PRIVACY POLICY

Effective Date: March 2, 2026

This Privacy Policy ("Policy") governs the collection, use, disclosure, and retention of personal information by Cloey ("Cloey," "we," "us," or "our") in connection with your use of the Cloey mobile application and any related services (collectively, the "Services"). By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with this Policy, you must discontinue use of the Services immediately.

1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

We collect information that you voluntarily provide when you create an account, configure your profile, or otherwise interact with the Services, including but not limited to:

• Account Information: Name, email address, username, and profile image.
• Profile Information: Gender or style department, fashion preferences, aesthetic preferences, biographical details, and currency or regional settings.
• User Content: Photographs of clothing items and outfits, as well as any accompanying descriptions, notes, tags, ratings, or other metadata you submit.
• Location Data: City, region, and country information, provided either manually or through device-based geolocation services with your prior consent. Location data is used to display local weather conditions and regional currency.
• Communications: Any correspondence you direct to us, including support requests, feedback submissions, and feature suggestions.

1.2 Information Collected Automatically

When you access or use the Services, we automatically collect certain technical and usage information, including:

• Device Information: Device type, model, operating system and version, and unique device identifiers.
• Usage Data: Interaction data such as screens viewed, features accessed, actions taken, and session duration and timestamps.
• Push Notification Tokens: Where you have opted in to receive push notifications, we collect device tokens necessary to deliver such notifications.

1.3 Information Received from Third Parties

• Authentication Providers: If you elect to sign in using Apple or Google, we receive your name and email address as provided by those services.
• Payment Processors: Subscription payments are processed by Apple or Google, as applicable. We receive confirmation of subscription status and entitlement information only; we do not receive, process, or store payment card numbers or banking details.

2. USE OF INFORMATION

We use the information collected for the following purposes:

• Provision of Services: To create and maintain your account, store and organize your wardrobe content, and deliver the core functionality of the Services.
• AI-Powered Features: To process your photographs using artificial intelligence technology for the purpose of identifying clothing attributes, including category, color, pattern, and style characteristics. AI-powered processing is subject to your in-app consent preferences and may be disabled at any time.
• Personalization: To provide tailored style recommendations, outfit suggestions, and wardrobe insights based on your content and stated preferences.
• Weather Information: To display localized weather data based on your provided location, for the purpose of contextual wardrobe recommendations.
• Analytics and Improvement: To analyze usage patterns, diagnose technical issues, monitor performance, and improve the functionality and user experience of the Services.
• Communications: To respond to your inquiries, send service-related notifications, and deliver push notifications where you have opted in to receive them.
• Compliance and Protection: To comply with applicable legal obligations, enforce our terms of service, and protect the rights, property, and safety of Cloey, its users, and the public.

3. DISCLOSURE OF INFORMATION

We do not sell, rent, or trade your personal information to third parties. We may disclose your information in the following limited circumstances:

• Service Providers: We engage third-party service providers to perform functions on our behalf, including but not limited to cloud hosting and data storage, analytics, error monitoring, subscription management, and notification delivery. Such providers are granted access to personal information only to the extent necessary to perform their designated functions and are contractually obligated to maintain the confidentiality and security of such information.
• AI Processing Providers: When AI-powered features are enabled, your clothing photographs may be transmitted to third-party artificial intelligence service providers for analysis. Such providers process images solely for the purpose of returning results to the Services and are contractually prohibited from retaining, using, or disclosing your images for any other purpose.
• Legal Obligations: We may disclose your information where required to do so by applicable law, regulation, legal process, subpoena, court order, or governmental request.
• Protection of Rights: We may disclose information where we reasonably believe disclosure is necessary to enforce our agreements, protect our rights or property, prevent fraud, or ensure the safety of our users or the public.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of such transaction. We will notify you of any such change in ownership or control.

4. DATA STORAGE AND SECURITY

Your personal information and User Content are stored on secure cloud infrastructure maintained by reputable third-party hosting providers. We implement industry-standard technical and organizational measures to safeguard your information, including but not limited to:

• Encryption of data in transit (TLS/SSL) and at rest.
• Role-based access controls and authentication mechanisms.
• Regular security assessments and monitoring.

Photographs you upload are stored in access-controlled cloud storage. Access is restricted to you and to our authorized systems for the purpose of processing. Signed access URLs are time-limited and regularly rotated to minimize exposure.

Notwithstanding the foregoing, no method of electronic transmission or storage is entirely secure, and we cannot guarantee the absolute security of your information. You acknowledge and accept the inherent risks associated with providing information electronically.

5. DATA RETENTION

We retain your personal information for as long as your account remains active or as reasonably necessary to provide the Services to you. Upon account deletion, we will delete or anonymize your personal information, including photographs and associated content, within seven (7) business days, except to the extent that retention is required or permitted by applicable law for purposes including compliance with legal obligations, resolution of disputes, or enforcement of our agreements.

Aggregated or anonymized data that does not identify any individual may be retained indefinitely for analytics, research, and service improvement purposes.

6. YOUR RIGHTS AND CHOICES

6.1 General Rights

Subject to applicable law, you may have the right to:

• Access: Request confirmation of whether we process your personal data, and obtain a copy of such data.
• Rectification: Request correction of inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data and account. Account deletion may be initiated directly within the application settings.
• Restriction: Request restriction of processing under certain circumstances.
• Data Portability: Request a copy of your personal data in a structured, commonly used, and machine-readable format.
• Objection: Object to processing of your personal data based on legitimate interests.
• Withdraw Consent: Where processing is based on your consent, you may withdraw such consent at any time without affecting the lawfulness of processing based on consent prior to its withdrawal.

6.2 In-App Controls

• AI Consent: You may enable or disable AI-powered photo analysis at any time through the application settings.
• Push Notifications: You may manage push notification preferences through your device operating system settings.
• Location Permissions: You may grant or revoke location access through your device operating system settings.

6.3 European Economic Area and United Kingdom (GDPR)

Where we process personal data of individuals located in the EEA or UK, we do so on the following legal bases:

• Performance of a Contract: Processing necessary for the performance of our agreement to provide the Services to you (Article 6(1)(b) GDPR).
• Consent: Processing based on your freely given, specific, informed, and unambiguous consent, including for AI-powered photo analysis and location access (Article 6(1)(a) GDPR). Consent may be withdrawn at any time.
• Legitimate Interests: Processing necessary for our legitimate interests, including service improvement, analytics, and security, provided such interests are not overridden by your fundamental rights and freedoms (Article 6(1)(f) GDPR).

You have the right to lodge a complaint with your competent supervisory authority. A list of EU/EEA supervisory authorities is available at https://edpb.europa.eu.

6.4 California (CCPA/CPRA)

If you are a California resident, you have the right to:

• Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Request deletion of your personal information.
• Opt out of the sale or sharing of your personal information. We do not sell or share personal information as defined under the CCPA/CPRA.
• Exercise your rights free from discrimination.

To exercise your rights, please contact us at support@cloey.app. We will verify your identity before processing your request.

6.5 Brazil (LGPD)

If you are located in Brazil, you have the right to access, correct, anonymize, block, or delete your personal data. You may also request information about the public and private entities with which we share your data, and you may revoke consent at any time.

7. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to, stored in, and processed in jurisdictions other than your country of residence. Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with applicable data protection law, including the use of Standard Contractual Clauses approved by the European Commission or equivalent transfer mechanisms.

8. CHILDREN'S PRIVACY

The Services are not directed to, and we do not knowingly collect personal information from, children under the age of thirteen (13). If we become aware that we have inadvertently collected personal information from a child under 13, we will take reasonable steps to delete such information promptly. If you believe that a child under 13 has provided personal information to us, please contact us at support@cloey.app.

9. THIRD-PARTY LINKS AND SERVICES

The Services may contain links to third-party websites, applications, or services that are not operated or controlled by Cloey. This Policy does not apply to the practices of such third parties. We encourage you to review the privacy policies of any third-party services you access.

10. CHANGES TO THIS POLICY

We reserve the right to modify this Policy at any time. If we make material changes, we will provide notice through the Services or by other appropriate means prior to the effective date of such changes. The "Effective Date" at the top of this Policy indicates when it was last revised. Your continued use of the Services following the posting of any revised Policy constitutes your acceptance of the terms of the modified Policy.

11. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Cloey Email: support@cloey.app

For data protection inquiries from the EEA or UK, you may also contact us at the email address above and reference "GDPR Request" in your subject line.