App from the EEA, UK, or Switzerland, your data is transferred to the United States. We rely on Standard Contractual Clauses (SCCs) and equivalent safeguards adopted by our subprocessors to protect such transfers. By using the App, you acknowledge these transfers.

6. Data Storage & Security

  • Row-Level Security (RLS) policies restrict every record to its owner.
  • Try-On photos live in a private bucket accessed only via short-lived signed URLs.
  • All API communications use HTTPS/TLS encryption in transit.
  • Authentication tokens are managed by Supabase Auth.
  • Sensitive operations (credit deduction, account deletion) use server-side security-definer functions.
  • No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

7. Data Retention

We retain your data while your account is active. Outfit recommendations and try-on results are generated daily and retained for your access. Try-On photos are retained until you delete them or your account. When you delete your account, all associated data — profile, preferences, photos, generated content, biometric data, and transaction records (except records we must retain for tax or legal compliance) — is permanently deleted within 30 days.

8. Your Rights

All Users

  • Access your data through profile and settings
  • Correct your preferences and profile at any time
  • Delete your Try-On photo from settings
  • Delete your account entirely, removing all data
  • Opt out of optional features (Try-On, audio narration, notifications)

EEA / UK Residents (GDPR)

You also have the right to data portability, to object to or restrict processing, to withdraw consent at any time, and to lodge a complaint with your supervisory authority.

California Residents (CCPA/CPRA)

You have the right to know what personal information we collect, the right to delete it, the right to correct inaccurate information, the right to limit use of sensitive personal information (including biometric data), and the right to non-discrimination for exercising these rights. We do not sell or share your personal information for cross-context behavioral advertising. To exercise these rights, contact Tuppleapp@tupple.io.

Illinois Residents (BIPA)

If you upload a Try-On photo, you provide written informed consent for biometric processing as described in Section 2. We retain biometric data only as long as needed to provide the Try-On feature and delete it when you remove the photo or your account, and in no case more than three years after your last interaction.

9. Children's Privacy

The App is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have, contact us and we will promptly delete it.

Users in jurisdictions where the digital age of consent is above 16 must have verifiable parental or guardian consent to use the App. This consent is typically obtained through your Apple ID Family Sharing or Google Family Link settings, which manage parental approval for app downloads and in-app purchases.

10. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified through the App or via email. The "Last updated" date at the top reflects the latest revision.

11. Contact Us

For privacy questions, requests, or to exercise your rights:

Tupple Inc.
Tuppleapp@tupple.io