Privacy Policy

Last updated: March 5, 2026

Replica AI, Inc. ("Replica AI," "we," "us," or "our") is a Delaware C-Corporation. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our virtual try-on platform, or engage with our services.

1. Information We Collect

Information you provide directly:

• Contact information (name, email, company name) when you book a demo or reach out to us
• Account credentials if you create a Replica AI account
• Product images and catalog data uploaded to our platform by merchant partners

Information collected automatically:

• Device and browser information, IP address, and general location data
• Usage data such as pages visited, features used, and session duration
• Cookies and similar tracking technologies (see Section 6)

User-uploaded photos:

• When an end user uploads a photo for virtual try-on, the image is processed in real time for that session only
• Photos are not stored on our servers unless the user explicitly opts in to save their profile
• We do not use end-user photos to train our AI models

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our virtual try-on services
• Process and fulfill demo requests and merchant onboarding
• Improve and personalize our platform and user experience
• Communicate with you about updates, promotions, and support
• Analyze usage trends and measure the effectiveness of our services
• Comply with legal obligations and enforce our terms

3. How We Share Your Information

We do not sell your personal information. We may share information with:

• Service providers: Third-party vendors who assist with hosting, analytics, email delivery, and customer support, under strict data processing agreements
• Business partners: E-commerce platforms (e.g., Shopify, BigCommerce) only as necessary to deliver our integration services
• Legal compliance: When required by law, regulation, or legal process
• Business transfers: In connection with a merger, acquisition, or sale of assets

4. Data Retention

We retain personal information only as long as necessary to fulfill the purposes described in this policy, or as required by law. Merchant account data is retained for the duration of the service agreement. End-user try-on session data is ephemeral and deleted immediately after processing unless the user opts in to save.

5. Data Security

We implement industry-standard security measures to protect your data, including:

• TLS 1.3 encryption for all data in transit
• Encryption at rest for stored data
• Regular security audits and penetration testing
• Role-based access controls and SSO for enterprise accounts

6. Cookies and Tracking

We use cookies and similar technologies to improve your experience, analyze traffic, and serve relevant content. You can manage your cookie preferences through your browser settings. We use:

• Essential cookies: Required for the platform to function
• Analytics cookies: Help us understand how visitors interact with our site
• Marketing cookies: Used to deliver relevant advertisements (only with your consent)

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access, correct, or delete your personal information
• Opt out of marketing communications at any time
• Request a copy of your data in a portable format
• Withdraw consent where processing is based on consent
• Lodge a complaint with a supervisory authority

8. GDPR Compliance (EEA Users)

If you are in the European Economic Area, we process your data under lawful bases including consent, contractual necessity, and legitimate interests. You have the right to access, rectify, erase, restrict, or port your data. To exercise these rights, contact us at the address below.

9. CCPA Compliance (California Residents)

Under the California Consumer Privacy Act, California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To submit a request, contact us at the address below.

10. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

11. International Transfers

Replica AI is based in the United States. If you access our services from outside the U.S., your information may be transferred to and processed in the U.S. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. We encourage you to review this page periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Replica AI, Inc.
A Delaware C-Corporation
219 6th Street, San Francisco, CA 94103
Email: admin@myreplica.io