Privacy Policy

Renovaara is an AI-powered personal styling platform operated by Renovaara (AI-Beauty) (“we”, “us”, “our”). We provide face-shape analysis, colour-season profiling, virtual try-on, hairstyle recommendations, spectacles guidance, and skin analysis through our web application.

Questions about this policy? Reach us at privacy@renovaara.in.

2.1 Data you provide directly

• Selfie / photo uploads — the image(s) you upload for analysis.
• Account information — email address collected via Supabase Auth (Google OAuth or magic link).
• Payment details — processed entirely by Razorpay. We never store card numbers, CVVs, or bank credentials.

2.2 Data collected automatically

• Usage data — pages visited, features used, session duration, browser type, and device type (via Vercel Analytics / standard server logs).
• IP address — logged transiently for security and abuse prevention.
• Cookies — Supabase sets a session cookie for authentication. We do not use third-party advertising cookies.

• Generate your personalised AI beauty report and style recommendations.
• Authenticate your account and gate paid features.
• Process and verify payments via Razorpay webhooks.
• Send transactional emails (receipt and report-ready notifications) via Resend.
• Detect and prevent abuse, fraud, and unauthorised access.
• Improve our AI models and product experience using anonymised, aggregated analytics.

We do not sell, rent, or trade your personal data to third parties for advertising purposes.

Your uploaded photo is transmitted securely to OpenAI's API for analysis only. It is not used to train OpenAI's models under our API agreement. After analysis is complete, the image is retained in your account for 30 days so you can re-access your report, then automatically deleted from storage.

You may delete your report and associated images at any time from your dashboard. Deletion is permanent and irreversible.

• Contract — processing required to deliver the service you paid for.
• Legitimate interests — security, fraud prevention, and product improvement.
• Consent — for optional marketing emails, where you opt in explicitly.

Indian users have rights under the Digital Personal Data Protection Act, 2023 (DPDP Act), including the right to access, correct, and erase your data.

We share data only with the following sub-processors, under confidentiality agreements:

• Photos — deleted 30 days after upload (or immediately on manual deletion).
• Report data — retained while your account is active, deleted within 30 days of account closure.
• Payment records — retained for 7 years for tax and legal compliance.
• Auth logs — retained for 90 days.

All data is transmitted over TLS 1.2+. Supabase enforces Row-Level Security (RLS) so each user can only access their own data. API keys and secrets are stored as encrypted environment variables and never exposed client-side.

Renovaara is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you believe a child has provided us data, contact us immediately and we will delete it.

You may at any time: access the data we hold about you, correct inaccurate data, request deletion of your account and all associated data, or withdraw consent for optional communications.

To exercise any right, email privacy@renovaara.in with the subject line “Data Request”. We will respond within 30 days.

We may update this policy from time to time. Material changes will be communicated via email or an in-app banner at least 7 days before they take effect. Continued use of the service after that date constitutes acceptance.