StyleWizardStyleWizardUpload a photo

Privacy Policy

Stand: 20 June 2026

This Privacy Policy explains how StyleWizard processes your personal data when you use our website and application at thestylewizard.com (the "Service"). We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telecommunications Digital Services Data Protection Act (TDDDG).

1. Controller

The controller responsible for data processing within the meaning of Art. 4(7) GDPR is:

UPVIS Kevin Schwed
Neckaring 99, 64521 Groß-Gerau, Germany
Email: info@upvis.de · Phone: +49 151 25553575

We have not appointed a Data Protection Officer, as we are not legally required to do so. For any privacy request, contact info@upvis.de.

2. The data we process, purposes and legal bases

a) Account & sign-in (Google)

When you sign in with Google we receive from your Google account your name, email address, Google account identifier and profile picture. We use this data solely to create and authenticate your user account, to provide the Service and to contact you about your account. Legal basis: performance of a contract (Art. 6(1)(b) GDPR). See also Section 4 (Google user data).

b) Photos you upload (special category data)

To create your styled look we process the photo you upload. A facial photograph can constitute biometric / special category data (Art. 9 GDPR). We process it only transiently in order to generate your result and we do not store the original photo — it is discarded immediately after processing. We do not use it to uniquely identify you and we do not create biometric templates. Legal basis: your explicit consent (Art. 9(2)(a) and Art. 6(1)(a) GDPR), which you give by uploading a photo, and the performance of our contract with you (Art. 6(1)(b) GDPR). You may withdraw this consent at any time with effect for the future.

c) Generated results & library

The outputs we create (your styled image, the style guide and the structured recommendations) are stored in your personal library so you can access them again. Legal basis: performance of a contract (Art. 6(1)(b) GDPR). You can delete individual results or your entire account at any time.

d) Payments

When you purchase credits or a membership, payment is processed by Stripe. We receive transaction metadata (amount, currency, status, timestamps, and a customer/subscription identifier) but not your full card details. Legal bases: performance of a contract (Art. 6(1)(b) GDPR) and compliance with statutory retention/accounting obligations (Art. 6(1)(c) GDPR).

e) Usage analytics & marketing measurement

Only with your consent do we use PostHog (product analytics) and the Meta Pixel together with the Meta Conversions API (to measure the performance of our advertising). This may involve event data and hashed identifiers (e.g. a hashed email). Legal basis: your consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG). You can grant or refuse this in the cookie banner and withdraw it at any time with effect for the future.

f) Server logs & security

Our hosting provider automatically processes technical access data (e.g. IP address, timestamp, requested URL, user agent) to deliver and secure the Service. Legal basis: our legitimate interest in a secure, functioning service (Art. 6(1)(f) GDPR).

3. AI image generation (Google Gemini)

We generate your styled image and recommendations using Google's Gemini API. For this purpose your uploaded photo and your style inputs are transmitted to Google for processing. This may involve a transfer to third countries (see Section 6). Per Google's API terms, content submitted to the paid Gemini API is not used to train Google's models. Legal bases as in Section 2(b).

4. Google user data (Google API Services)

StyleWizard's use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically:

  • We only request the basic profile scopes needed to sign you in (your name, email address and profile picture).
  • We use this Google user data only to provide and improve the sign-in and account features you request.
  • We do not sell Google user data, and we do not transfer it to third parties except as necessary to provide the Service, for security, or to comply with applicable law.
  • We do not use Google user data for advertising.
  • We do not use Google user data to train generalized or non-personalized AI/ML models.

5. Recipients / processors

We use carefully selected service providers who process data on our behalf under data processing agreements (Art. 28 GDPR):

  • Supabase — database, authentication and storage (EU region, Frankfurt).
  • Vercel — application hosting and delivery.
  • Google (Gemini API) — AI image and text generation.
  • Stripe — payment processing.
  • Meta Platforms Ireland — advertising measurement (only with consent).
  • PostHog — product analytics, EU hosting (only with consent).

6. International transfers

Some providers may process data outside the European Economic Area (in particular the USA). In such cases the transfer is safeguarded by the EU Standard Contractual Clauses and/or, where applicable, the provider's certification under the EU-US Data Privacy Framework, together with appropriate additional measures.

7. Retention

  • Original uploaded photo: not stored — deleted immediately after processing.
  • Account data and generated results: until you delete them or delete your account.
  • Payment / invoice records: for the statutory retention period (generally up to 10 years under German commercial and tax law).
  • Server logs: for a short period for security, then deleted or anonymized.

8. Your rights

Under the GDPR you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and to object (Art. 21). Where processing is based on consent, you may withdraw it at any time with effect for the future (Art. 7(3) GDPR), without affecting the lawfulness of processing before withdrawal. To exercise your rights, contact info@upvis.de.

9. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. The authority competent for us is: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany.

10. Cookies & consent

We use technically necessary storage to operate the Service (e.g. session and consent state). Analytics and marketing cookies/identifiers are set only after your consent via our cookie banner. You can change your choice at any time.

11. Automated decision-making

The styling results are AI-generated suggestions. We do not use automated decision-making producing legal effects or similarly significant effects on you within the meaning of Art. 22 GDPR.

12. Children

The Service is intended for users aged 18 and over. We do not knowingly process data of minors.

13. Changes to this policy

We may update this Privacy Policy to reflect changes to the Service or legal requirements. The current version is always available on this page with its "last updated" date.