PRIVACY POLICY
Effective Date: June 4, 2026
This Privacy Policy ("Policy") governs the collection, use, disclosure, and retention of personal information by Cloey ("Cloey," "we," "us," or "our") in connection with your use of the Cloey mobile application and any related services (collectively, the "Services"). By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with this Policy, you must discontinue use of the Services immediately.
1. INFORMATION WE COLLECT
1.1 Information You Provide Directly
We collect information that you voluntarily provide when you create an account, configure your profile, or otherwise interact with the Services, including but not limited to:
- Account Information: Name, email address, username, and profile image.
- Profile Information: Gender or style department, fashion preferences, aesthetic preferences, biographical details, and currency or regional settings.
- User Content: Photographs of clothing items and outfits, as well as any accompanying descriptions, notes, tags, ratings, or other metadata you submit. This also includes any content you post, share, or make available to other users through the Services, such as outfit posts, captions, comments, reactions, and any other user-generated content.
- Profile Information (Public): Your display name, profile image (avatar), and the curated photos or outfits ("selects") you choose to feature on your public profile. This information is used to populate your public-facing profile as described in Section 4.
- Social Information: If you use the social features of the Services, we collect information about your social graph and interactions, including: friend requests you send or receive; your list of accepted friends; the list of users you have blocked; and your interactions with other users' content (e.g., likes, comments, shares, and messages).
- Search Queries and Imported Links: When you use the "Add from web" feature, we collect the search terms you enter to find clothing imagery and any third-party product URLs you paste to import an item. See Section 3 for how this information is processed.
- Location Data: City, region, and country information, provided either manually or through device-based geolocation services with your prior consent. Location data is used to display local weather conditions and regional currency. For these features, we use Open-Meteo (weather data) and Photon by Komoot (city geocoding/search).
- Communications: Any correspondence you direct to us, including support requests, feedback submissions, and feature suggestions.
1.2 Information Collected Automatically
When you access or use the Services, we automatically collect certain technical and usage information, including:
- Device Information: Device type, model, operating system and version, and unique device identifiers.
- Usage Data: Interaction data such as screens viewed, features accessed, actions taken, and session duration and timestamps.
- Advertising Identifiers: Device advertising identifiers (such as Apple's IDFA or Google's GAID), where permitted by your device settings, for the purpose of measuring advertising campaign performance and attribution.
- Push Notification Tokens: Where you have opted in to receive push notifications, we collect device tokens necessary to deliver such notifications, including notifications relating to friend activity (e.g., a friend posting new content or a friend request being received). See Section 5 for how to manage these notifications.
1.3 Information Received from Third Parties
- Authentication Providers: If you elect to sign in using Apple or Google, we receive your name and email address as provided by those services.
- Payment Processors: Subscription payments are processed by Apple or Google, as applicable. We receive confirmation of subscription status and entitlement information only; we do not receive, process, or store payment card numbers or banking details.
2. USE OF INFORMATION
We use the information collected for the following purposes:
- Provision of Services: To create and maintain your account, store and organize your wardrobe content, and deliver the core functionality of the Services.
- AI-Powered Features: To process your photographs using artificial intelligence technology for the purpose of identifying clothing attributes, including category, color, pattern, and style characteristics. AI-powered processing is subject to your in-app consent preferences and may be disabled at any time.
- Personalization: To provide tailored style recommendations, outfit suggestions, and wardrobe insights based on your content and stated preferences.
- Weather Information: To display localized weather data based on your provided location, for the purpose of contextual wardrobe recommendations.
- Social and Community Features: To enable social interactions such as sending and accepting friend requests, maintaining your friends list, blocking users, building and displaying your public profile, generating personal invite links and QR codes, showing a friend activity feed, and facilitating communication between users. Content you choose to post or feature may be visible to other users as described in Section 4.
- Web Search and Item Import: To process the search terms you enter in the "Add from web" feature, to return clothing imagery from our backend image-search service, and to retrieve product details (such as title, brand, image, price, and description) when you paste a product link, in order to pre-fill a new closet item.
- Safety, Reporting, and Moderation: To operate reporting and blocking tools, review reports of objectionable content or abusive users, and take action against content or users that violate our Terms of Service.
- Analytics and Improvement: To analyze usage patterns, diagnose technical issues, monitor performance, and improve the functionality and user experience of the Services.
- Communications: To respond to your inquiries, send service-related notifications, and deliver push notifications where you have opted in to receive them.
- Advertising Measurement: To measure the effectiveness of advertising campaigns, attribute app installs and in-app events to their sources, and optimize marketing efforts.
- Compliance and Protection: To comply with applicable legal obligations, enforce our terms of service, and protect the rights, property, and safety of Cloey, its users, and the public.
3. DISCLOSURE OF INFORMATION
We do not sell, rent, or trade your personal information to third parties. We may disclose your information in the following limited circumstances:
- Other Users: When you use the social features, certain information—including your public profile, selects, posts, and other content you choose to share—is made visible to other Cloey users. This is sharing between users at your direction and is not a sale or disclosure to third parties. The categories of information visible to other users, and to whom, are described in detail in Section 4. You should exercise caution before posting any information you do not wish to be accessible within the Cloey community, as content shared with or viewed by other users may not be fully retrievable.
- Service Providers: We engage third-party service providers to perform functions on our behalf, including but not limited to cloud hosting and data storage, analytics, error monitoring, subscription management, and notification delivery. Such providers are granted access to personal information only to the extent necessary to perform their designated functions and are contractually obligated to maintain the confidentiality and security of such information.
- Weather and Geocoding Providers: To power weather and location features, we share limited location-related data with:
- Open-Meteo (
api.open-meteo.com) to retrieve local weather forecasts based on latitude/longitude. - Photon by Komoot (
photon.komoot.io) to power city search and geocoding when you type a location. These providers process data solely to return weather/geocoding results requested by the app.
- Open-Meteo (
- Advertising and Attribution Partners: We share device identifiers and in-app event data (such as registration, subscription, and purchase events) with advertising attribution and measurement partners, including AppsFlyer, Meta (Facebook), Google, and TikTok. These partners use this information to measure ad campaign performance, attribute app installs, and optimize ad delivery. This sharing occurs only where you have consented to tracking through your device settings (e.g., Apple's App Tracking Transparency prompt).
- AI Processing Providers: When AI-powered features are enabled, your clothing photographs may be transmitted to third-party artificial intelligence service providers for analysis. Where you use the "Add from web" feature, the search query text you enter is also sent to such providers alongside the image to help identify the brand and item name. Such providers process this content solely for the purpose of returning results to the Services and are contractually prohibited from retaining, using, or disclosing it for any other purpose.
- Product Page Retrieval: When you paste a third-party product link in the "Add from web" feature, our backend fetches that retail web page on your behalf in order to extract product details (title, brand, image, price, and description). This results in a request being made to the third-party website you provided.
- Push Notification Delivery: To deliver push notifications (including friend-activity notifications), we transmit notification content and your device push token through Apple Push Notification service (APNs) and Google Firebase Cloud Messaging (FCM), as applicable to your device.
- Legal Obligations: We may disclose your information where required to do so by applicable law, regulation, legal process, subpoena, court order, or governmental request.
- Protection of Rights: We may disclose information where we reasonably believe disclosure is necessary to enforce our agreements, protect our rights or property, prevent fraud, or ensure the safety of our users or the public.
- Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of such transaction. We will notify you of any such change in ownership or control.
4. SHARING WITH OTHER USERS AND PROFILE VISIBILITY
The social features of the Services allow you to make certain information visible to other users. This section explains what is visible and to whom. Sharing described in this section is sharing between users of the Services at your direction; it is not a sale or disclosure of your personal information to third parties.
4.1 Public Profiles
Each user has a public-facing profile page, keyed by username (or, as a fallback, by user ID). Your profile may display your display name, avatar, join date, item/outfit/streak counts, friend count, your curated "selects," and a grid of your recent posts. Your profile is viewable by any logged-in Cloey user who has your profile link or QR code; it is not limited to your friends.
4.2 Visibility Model
Information within the Services falls into the following visibility tiers:
- Public to any logged-in Cloey user (with your link or QR code): Your public profile, including your username, display name, avatar, join date, item/outfit/streak counts, friend count, selects, and the grid of your recent posts.
- Friends-only: Entries in the friend activity feed (such as feed items and notifications about your posts) are shown to users who are your accepted friends. To the extent the product offers posts designated as friends-only, such posts are visible only to your accepted friends.
- Private (visible only to you): Your closet items, wear history, and app settings.
Blocked users cannot view your content or send you friend requests.
4.3 Invite Links and QR Codes
You can generate a personal invite link and QR code that encode a URL of the form https://cloey.app/i/<username-or-userId>. You may share this link or QR code as an image or as a copied URL. Scanning your QR code or opening your invite link grants the viewer read access to your public profile (as described in Section 4.1) and the ability to send you a friend request. Other users can likewise scan a QR code using the in-app camera to view a profile and send a friend request.
Links of the form https://cloey.app/i/* are configured as universal/app links: tapping such a link on a device with Cloey installed opens the app directly to the corresponding profile. On a device without the app installed, the same URL may display a web page on cloey.app inviting the visitor to install Cloey.
4.4 Intra-User Sharing Is Not Third-Party Sharing
For clarity, making your profile, selects, and posts visible to other Cloey users under this Section 4 is sharing between users of the Services, at your direction and control. It is distinct from, and not included in, the third-party disclosures described in Section 3, and we do not sell this information.
4.5 Reporting and Moderation
The Services provide tools to report objectionable content or abusive users on user-generated content surfaces (such as posts and profiles) and to block other users. We review reports we receive and aim to act on violating content—including removing the content and, where appropriate, suspending or banning the responsible user—within 24 hours. For more on prohibited conduct and enforcement, see our Terms of Service.
5. DEVICE PERMISSIONS
The Services request access to certain device capabilities. You can grant or revoke these permissions at any time through your device operating system settings.
- Camera: The camera is used to photograph clothing items and outfits, and to scan other users' QR codes in order to view a profile and send a friend request.
- Photo and Media Library: Access to your photo library is used to let you select existing photos for your closet, posts, or profile selects, and—when you choose to save a generated invite QR code—to write that image to your camera roll.
- Push Notifications: Push notifications are used to deliver app notifications, including friend-activity notifications (such as a friend posting new content or a friend request being received). You may disable push notifications, including the friend-activity category, at any time through your device settings.
6. DATA STORAGE AND SECURITY
Your personal information and User Content are stored on secure cloud infrastructure maintained by reputable third-party hosting providers. We implement industry-standard technical and organizational measures to safeguard your information, including but not limited to:
- Encryption of data in transit (TLS/SSL) and at rest.
- Role-based access controls and authentication mechanisms.
- Regular security assessments and monitoring.
Photographs you upload are stored in access-controlled cloud storage. Access is restricted to you and to our authorized systems for the purpose of processing. Signed access URLs are time-limited and regularly rotated to minimize exposure.
Notwithstanding the foregoing, no method of electronic transmission or storage is entirely secure, and we cannot guarantee the absolute security of your information. You acknowledge and accept the inherent risks associated with providing information electronically.
7. DATA RETENTION
We retain your personal information for as long as your account remains active or as reasonably necessary to provide the Services to you. Upon account deletion, we will delete or anonymize your personal information, including photographs, posts, profile selects, your friend graph (friends and friend requests), your blocked-users list, and other social data, within seven (7) business days, except to the extent that retention is required or permitted by applicable law for purposes including compliance with legal obligations, resolution of disputes, or enforcement of our agreements.
Content you have shared with or posted to other users (such as outfit posts, comments, or messages) may persist in other users' accounts or feeds even after you delete your account or the original content, to the extent that other users have already received or viewed such content.
Aggregated or anonymized data that does not identify any individual may be retained indefinitely for analytics, research, and service improvement purposes.
8. YOUR RIGHTS AND CHOICES
8.1 General Rights
Subject to applicable law, you may have the right to:
- Access: Request confirmation of whether we process your personal data, and obtain a copy of such data.
- Rectification: Request correction of inaccurate or incomplete personal data.
- Erasure: Request deletion of your personal data and account. Account deletion may be initiated directly within the application settings.
- Restriction: Request restriction of processing under certain circumstances.
- Data Portability: Request a copy of your personal data in a structured, commonly used, and machine-readable format.
- Objection: Object to processing of your personal data based on legitimate interests.
- Withdraw Consent: Where processing is based on your consent, you may withdraw such consent at any time without affecting the lawfulness of processing based on consent prior to its withdrawal.
8.2 In-App Controls
- AI Consent: You may enable or disable AI-powered photo analysis at any time through the application settings.
- Sharing and Visibility: You may control what you share with other users by choosing what to post and which selects to feature on your profile, and you may block other users at any time. The visibility model for profiles, posts, and other content is described in Section 4. You may also remove content you have posted at any time, subject to the limitations described in Section 7.
- Push Notifications: You may manage push notification preferences, including friend-activity notifications, through your device operating system settings.
- Ad Tracking: On iOS, you may control whether the app can track your activity across other companies' apps and websites through the App Tracking Transparency prompt or via Settings > Privacy & Security > Tracking. Denying tracking limits the data shared with advertising partners but does not affect core app functionality.
- Location Permissions: You may grant or revoke location access through your device operating system settings.
8.3 European Economic Area and United Kingdom (GDPR)
Where we process personal data of individuals located in the EEA or UK, we do so on the following legal bases:
- Performance of a Contract: Processing necessary for the performance of our agreement to provide the Services to you (Article 6(1)(b) GDPR).
- Consent: Processing based on your freely given, specific, informed, and unambiguous consent, including for AI-powered photo analysis and location access (Article 6(1)(a) GDPR). Consent may be withdrawn at any time.
- Legitimate Interests: Processing necessary for our legitimate interests, including service improvement, analytics, and security, provided such interests are not overridden by your fundamental rights and freedoms (Article 6(1)(f) GDPR).
You have the right to lodge a complaint with your competent supervisory authority. A list of EU/EEA supervisory authorities is available at https://edpb.europa.eu.
8.4 California (CCPA/CPRA)
If you are a California resident, you have the right to:
- Request disclosure of the categories and specific pieces of personal information we have collected about you.
- Request deletion of your personal information.
- Opt out of the sale or sharing of your personal information. We do not sell personal information. We may share device identifiers with advertising partners for ad measurement purposes, subject to your tracking consent preferences. You may opt out of this sharing by denying the App Tracking Transparency prompt or by contacting us.
- Exercise your rights free from discrimination.
To exercise your rights, please contact us at support@cloey.app. We will verify your identity before processing your request.
8.5 Brazil (LGPD)
If you are located in Brazil, you have the right to access, correct, anonymize, block, or delete your personal data. You may also request information about the public and private entities with which we share your data, and you may revoke consent at any time.
9. INTERNATIONAL DATA TRANSFERS
Your information may be transferred to, stored in, and processed in jurisdictions other than your country of residence. Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with applicable data protection law, including the use of Standard Contractual Clauses approved by the European Commission or equivalent transfer mechanisms.
10. CHILDREN'S PRIVACY
The Services are not directed to, and we do not knowingly collect personal information from, children under the age of thirteen (13). If we become aware that we have inadvertently collected personal information from a child under 13, we will take reasonable steps to delete such information promptly. If you believe that a child under 13 has provided personal information to us, please contact us at support@cloey.app.
11. THIRD-PARTY LINKS AND SERVICES
The Services may contain links to third-party websites, applications, or services that are not operated or controlled by Cloey. This Policy does not apply to the practices of such third parties. We encourage you to review the privacy policies of any third-party services you access.
12. CHANGES TO THIS POLICY
We reserve the right to modify this Policy at any time. If we make material changes, we will provide notice through the Services or by other appropriate means prior to the effective date of such changes. The "Effective Date" at the top of this Policy indicates when it was last revised. Your continued use of the Services following the posting of any revised Policy constitutes your acceptance of the terms of the modified Policy.
13. CONTACT US
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Cloey Email: support@cloey.app
For data protection inquiries from the EEA or UK, you may also contact us at the email address above and reference "GDPR Request" in your subject line.