Legal
Privacy Policy
Last updated: March 2026
Chosen Ecom Limited (“Aestify”, “we”, “us”, “our”) operates the Aestify platform at aestify.io — an AI-powered product photography service for Shopify merchants. This policy explains what personal data we collect, why we collect it, who we share it with, and what rights you have. It applies to all users of the Aestify platform and the Aestify storefront widget. We are subject to the General Data Protection Regulation (GDPR) and applicable EU member state data protection law.
Data Controller
Chosen Ecom Limited
RM 509, 5/F The Cloud 111, Tung Chau St, Tai Kok Tsui, Hong Kong
Registration No: 78031944-000-04-25-6
EU Representative: BR Zakelijk, Randstad 2201, Almere, Netherlands — support@aestify.io
Data We Collect
- Account data — email address and hashed password, collected at registration.
- Payment data — billing name, last four card digits, and subscription status. Card numbers are processed directly by Stripe and never pass through our systems.
- Usage data — pages visited, features used, session timestamps, and error events. Collected automatically via server logs and Sentry.
- Generated content — AI-generated product images produced during your sessions. Stored in Cloudflare R2 (EU region) and linked to your account.
- Uploaded product images — images of your products that you upload. Stored in Cloudflare R2 (EU region). Not used to train AI models.
- AI content log (ai_content_log) — a record of each generation event: timestamp, model used, input hash, output reference, and C2PA/XMP metadata identifiers. Retained for EU AI Act compliance.
- Storefront widget — shopper photos (zero-storage) — when a shopper uses the Aestify storefront widget, their photo is processed in memory only. Shopper photos are processed in memory only and are never written to disk, database, or cloud storage. No shopper biometric data is retained after the session ends.
- Cookies — essential session cookies only. No advertising or tracking cookies. See our Cookie Policy for details.
Why We Process Your Data
We process personal data only for specific purposes with a defined legal basis under GDPR Art 6.
| Category | Purpose | Legal basis | Retention |
|---|---|---|---|
| Account data | Authenticate you and operate your account | Art 6(1)(b) — contract | Until deletion + 30 days |
| Payment data | Process credit purchases and subscriptions | Art 6(1)(b) — contract | 7 years (legal obligation) |
| Usage data | Diagnose errors, monitor performance | Art 6(1)(f) — legitimate interest | 12 months rolling |
| Generated images | Deliver generation results, display in dashboard | Art 6(1)(b) — contract | Active + 12 months post-closure |
| Uploaded product images | Run AI generation you requested | Art 6(1)(b) — contract | Same as generated images |
| ai_content_log | EU AI Act Art 50(2) compliance | Art 6(1)(c) — legal obligation | 3 years |
| Widget consent logs | BIPA compliance (Illinois) | Art 6(1)(c) — legal obligation | 5 years |
| Email (marketing) | Platform updates, feature announcements | Art 6(1)(a) — consent | Until unsubscribe |
Special Categories of Data (GDPR Art 9)
Storefront widget and biometric processing. The Aestify storefront widget may process facial geometry data when a shopper uploads a photo for virtual try-on. This constitutes biometric data under GDPR Art 9(1) and biometric information under the Illinois Biometric Information Privacy Act (BIPA).
Zero-storage architecture. Shopper photos are processed in memory only and are never written to disk, database, or cloud storage. No biometric template, facial geometry record, or biometric identifier is retained after the processing response is returned to the shopper’s device. Retention time is zero.
Legal basis. GDPR Art 9(2)(a) — explicit consent. The widget collects explicit consent from the shopper before any photo is processed. Consent is logged per session.
BIPA compliance note. For shoppers in Illinois, USA, the zero-storage architecture means no biometric identifier or biometric information is collected, captured, purchased, received through trade, or otherwise obtained within the meaning of 740 ILCS 14/15(b). No BIPA-regulated retention or destruction schedule applies.
Platform merchants. Merchants upload product images, not photos of people. These do not constitute biometric data. Characters in AI-generated images are synthetic and do not represent real individuals.
AI-Generated Content
EU AI Act — Provider status. Aestify is a Provider of AI-generated imagery within the meaning of EU AI Act Art 50(2). All images generated by the platform are marked as AI-generated.
C2PA / XMP content credentials. Every image produced by Aestify includes embedded C2PA (Coalition for Content Provenance and Authenticity) metadata and XMP content credentials. These credentials record that the image was AI-generated, the generation timestamp, and a reference to Aestify as the generating system. This metadata travels with the image file and is readable by any C2PA-compliant tool.
ai_content_log. Each generation event is logged in the ai_content_log table. This log records the generation timestamp, model identifier, input data hash, output file reference, and C2PA manifest ID. It does not contain the image content itself. Retained for 3 years.
Third Parties and Sub-Processors
We share data with sub-processors only to the extent required to deliver our service. A full list, including current DPA status and processing location, is available at /legal/sub-processors.
We do not sell personal data. We do not share personal data with advertisers.
International Transfers
| Processor | Service | Location | Transfer mechanism |
|---|---|---|---|
| Supabase | Database and authentication | EU (Ireland) | No transfer — EU data centre |
| Cloudflare R2 | Object storage | EU region | No transfer — EU data centre |
| Stripe | Payment processing | United States | Standard Contractual Clauses (SCCs) |
| Klaviyo | Email delivery | United States | Standard Contractual Clauses (SCCs) |
| Google Vertex AI / Gemini | AI image generation | United States | Standard Contractual Clauses (SCCs) |
| Vercel | Frontend hosting | United States | Standard Contractual Clauses (SCCs) |
| Upstash Redis | Rate limiting | United States | Standard Contractual Clauses (SCCs) |
| Sentry | Error monitoring | United States | Standard Contractual Clauses (SCCs) |
SCCs are the European Commission’s standard contractual clauses as adopted by Commission Decision 2021/914/EU.
Your Rights Under GDPR
If you are in the EEA or UK, you have the following rights:
- Access (Art 15) — request a copy of the personal data we hold about you.
- Rectification (Art 16) — ask us to correct inaccurate or incomplete data.
- Erasure (Art 17) — request deletion of your data (“right to be forgotten”).
- Portability (Art 20) — receive your data in a structured, machine-readable format.
- Restriction (Art 18) — ask us to pause processing while a dispute is resolved.
- Objection (Art 21) — object to processing based on legitimate interest.
- Opt-out of automated decisions (Art 22) — request human review of any automated decision that significantly affects you.
To exercise any of these rights, email support@aestify.io. We will respond within 30 days and may ask you to verify your identity before processing the request.
Retention Periods
| Data type | Retention period |
|---|---|
| Account data | Until account deletion + 30 days |
| Generated images | While account is active + 12 months after closure |
| Uploaded product images | Same as generated images |
| Widget consent logs | 5 years (BIPA compliance) |
| Financial records | 7 years (legal obligation) |
| ai_content_log | 3 years (EU AI Act compliance) |
| Usage / error logs | 12 months rolling |
After expiry, data is deleted or irreversibly anonymised within 30 days of the end of the retention period.
Security
- Row-level security (RLS) — all database tables enforce per-user access at the database layer via Supabase RLS policies.
- Encryption at rest — data in Supabase and Cloudflare R2 is encrypted at rest using AES-256.
- Encryption in transit — all connections to our platform use TLS 1.2 or higher.
- Admin access controls — admin access requires authentication and is limited to personnel who need it. Admin actions are logged.
- Error monitoring — Sentry captures application errors without recording full request payloads or personal data in error traces.
No system is perfectly secure. If we discover a breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Art 33.
Children
Aestify is not directed at or intended for anyone under 16 years of age. We do not knowingly collect personal data from children. If we discover that a user is under 16, we will delete their account and all associated data immediately. If you believe a child has registered, contact support@aestify.io.
Complaints
You have the right to lodge a complaint with the data protection supervisory authority in your country of residence. We ask that you contact us at support@aestify.io first — most issues can be resolved directly.
- Netherlands — Autoriteit Persoonsgegevens (AP): autoriteitpersoonsgegevens.nl
- United Kingdom — Information Commissioner’s Office (ICO): ico.org.uk
- Germany — Bundesbeauftragter für den Datenschutz (BfDI): bfdi.bund.de
- France — Commission nationale de l’informatique (CNIL): cnil.fr
- Other EU countries — your national DPA: edpb.europa.eu/about-edpb/board/members
Changes to This Policy
We will give you at least 30 days’ notice by email before any material change to this policy takes effect. The updated policy will be published at aestify.io/privacy. Non-material changes (typo fixes, clarifications that do not affect your rights) may be made without notice. All versions are tracked in git.