Overview
The short version: We collect the minimum data needed to run the app, we never sell it, and you can delete everything permanently at any time.
This Privacy Policy explains how Aryal Technologies Pty Ltd (ABN 33 692 831 459) ("puku", "we", "us", "our") collects, uses, and protects information when you use the puku iOS application and website. By using our services, you agree to the terms in this policy.
puku is currently available in selected countries only. This policy applies to users in those supported jurisdictions. If you access puku from a country where it is not officially available, you do so at your own risk and we make no representations regarding compliance with your local laws.
We are committed to protecting your privacy and handling your data transparently. This policy is aligned with the Australian Privacy Act 1988 (Cth). Where we serve users in the EU/EEA or California, we also apply GDPR and CCPA principles respectively.
Data We Collect
Account Information
- Email address (required for sign-up)
- Name (optional display name)
- Password (hashed — we never store plain-text passwords)
- Authentication tokens
Wardrobe & Style Data
- Photos of your clothing items
- AI-generated metadata: item type, color, occasion suitability
- Style prompts you provide ("smart casual for dinner")
- Saved outfit combinations
- Feedback on outfit suggestions (liked/disliked)
Body & Fit Data (Optional)
- Body photo for outfit visualization (optional; stored separately with enhanced encryption)
- Gender preference for styling (optional)
Device & Technical Data
- Device type and iOS version
- App version
- Anonymous crash reports and error logs
- Basic usage analytics (screens visited, feature usage — anonymized)
What We Do NOT Collect
- Location data
- Contacts or address book
- Browsing history outside puku
- Financial information (we do not process payments directly)
- Biometric data (Face ID processing happens on-device via Apple's secure enclave)
How We Use Your Data
We use your data strictly to provide and improve puku. Specifically:
- To generate outfits: Your clothing photos and prompts are sent to Claude AI (Anthropic) to generate outfit suggestions.
- To categorize items: Clothing photos are processed by AI to identify type, color, and attributes.
- To sync your wardrobe: Your data is stored in our Supabase database so you can access it across devices.
- To improve the app: Anonymous, aggregated usage data helps us understand how puku is used and where to improve it.
- To communicate with you: Email is used only for authentication (OTP codes) and critical service notifications. We do not send marketing emails without your explicit opt-in.
We do not use your data to:
- Target you with advertising
- Build profiles to sell to third parties
- Train AI models without explicit consent
- Make automated decisions that produce legal or similarly significant effects
Your Photos
Your photos are used only to power puku features. We never view them manually, share them, or use them for advertising.
Photos you upload (wardrobe items and optional body photo) are:
- Stored encrypted at rest in Supabase Storage (AES-256)
- Transmitted over HTTPS (TLS 1.3)
- Accessible only to you via authenticated requests
- Sent to Anthropic's API only when you request outfit generation or categorization
- Permanently deleted when you delete items or your account
Body photos are stored in a separate, restricted storage bucket with additional access controls. They are never sent to the AI — they are only used for client-side outfit visualization.
AI Processing
puku uses Claude AI (by Anthropic) for two core functions:
- Outfit generation: Your style prompt and wardrobe item descriptions are sent to Claude to generate outfit combinations.
- Item categorization: Photos are sent to Claude Haiku to automatically detect item type, color, and occasion suitability.
When you use these features, the relevant data (photo or text description) is transmitted to Anthropic's API. Anthropic processes this data under their privacy policy. Per Anthropic's API terms, data submitted via the API is not used to train their models unless you specifically opt in.
We do not use your data to fine-tune or train any AI models without your explicit written consent.
Data Storage & Security
All data is stored securely with the following measures in place:
- Data at rest: AES-256 encryption
- Data in transit: TLS 1.3
- Database access: Row-level security (RLS) policies — you can only access your own data
- Authentication: Secure OTP via email + optional Face ID
- Password storage: bcrypt hashed, never stored in plain text
- Primary data location: AWS ap-southeast-2 (Sydney, Australia)
While we implement industry-standard security measures, no system is completely immune to security risks. We will notify affected users of any data breach as required by applicable law.
Retention & Deletion
We retain your data only as long as your account is active, or as needed to provide our services.
You can delete data at any time:
- Individual items: Delete from the Wardrobe tab in the app
- Saved outfits: Delete from the Favourites tab
- Full account deletion: Settings → Account → Delete Account
When you delete your account, all data (photos, wardrobe items, outfits, style preferences) is permanently deleted from our databases within 30 days. This deletion is irreversible.
We retain anonymized, non-identifiable analytics data for up to 2 years for product improvement purposes.
Your Rights (GDPR & Privacy Act)
Depending on your location, you may have the following rights regarding your personal data:
- Right to access: Request a copy of the personal data we hold about you.
- Right to rectification: Correct inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data ("right to be forgotten").
- Right to restriction: Request we limit how we process your data.
- Right to data portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests.
- Right to withdraw consent: Withdraw consent where processing is consent-based.
To exercise any of these rights, contact us at hello@aryal.com.au. We will respond within 30 days. We may need to verify your identity before processing requests.
If you are in the EU/EEA and believe we have not handled your data correctly, you have the right to lodge a complaint with your local supervisory authority.
Children's Privacy
puku is not directed at children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at hello@aryal.com.au and we will delete the data promptly.
Users aged 13–17 must have parental consent to use puku.
Policy Changes
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Effective date" at the top of this page
- Send a notification via the app for significant changes
- Where required, request fresh consent
Continued use of puku after changes take effect constitutes acceptance of the updated policy.
Contact Us
For privacy-related enquiries, data subject requests, or to report a concern:
- Email: hello@aryal.com.au
- Company: Aryal Technologies Pty Ltd
- ABN: 33 692 831 459
- Country: Australia
We aim to respond to all privacy enquiries within 5 business days, and to all formal data subject requests within 30 days.