WinFIT

Privacy Policy

Last updated: March 10, 2026

This Privacy Policy explains how EG PRIME LLC ("we", "us", or "our") collects, uses, stores, and shares personal data when you use WinFIT (the "Service"). Please read this policy carefully. By using the Service, you acknowledge and agree to the practices described below.

1. Data We Collect

a. Account Data

Email address, display name, username, user ID, profile photo, login metadata (sign-in method, timestamps), and subscription status.

b. App Content

Outfit photos submitted for analysis, scan results and style scores, wardrobe items, saved looks, and style preferences.

c. Social and Community Data

Posts and captions shared on the social feed, comments on posts, group memberships and group chat messages, follower and following relationships, reactions and likes, and content you report or block.

d. Usage and Analytics Data

App events and feature interactions, session duration and diagnostics, crash reports, and referral codes used.

e. Device and Technical Data

Device type, operating system and version, app version, language and region settings, push notification tokens (APNs device tokens), and device identifiers.

2. How We Use Data

• Outfit Analysis: Provide AI-powered outfit scoring, style recommendations, and feedback by transmitting your photos to our AI processing partners.
• Account and Sync: Save your account progress, wardrobe, and scan history, and sync your content across sessions and devices.
• Social Features: Display your posts, comments, and profile to other users; enable group chats and follow relationships.
• Service Improvement: Improve product quality, model performance, reliability, and user experience through analytics.
• Subscriptions: Manage subscriptions, process billing, and prevent fraud.
• Communications: Send important service updates, respond to support requests, and deliver push notifications you have opted into.
• Safety and Moderation: Enforce our Terms and Community Guidelines, process reports, and protect users from abuse.

3. AI Photo Processing

When you scan an outfit, your photo is transmitted to a third-party AI service provider (currently OpenAI) for analysis. This processing is essential to the outfit scoring and recommendation features of the Service.

• Photos are sent to OpenAI's API solely for the purpose of generating outfit analysis results.
• We do not use your photos for AI model training. OpenAI's data retention and usage policies apply to data processed through their API. You can review OpenAI's privacy practices at openai.com/policies/privacy-policy.
• No Biometric Data: WinFIT does not extract, collect, or store biometric identifiers (such as facial geometry, fingerprints, or body measurements) from your photos. Photos are analyzed solely for clothing, style, color coordination, and overall outfit composition.

4. Legal Bases for Processing (Where Applicable)

Depending on your region, we process personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you signed up for (account management, outfit analysis, content sync).
• Legitimate Interests: Processing for service security, fraud prevention, product improvement, and analytics, where our interests do not override your rights.
• Consent: Where we rely on your consent (such as push notifications or optional analytics), you may withdraw consent at any time through your device or in-app settings.
• Legal Obligations: Processing required to comply with applicable laws, regulations, or legal processes.

5. Sharing of Data

a. With Other Users

Content you post to the social feed (posts, captions, profile name, profile photo) is visible to other WinFIT users. Comments are visible on the post they are attached to. Group chat messages are visible to members of that group. Your follower and following lists may be visible to other users.

b. With Service Providers

We share data with trusted third-party service providers who process data on our behalf and only for service delivery purposes:

• Supabase — backend infrastructure, database hosting, and authentication.
• OpenAI — AI-powered outfit photo analysis and style recommendations.
• Mixpanel — product analytics and usage insights.
• Superwall — subscription paywall management.
• Apple (APNs) — push notification delivery.
• Microsoft Clarity — website analytics and session recordings (website only).

c. For Legal Reasons

We may disclose data when required by law, regulation, legal process, or governmental request, or when necessary to protect the rights, safety, and security of our users and services.

d. Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such change.

We do not sell your personal data. We do not share your personal data with third parties for their own marketing purposes.

6. Data Retention

We retain personal data for the following approximate periods:

• Account data: retained while your account is active and for up to 90 days after account deletion to allow for recovery or legal obligations.
• Outfit photos and scan results: retained while your account is active; deleted upon account deletion.
• Social content (posts, comments, messages): retained while your account is active; deleted upon account deletion, except content shared in group chats which may persist for other members.
• Analytics data: retained in aggregated or anonymized form for up to 24 months.
• Support correspondence: retained for up to 24 months after resolution.

We may retain data for longer periods where required by law, tax, accounting, or legal obligations.

7. Data Security

We use reasonable technical and organizational safeguards to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include encrypted data transmission (TLS), secure cloud infrastructure, access controls, and regular security reviews.

No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users without undue delay (and within 72 hours where required by GDPR) and will notify the relevant supervisory authority as required by applicable law.

9. Your Rights and Choices

a. General Rights

Depending on your jurisdiction, you may have rights to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Request restriction of or object to certain processing.
• Request a portable copy of your data (data portability).
• Withdraw consent where processing is based on consent.

To exercise these rights, contact us at support@winfitapp.com. We may need to verify your identity before processing the request. We will respond within 30 days (or the period required by applicable law).

b. Data Export

You can export a copy of your personal data (including profile information, scan history, and wardrobe data) at any time through the in-app settings under "Export My Data."

c. Opt-Out of Analytics

You can opt out of analytics data collection at any time through the in-app settings under the Privacy section. When opted out, no usage or analytics data will be collected or sent to our analytics providers.

d. Push Notifications

You can disable push notifications at any time through your device settings. Disabling notifications does not affect your use of the Service.

e. Account Deletion

You can request deletion of your account and all associated data by contacting support@winfitapp.com or through the in-app settings. Deletion is permanent and irreversible.

10. Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You may request that we correct inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise these rights, contact us at support@winfitapp.com. We will verify your identity before processing your request.

Categories of personal information collected (as defined by the CCPA): Identifiers (email, user ID, device identifiers); Internet or electronic network activity (app usage, analytics); Audio, electronic, or visual information (outfit photos); Inferences drawn from the above (style preferences, scores).

11. Additional Rights for EU/UK Residents (GDPR)

If you reside in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Data Portability: You may request a machine-readable copy of the personal data you provided to us.
• Right to Object: You may object to processing based on legitimate interests at any time. We will stop processing unless we have compelling legitimate grounds.
• Right to Restrict Processing: You may request that we restrict processing of your data in certain circumstances.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

International Data Transfers: Your data may be processed in the United States and other countries outside the EEA/UK. Where required, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms, to ensure adequate protection for your data.

12. Children

WinFIT is not directed to children under 13 years of age (or the minimum age required by local law). We do not knowingly collect personal data from children under this age. If we learn that we have collected personal data from a child under 13, we will take steps to delete that data promptly.

If you believe a child under 13 has provided us with personal data, please contact us immediately at support@winfitapp.com.

13. Tracking and Cookies

a. Mobile App Tracking

WinFIT does not track you across other companies' apps or websites. We do not use Apple's Identifier for Advertisers (IDFA) or request tracking permission through App Tracking Transparency. Analytics data collected by Mixpanel is used solely to improve WinFIT and is not shared with advertisers or used for cross-app tracking.

b. Website Cookies

Our website at winfitapp.com uses the following tracking technologies:

• Microsoft Clarity: We use Clarity for website analytics, including session recordings and heatmaps, to understand how visitors interact with our website and improve the user experience.

The WinFIT mobile app uses Mixpanel for analytics (which you can opt out of in settings) and does not use cookies.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and may notify you by email or in-app notification. Continued use of the Service after updates means you accept the revised policy.

15. Contact

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

Email: support@winfitapp.com
Address: 254 Chapman Rd, Ste 208 #25956, Newark, DE 19702, USA