Privacy Policy – Virtual Try-On WooCommerce Plugin

Effective Date: October 1, 2025
Last Updated: October 1, 2025

1. Introduction

This Privacy Policy describes how the Virtual Try-On WooCommerce Plugin (“we,” “us,” “our,” or “the Plugin”) handles information when you use our virtual try-on service. This policy applies to both store owners who install the plugin and end-users (customers) who use the virtual try-on feature.

2. Our Privacy-First Architecture

Important: We use a “Bring Your Own API Key” (BYOK) model.

When you install our plugin, YOU provide your own Fal AI API key. This means:

  • Customer images are processed through YOUR Fal AI account, not ours
  • We (the plugin developers) never see, access, or store end-user images
  • You are the data controller for your customers’ images
  • You are responsible for compliance with applicable privacy laws

3. Information Collection and Processing

3.1 For End-Users (Your Customers)

Images Uploaded for Virtual Try-On:

  • What is collected: Photos customers upload to test virtual try-on
  • Who processes it: Processed through the store owner’s Fal AI account using Google’s Gemini 2.5 Flash Image (nano-banana) model
  • Storage by us: We do NOT store, access, or retain any customer images
  • Storage by Fal AI: Subject to Fal AI’s data retention policies (review at fal.ai/privacy)
  • How it’s used: Generates AI-powered virtual try-on results only

Technical Data:

  • Browser type and device information (collected locally by your browser)
  • Try-on interaction data (stored locally, not transmitted to us)

3.2 For Store Owners (Plugin Administrators)

License Information:

  • License keys and activation status
  • WordPress site URL for license validation
  • Purchase confirmation data

Plugin Usage Statistics:

  • Number of virtual try-ons performed on your site
  • Products enabled for virtual try-on
  • Plugin version and configuration settings
  • Error logs (if technical issues occur)

API Key Storage:

  • Your Fal AI API key is stored encrypted in your WordPress database
  • We never transmit your API key to our servers
  • Your API key remains on YOUR server only

4. How Information is Used

4.1 Image Processing

  • Customer images are sent directly from your website to Fal AI using YOUR API credentials
  • We do not intercept, view, or store these images
  • Images are used solely to generate virtual try-on results
  • Retention and deletion policies are governed by Fal AI’s terms

4.2 License Management

  • Validate plugin licenses and enforce terms
  • Provide technical support and troubleshooting
  • Monitor for license violations or abuse

4.3 Service Improvement

  • Analyze aggregated, anonymized usage statistics
  • Identify and fix technical issues
  • Develop new features based on usage patterns

5. Third-Party Services

5.1 Fal AI (Image Processing)

  • Service: AI-powered virtual try-on processing using Google’s Gemini 2.5 Flash Image
  • Data shared: Customer images (via YOUR API key, not ours)
  • Your responsibility: Review Fal AI’s privacy policy and terms at fal.ai
  • Data controller: YOU are the data controller; Fal AI is the processor
  • Our role: We provide the technical integration only

5.2 Payment Processing

  • Service: Polar.sh handles all payment transactions
  • Data shared: Purchase details necessary for transaction completion
  • What we receive: Transaction confirmation and license generation data
  • What we DON’T receive: Credit card details or sensitive payment information
  • Privacy policy: Subject to Polar.sh’s terms

5.3 What We DO NOT Do

  • We do NOT sell, rent, or share personal information with third parties
  • We do NOT use customer images for AI model training
  • We do NOT share usage data with marketers or competitors
  • We do NOT access images processed through your Fal AI account

6. Data Retention

6.1 Customer Images

  • Our retention: Zero – we never store customer images
  • Fal AI retention: Governed by Fal AI’s policies (typically processed and deleted quickly)
  • Your responsibility: Review Fal AI’s data retention policies

6.2 Plugin Data

  • License information: Retained while license is active
  • Usage statistics: Retained for service provision and support
  • Error logs: Maximum 30 days for debugging purposes
  • API keys: Stored encrypted on your server only

7. Data Security

7.1 Technical Safeguards

  • Encryption: All data transmission uses SSL/TLS encryption
  • API key storage: Encrypted in your WordPress database
  • Access controls: Limited access on a need-to-know basis
  • Regular updates: Security patches and monitoring
  • Code standards: Follows WordPress.org security guidelines

7.2 Store Owner Responsibilities

To maintain security, you should:

  • Keep WordPress, WooCommerce, and our plugin updated
  • Use strong passwords and two-factor authentication
  • Implement WordPress security best practices
  • Monitor your Fal AI API usage for anomalies
  • Use HTTPS on your website (required for camera access)
  • Review and comply with applicable privacy laws (GDPR, CCPA, etc.)

7.3 Security Incident Response

If you suspect a security breach:

  • Immediately rotate your Fal AI API key
  • Review server and error logs
  • Contact our support: support@virtualtryonwoo.com
  • We will provide emergency security patches if needed

8. Your Rights and Responsibilities

8.1 As a Store Owner

Your rights:

  • Access and manage your license through the plugin dashboard
  • View usage statistics for your site
  • Request license and data deletion

Your responsibilities:

  • Provide clear privacy notice to YOUR customers about virtual try-on
  • Obtain necessary consents from customers for image processing
  • Comply with GDPR, CCPA, and other applicable privacy laws
  • Secure your Fal AI API key
  • Review Fal AI’s terms and privacy policy

8.2 As an End-User (Customer)

Your rights:

  • Your images are processed temporarily for try-on purposes only
  • Contact the store owner for privacy concerns (they control the data)
  • Uninstall/clear browser data to remove local try-on history

What to know:

  • The store owner (not us) controls how your images are processed
  • Images are processed through the store’s Fal AI account
  • Review the store’s privacy policy for their specific practices

9. Legal Compliance

9.1 GDPR (European Union)

Legal basis for processing:

  • Store owners: Contract performance, legitimate interests
  • End-users: Consent (obtained by store owner), contract performance

Your rights under GDPR:

  • Access, rectification, erasure, restriction of processing
  • Data portability, object to processing
  • Withdraw consent, lodge complaints with supervisory authorities

For EU customers: Contact the store owner where you used virtual try-on

9.2 CCPA (California)

California residents have rights to:

  • Know what personal information is collected
  • Know whether personal information is sold or disclosed
  • Opt-out of sale of personal information (we don’t sell data)
  • Non-discrimination for exercising privacy rights

9.3 International Data Transfers

  • Plugin is operated from Kenya, Nairobi
  • Data may be transferred internationally when using Fal AI services
  • Fal AI’s data processing locations are governed by their terms

10. Children’s Privacy

Our service is not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. Store owners should not enable virtual try-on for children’s products without appropriate safeguards and parental consent mechanisms.

If you believe we have collected information from a child, contact us immediately at support@virtualtryonwoo.com.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Updating the “Last Updated” date
  • Providing notice through the plugin dashboard
  • Email notification for significant privacy changes (if we have your contact)
  • Posting on our website at virtualtryonwoo.com

Continued use of the plugin after changes constitutes acceptance of the updated policy.

12. Contact Information

For privacy questions or concerns:

Data Protection Officer: For GDPR-related inquiries: support@virtualtryonwoo.com

13. Definitions

“Store Owner” – The merchant who installs and configures the plugin on their WordPress/WooCommerce site

“End-User” or “Customer” – Individuals who use the virtual try-on feature on a store owner’s website

“We,” “Us,” “Our” – The developers and operators of the Virtual Try-On WooCommerce Plugin

“BYOK” – Bring Your Own API Key – architectural approach where store owners provide their own Fal AI credentials

“Data Controller” – The entity that determines purposes and means of processing personal data (the store owner for customer images)

“Data Processor” – The entity that processes data on behalf of the controller (Fal AI)

Summary for Store Owners: You control customer data. We provide the tool. You’re responsible for compliance with privacy laws in your jurisdiction. Review Fal AI’s policies and implement appropriate privacy notices for your customers.

Summary for Customers: Your images are processed by the store’s AI account, not by us. Contact the store owner for privacy concerns about your virtual try-on experience.

Start typing and press enter to search

Scroll to Top