Trust & Privacy
How we handle your data
This page is maintained by the Clothing Enhancer team to answer common security and privacy questions about the product. It describes our current practices and is editable project content — not an independent audit or certification.
Accounts & authentication
Accounts are created with an email and password, or by signing in with Google. Passwords are never stored in plain text. You can reset your password from the password reset page, and delete or change your account by contacting us.
What we collect
We collect the information needed to run the product: your email address, the photos you upload for enhancement, the generated results, basic usage metadata (credits used, subscription state), and standard server/access logs. We do not sell personal data.
Your photos
Photos you upload are processed to generate enhanced versions you can download. We retain originals and outputs while your account is active so you can re-download them. If you'd like specific images deleted, contact us and we'll remove them.
Payments
Subscriptions and one-time purchases are processed by Stripe. Card details are entered directly into Stripe's hosted checkout and never touch our servers — we only receive non-sensitive identifiers (customer ID, subscription state, last 4 digits) needed to manage your plan.
Subprocessors
We rely on a small set of vendors to operate the service:
- Lovable Cloud — application hosting, database, and authentication.
- Stripe — payment processing and subscription billing.
- Resend — transactional email delivery.
- Google — sign-in (when you choose Google auth).
- Meta Pixel — marketing analytics on public pages.
Email & unsubscribe
We send account, billing, and review-request emails related to your purchases. Every marketing or review-request email includes a one-click unsubscribe link, and you can also manage email preferences from the unsubscribe page.
Security practices
Traffic is served over HTTPS. Database access is restricted by row-level security so a signed-in user can only read and write their own records. Administrative keys and third-party secrets are stored as server-side environment variables and are never shipped to the browser.
Privacy requests & contact
To request a copy of your data, deletion of your account, or to ask any privacy question, reach us via the contact page. We respond to verified requests as quickly as we reasonably can.
Reporting a security issue
If you believe you've found a security vulnerability, please email us through the contact page with a description and reproduction steps. Please don't publicly disclose the issue before we've had a chance to investigate.
Last updated: July 2026. This page describes current product behavior and may be updated as the product evolves.