AtelierBack home

Privacy Policy

Last updated: May 9, 2026

Atelier: AI Fashion Mentor (“we”, “us”, “our”) operates the Atelier: AI Fashion Mentor website and mobile application (the “Service”). This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service.

We will not use or share your information with anyone except as described in this Privacy Policy. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1. Information you provide

  • Quiz answers — your responses to the style questionnaire (eye color, hair color, skin tone, body type, preferences, lifestyle questions).
  • Email address — collected at the end of the quiz to deliver your personal style profile and account communications.
  • Subscription preference — whether you opted in to receive periodic style updates and recommendations.
  • Payment information — processed exclusively by our PCI-DSS compliant payment processor (Stripe). Atelier: AI Fashion Mentor never stores raw card numbers, CVCs or full expiry data on our servers.

1.2. Information collected automatically

  • Usage data — pages visited, time on page, quiz progression, button clicks. Used in aggregate to improve product experience.
  • Device data — browser type and version, operating system, approximate location derived from IP address (country and region only — never precise GPS).
  • Cookies — see Section 5.

2. How We Use Your Data

  • To compute your personal style profile, color season and palette.
  • To deliver subscription content via email and in-app.
  • To process payments and manage your subscription lifecycle.
  • To improve the Service through anonymized analytics — understanding which questions cause drop-off, which palettes resonate, etc.
  • To respond to support requests and protect the Service from fraud and abuse.

3. Third-Party Services

We rely on the following processors:

  • Stripe, Inc. — payment processing and subscription management. Stripe is PCI-DSS Level 1 compliant. See Stripe Privacy Policy.
  • Mixpanel, Inc. — product analytics. Used to understand aggregate funnel behavior. Distinct identifier is your email (after submission). See Mixpanel Privacy Policy.
  • Microsoft Clarity — session replay and heatmaps for debugging UX. No precise inputs (no card numbers, no passwords) are recorded. See Microsoft Privacy Statement.
  • Apple Inc. / Google LLC — when you subscribe via App Store or Google Play, payment and subscription data are handled by the platform.

4. Data Retention

We keep your account data for as long as your account is active. After account deletion (request via [email protected]), we delete your personal data within 30 days, except where retention is legally required (e.g., financial records up to 7 years per applicable tax law).

5. Cookies

We use the following categories of cookies:

  • Essential — locale preference, session ID, CSRF tokens. Cannot be disabled.
  • Analytics — Mixpanel and Microsoft Clarity. Help us improve the product. You can opt out via your browser’s Do Not Track setting.

We do not use advertising cookies.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion (“right to be forgotten”).
  • Object to or restrict certain processing.
  • Data portability — receive your data in a structured format.
  • Lodge a complaint with your local supervisory authority.

To exercise any of these rights, contact [email protected]. We will respond within 30 days.

7. Children’s Privacy

The Service is intended for users 18 and older. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, contact us — we will delete it promptly.

8. International Transfers

Your data may be processed in the United States and other countries where our service providers operate. We rely on Standard Contractual Clauses and equivalent safeguards for transfers from the EU/UK.

9. Security

We use industry-standard encryption (TLS in transit, AES at rest), 2FA on operational accounts, and least-privilege access. No method of transmission over the Internet is 100% secure, but we strive to protect your data using commercially acceptable means.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest revision. Material changes will be communicated via email at least 14 days before they take effect.

11. Contact Us

Questions, concerns or rights requests: [email protected].