Legal

Privacy Policy

We believe privacy is a right, not a feature. Here's exactly how we handle your data — no legalese walls.

Last updated: May 20, 2026Effective: May 20, 2026
01

Overview

    Sukat ("we," "our," or "us") is an AI-powered wardrobe and outfit suggestion app built for the Philippines. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our mobile application and website (collectively, the "Service").

    By using Sukat, you agree to the collection and use of information in accordance with this policy and with the Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA) of the Philippines.

02

Information We Collect

    We collect the following types of information:

    Account Information

    When you register, we collect your name, email address, and password (stored as a secure hash). You may also provide optional profile details such as body measurements and style preferences.

    Wardrobe & Photo Data

    Photos of clothing items you upload to build your digital wardrobe. These images are stored securely via Cloudinary. We also store metadata such as item category, colour, and any product links you associate with items.

    Body Scan Data

    If you use the Body Scan feature, we collect two full-body photos (front and side view) along with optional height and weight. These photos are processed server-side using MediaPipe Pose to verify photo completeness, then stored in a private encrypted AWS S3 bucket in the Singapore (ap-southeast-1) region. Body scan photos are never publicly accessible — they are only viewable via time-limited signed URLs generated for your authenticated session. From these photos and your height/weight, we compute clothing measurements (chest, waist, hips, inseam, shoulder width) used for fit recommendations and virtual try-on.

    Usage Data

    How you interact with the app — screens visited, outfit feedback (thumbs up/down), features used, and session duration. This helps us improve our recommendations.

    Device & Technical Data

    Device type, operating system version, app version, IP address, and crash logs. This data is used for diagnostics and service reliability.

    Location Data (Optional)

    With your permission, approximate location data to provide weather-appropriate outfit suggestions via the Open-Meteo weather API. We do not store precise GPS coordinates.

03

How We Use Your Information

    We use your information to:

  • Generate personalised daily outfit recommendations using AI
  • Analyse your colour season using Claude Vision (Anthropic API)
  • Power virtual try-on features via Google Vertex AI (Gemini image generation)
  • Improve and personalise the app experience over time
  • Send service-related notifications (not marketing, unless you opt in)
  • Diagnose bugs and maintain app stability
  • Comply with applicable laws and regulations

    • We do not sell your personal information to third parties. We do not use your data for advertising profiling.

04

Virtual Try-On & Your Photos

    When you use the Virtual Try-On feature, your garment photo and body scan reference image are sent to Google Vertex AI (Gemini) for processing. Here is exactly what happens to your images:

    What Google receives

    The input images (your garment photo and body reference photo) are transmitted to Google Cloud's Vertex AI servers for AI image generation. Your body scan photo is sent as a time-limited signed URL that expires after one hour.

    How long Google stores them

    Google Cloud processes images in memory during generation. According to Google's Vertex AI data governance policies, customer data submitted via API is not retained after processing is complete, unless you have opted into data logging. We do not opt into data logging.

    Does Google train on your images?

    No. Google's Vertex AI terms state that customer data submitted via API is not used to train or improve Google's models.

    Output images

    Try-on result images are stored on Cloudinary's secure CDN and are only accessible to you via your authenticated session in the app. Results are deleted when you remove them or delete your account.

    Your choice

    Virtual Try-On is an optional feature. If you prefer not to have your photos processed by Google Vertex AI, simply do not use the Try-On feature. All other Sukat features remain fully available.

05

Third-Party Services

    Sukat uses trusted third-party services to operate. Each has its own privacy policy:

  • Amazon Web Services (AWS S3)Private encrypted storage for body scan photos in the Singapore (ap-southeast-1) region (aws.amazon.com/privacy)
  • CloudinaryImage storage and delivery for wardrobe photos and try-on outputs (cloudinary.com/privacy)
  • Google Cloud (Vertex AI / Gemini)AI image generation for virtual try-on; images are processed but not used for model training (cloud.google.com/terms/cloud-privacy-notice)
  • Anthropic (Claude API)AI colour season analysis; images are processed but not used for model training (anthropic.com/privacy)
  • Open-MeteoWeather data only, no personal data transmitted (open-meteo.com)
  • RenderBackend hosting and PostgreSQL database (render.com/privacy)

    • We share only the minimum data necessary for each service to function.

06

Data Storage & Security

    Your data is stored on servers located outside the Philippines. By using Sukat, you consent to this transfer and processing in accordance with this policy and the Data Privacy Act of 2012:

  • **Body scan photos** are stored in a private, encrypted AWS S3 bucket in the Singapore (ap-southeast-1) region — the closest AWS region to the Philippines. Photos are encrypted at rest (AES-256) and are never publicly accessible. They can only be viewed via time-limited signed URLs generated during your authenticated session.
  • **Wardrobe photos** are stored on Cloudinary's secure CDN and are not publicly accessible without a unique URL.
  • **Account and measurement data** are stored in a PostgreSQL database hosted on Render.

    • We implement industry-standard security measures including encrypted connections (HTTPS/TLS), hashed passwords, server-side encryption, and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

07

Data Retention

    We retain your personal data for as long as your account is active or as needed to provide the Service. Here are our specific retention commitments:

    While your account is active

  • Account data (name, email, preferences): retained until you delete your account
  • Body scan photos and measurements: retained until you delete the scan or your account
  • Wardrobe photos and metadata: retained until you remove the item or delete your account
  • Try-on results: retained until you delete the result or your account

    • After account deletion

  • All personal data (account info, photos, measurements, try-on results) is permanently deleted within 30 days
  • Body scan photos are deleted from AWS S3 immediately upon account deletion
  • Wardrobe photos are deleted from Cloudinary within 30 days of account deletion
  • Database records (measurements, outfits, preferences) are deleted immediately via cascade deletion

    • Exceptions

  • Anonymised, aggregated usage statistics may be retained indefinitely for product improvement purposes
  • Data may be retained beyond 30 days only where required by Philippine law or regulation
08

Your Rights Under the Data Privacy Act

    Under Republic Act No. 10173 (Data Privacy Act of 2012), you have the right to:

  • AccessRequest a copy of the personal data we hold about you
  • RectificationCorrect inaccurate or incomplete personal data
  • ErasureRequest deletion of your personal data ("right to be forgotten"). You can also delete your account directly from the app's Profile screen
  • Data PortabilityReceive your data in a structured, machine-readable format
  • ObjectObject to processing of your personal data for certain purposes
  • Withdraw ConsentWithdraw consent at any time where processing is based on consent
  • File a ComplaintIf you believe your data privacy rights have been violated, you may file a complaint with the National Privacy Commission (NPC) at privacy.gov.ph

    • Data Controller

    Sukat App is the personal information controller responsible for your data. For all data privacy inquiries, contact us at support@sukat.app. We will respond within 15 business days.

09

Children's Privacy

    Sukat is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

    If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@sukat.app.

10

Changes to This Policy

    We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page and notify you via the app or email for material changes.

    Your continued use of Sukat after changes are posted constitutes your acceptance of the updated policy.

11

Contact Us

    If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

    Data Controller: Sukat App

    Email: support@sukat.app

    Subject line: Privacy Inquiry — [Your Name]

    We are committed to resolving any concerns promptly and in good faith. If you are unsatisfied with our response, you may escalate your concern to the National Privacy Commission (NPC) at complaints@privacy.gov.ph or through their website at privacy.gov.ph.

🇵🇭

Philippines Data Privacy Act Compliant

Sukat processes personal data in accordance with Republic Act No. 10173 (Data Privacy Act of 2012) and its Implementing Rules and Regulations.