Privacy Policy

Last updated: 24 February 2026

1. Who we are

Wardrio (“we”, “us”, “our”) is an AI-powered personal styling service. When you use Wardrio you are interacting with services operated by Wardrio Ltd.

If you have any questions about this policy or how we handle your data, please contact us at privacy@wardrio.com.

2. What data we collect

Account information

When you sign in we collect your name and email address, either directly or via Google OAuth. We store a hashed session token to keep you signed in.

Uploaded photos

When you upload an outfit photo, the image is sent to our servers, processed by AI to identify clothing items, and stored securely in AWS S3 (eu‑west‑2). Original and cropped versions of your images are retained to power visual matching and to cache AI results.

Wardrobe items

Items you save to your wardrobe — including category, description, colour, brand and any product images — are stored in our database linked to your account.

Usage analytics

If you accept analytics cookies, we collect anonymised usage events (e.g. pages visited, features used) via PostHog to help us improve the product. No event is collected before you give consent. You can withdraw consent at any time via the Cookies section below.

Error monitoring

We use Sentry to capture application errors. Error reports may include a URL, browser type and a stack trace; they do not include personally identifiable information unless you are signed in, in which case a user ID may appear in the trace.

Log data

Our servers automatically record standard access logs: IP address, request path, HTTP status code and response time. Logs are retained for up to 30 days.

3. How we use your data

  • To provide the core service: identifying clothing items from photos and building your wardrobe.
  • To enable visual product matching by generating and storing image embeddings.
  • To send you emails necessary to your account (e.g. sign‑in links). We do not send marketing emails.
  • To detect, investigate and prevent abuse, fraud and security incidents.
  • To improve the product using aggregated, anonymised analytics (only with consent).

4. Legal bases (UK GDPR)

  • Contract — processing your photos and building your wardrobe is necessary to deliver the service you signed up for.
  • Consent — analytics cookies are only set after you have accepted them.
  • Legitimate interests — security logging, abuse prevention, and error monitoring.

5. Third-party services

We share data with the following sub-processors:

ProcessorPurposeLocation
Amazon Web ServicesCloud infrastructure, S3 storage, SQS messaging, Lambda computeEU (eu‑west‑2)
AnthropicAI clothing identification (Claude API)USA (API only — images are not retained by Anthropic)
RailwayPostgreSQL database hostingEU
GoogleOAuth sign‑inUSA
PostHogProduct analytics (consent required)EU (eu.i.posthog.com)
SentryError monitoringUSA
AWINAffiliate product linksEU

USA-based processors operate under standard contractual clauses (SCCs) or the EU–US Data Privacy Framework where applicable.

6. Data retention

  • Account data is retained for as long as your account is active, plus 90 days after deletion.
  • Uploaded photos and wardrobe items are deleted when you remove them or delete your account.
  • Image cache entries (AI results keyed to an image hash) are retained for up to 90 days.
  • Server logs are retained for up to 30 days.
  • Analytics events are subject to PostHog's own retention policy (12 months by default).

7. Your rights

Under UK GDPR you have the right to:

  • Access — request a copy of your personal data.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data (“right to be forgotten”).
  • Portability — receive your data in a machine-readable format.
  • Restriction — ask us to pause processing in certain circumstances.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — withdraw analytics consent at any time (see Cookies).

To exercise any of these rights, contact us at privacy@wardrio.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8. Cookies

We use the following types of cookies:

NameTypePurposeDuration
next-auth.session-tokenEssentialKeeps you signed in30 days
wardrio_cookie_consentEssentialRemembers your cookie preferences1 year
ph_*Analytics (optional)PostHog product analytics1 year

Analytics cookies are only placed if you click Accept on the cookie banner. You can change your preference at any time by clicking the button below.

9. Security

All data is transmitted over HTTPS. S3 buckets are private and server-side encrypted. Database access is restricted by network policy. We follow the principle of least privilege for all service accounts.

10. Children

Wardrio is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of this page will reflect any changes. For material changes we will notify signed-in users by email.