Privacy Policy

TryOnNow (App Store: *TryOnNow AI*)

Operated by: TryItNow — TRYITNOW YAZILIM VE TEKNOLOJİ HİZMETLERİ ANONİM ŞİRKETİ

Last Updated: July 14, 2026

This Privacy Policy explains which personal data we collect, store, use, and share ("process") when you engage with our services ("Services") in relation to the TryOnNow mobile application and/or its website (the "Application"). This includes instances when you:

This Privacy Policy further describes how and why we may collect your personal data; how we intend to use, store, protect, and share your personal data; and what your rights are and how to exercise them.


Summary of Key Points

This summary outlines the key highlights of our Privacy Policy. For more detailed information on any specific topic, please refer to the Table of Contents below to navigate to the relevant section.

What personal data do we process? When you use our Services, we may process personal information based on your interactions with us, the choices you make, and the products or features that you access. Because the Application does not require you to create an account, sign in with an email address, or provide a name, the data we process is primarily limited to:

Do we process sensitive personal data? We do not intentionally collect or process special categories of personal data (sensitive data). We do not use your photos for facial recognition, biometric identification, or identity verification. Please do not submit content that contains sensitive personal information (see Section 2).

How do we process your information? We mainly process your personal data to deliver, operate, maintain, and improve our Services; to generate the AI outputs you request; to safeguard security and prevent fraud and abuse; to process subscriptions; and to comply with legal obligations. Where required, we may also process data with your consent.

When do we share personal information? We may share your personal data with third-party service providers strictly as necessary to deliver our Services (for example, cloud storage and AI processing providers), to process subscriptions, to comply with legal obligations, or to protect our rights, and always subject to appropriate safeguards.

How do we keep your personal data secure? We implement administrative and technical measures designed to protect your personal data against unauthorized access, disclosure, alteration, or destruction.

What are your rights? Depending on your region, you may have rights to access, correct, delete, restrict, or object to the processing of your personal data, to data portability, and to withdraw consent. See Sections 9, 11, 12, and 13.

How can you exercise your rights? You can exercise your rights via Settings → Delete Data in the Application (when available) or by contacting us at support@tryitnow.ai.


Table of Contents

  1. The Data Controller and the Objective
  2. Collection of Personal Data and Method
  3. Purposes of Processing Personal Data and Legal Bases
  4. Third-Party Websites/Applications, Cookies, and Notifications
  5. Data Storage and Retention
  6. Technical and Administrative Measures
  7. Age Limitation
  8. Transferring Personal Data to Third Parties
  9. Your Rights as the Data Subject
  10. Contact Information
  11. For Individuals in the European Economic Area, the United Kingdom, and Switzerland
  12. For California Residents
  13. For Individuals in Türkiye
  14. Changes to This Privacy Policy

1. The Data Controller and the Objective

Your personal data, which you provide/will provide to us (see Section 10 for contact information) and/or which we obtain by any lawful means, may be processed by us as the "Data Controller."

Operator / Data Controller: TryItNow — TRYITNOW YAZILIM VE TEKNOLOJİ HİZMETLERİ ANONİM ŞİRKETİ, an Anonim Şirket (A.Ş.) incorporated in Türkiye, located at Maslak Mah. AOS 55. Sk. 42 Maslak B Blok No: 4 İç Kapı No: 542, Sarıyer / İstanbul, Türkiye ("Company," "we," "us," or "our").

We aim to process the personal data of users in accordance with general privacy principles and the provisions of applicable data protection legislation, including — where applicable — the European Union's General Data Protection Regulation ("GDPR") (EU Regulation 2016/679), the UK Data Protection Act, the California Consumer Privacy Act as amended ("CCPA/CPRA"), and the Turkish Law on Personal Data Protection No. 6698 ("PDP Law" / "KVKK").

We are committed to complying with this Privacy Policy in accordance with all applicable laws in each region in which we operate. To ensure compliance with regional legal requirements, we provide additional privacy notices for specific jurisdictions. For individuals in the European Economic Area, the United Kingdom, and Switzerland, please see Section 11. For California residents, please see Section 12. For individuals in Türkiye, please see Section 13.

In accordance with this Privacy Policy, personal data is processed by us as a data controller in line with the following basic principles: (i) lawfulness, fairness, and good faith; (ii) accuracy and, where necessary, being kept up to date; (iii) processing for specified, explicit, and legitimate purposes; (iv) being limited to and minimized for the purpose of processing; and (v) being retained only for the period stipulated by applicable legislation or required for the purpose of processing.

Capitalized terms used in this Privacy Policy shall have the meanings specified in our Terms of Service unless defined separately here.


2. Collection of Personal Data and Method

We may process the following categories of data for the purposes specified in this Privacy Policy. Please note that the Application is designed to work without requiring you to create an account or to provide your name, email address, phone number, or a password. Authentication is performed on an anonymous basis.

Identity and Contact Information

We do not require your name, email address, or phone number to use the Application. However, if you contact us — for example, via email — we may process your name, email address, any other contact information you provide, and the content of your communication in order to respond to and handle your request.

Technical Information

When you use or engage with our Services, we may collect the following information:

Identifiers

Because we do not use traditional accounts, we rely on the following identifiers to operate the Services:

We do not collect advertising identifiers (such as the IDFA), and the Application does not track you across other companies' apps or websites.

User Content

We process the content that you voluntarily provide when using our Services, which is the core of how the Application works. This may include:

Access to your device's tools: To provide certain features, we may request your permission to save generated images to your device's photo library (add-only access). Photo selection is handled through the operating system's native photo picker, which does not grant us access to your full photo library. The Application does not use your device camera and does not request microphone, contacts, or precise-location access. You can manage or revoke permissions at any time in your device settings; however, some features may not function if you decline.

Note regarding sensitive information: Please do not submit content that contains sensitive personal information, such as financial account numbers, government identifiers, health information, or images of other individuals without their consent, or any information relating to children. Although we prohibit this, we recognize that users might inadvertently include such information in the content they submit. If we become aware that we have inadvertently received or processed sensitive personal data, we will take commercially reasonable steps to delete it, except where retention is required by applicable law.

Face Data

As part of the core functionality of the Application, users may upload photos or images that contain faces, and the Application analyzes such content to generate the outputs you request (for example, a virtual try-on, hairstyle, makeup, or an enhanced portrait).

Customer Transaction Data

If you purchase a subscription, we may collect and process subscription and transaction status information — such as the subscription product, subscription/entitlement status, billing period, renewal status, store (e.g., Apple App Store), and environment. This information is used to enable your subscription, manage fair-usage allowances, and handle billing-related events.

Purchases are processed by the Apple App Store and managed through our subscription-management provider (RevenueCat). We do not collect or store your payment method details (such as your credit or debit card number), as we do not directly process your payments.

Source of Information

We may collect the above data directly from you (for example, the content you upload and the text you enter), automatically through your use of the Application and your device, and from third parties that are necessary to operate the Services — such as the Apple App Store, our authentication provider, and our subscription-management provider — for the purposes of operating the Application, complying with legal obligations, and improving and securing the Services.


3. Purposes of Processing Personal Data and Legal Bases

We may process your personal data via automatic and/or non-automatic means for the purposes described below, in accordance with applicable legislation. For individuals in the EEA, the UK, and Switzerland, the corresponding legal bases are described in Section 11; for individuals in Türkiye, see Section 13.

We may process personal data for the following purposes:

Marketing (only where applicable): If you give us consent where required, we may process limited information to send you information about our products, services, and offers, or to conduct marketing analysis. You may withdraw such consent at any time.

Model training: We do not use your photos, images, or other User Content to train our own AI models. Content you submit is processed only to generate the output you request and to operate the Services. If we ever wish to use content for model improvement in the future, we will update this Privacy Policy and, where required, obtain your explicit consent.


4. Third-Party Websites/Applications, Cookies, and Notifications

Third-party links. The Application or website may contain links to other websites or applications that we do not control. We are not responsible for the privacy practices or content of such third parties. We encourage you to review their privacy policies.

Cookies and similar technologies. The mobile Application does not rely on advertising cookies. If we operate a website, we may use cookies or similar technologies that are necessary for operating the site, for security, and for first-party analytics. Where required by law, we will request your consent. You can control cookies through your browser settings, although disabling them may reduce functionality.

Analytics. We aim to keep tracking to a minimum. The Application does not integrate third-party advertising or cross-app tracking SDKs, and our privacy configuration declares that we do not track you across other companies' apps and websites. We may use limited first-party product-interaction data (for example, which features are used and feedback you provide) to understand usage and improve the Services, and our service providers (such as our authentication, app-integrity, and subscription providers) may process technical identifiers as described in this Policy.

Push notifications. We may occasionally send you push notifications regarding the Application or our Services. Where push notifications are offered, you can enable or disable them through your device settings.


5. Data Storage and Retention

Your photos and images are stored in private cloud storage and are accessed through time-limited, signed URLs; they are not made publicly available on the internet by default. Your generations and related records are stored to enable the Services to function (for example, to process your request, apply follow-up fine-tuning, handle retries, provide support, and enforce fair-usage allowances).

We may retain your data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide and secure the Services and to comply with our legal obligations. We may retain certain records (such as job and processing logs) for debugging, abuse-prevention, and reliability purposes. Retention periods may vary depending on the type of data and the purpose of processing.

We are continually improving our data-management practices, and we may introduce automated deletion or retention limits for uploaded photos and generated outputs in the future. If we do, we will describe them in this Privacy Policy.

Deletion requests ("Delete Data"). You may request deletion of your data at any time:

After we receive and verify a deletion request, we will delete your personal data within 30 (thirty) days, except where we are required to retain certain records by law, for the establishment, exercise, or defense of legal claims, for security/abuse prevention, or where deletion is not yet technically feasible for backups until they cycle out. Deletion includes the anonymous user record associated with your device, related generation history, and stored photos/outputs under our control, subject to the exceptions above. Your App Store subscription (if any) is managed separately through your Apple account and is not cancelled merely by deleting app data.

Where you have given consent for additional storage, such data will be deleted, destroyed, or anonymized once the consent is withdrawn or the additional period expires, unless we are otherwise permitted or required to retain it.


6. Technical and Administrative Measures

We undertake to take appropriate technical and administrative measures and to exercise due care to ensure the confidentiality, integrity, and security of personal data. In this context, we take measures designed to prevent the unlawful processing of personal data, unauthorized access to data, and the unlawful disclosure, alteration, or destruction of data.

Depending on the nature of the data and the risk involved, these measures may include:

In the event of a personal data breach that is likely to result in a risk to your rights, we will notify the affected users and/or the relevant supervisory authority where required by applicable law, and take the necessary remedial measures.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.


7. Age Limitation

We do not permit the use of the Application by children under the age of 16.

We do not knowingly collect or process personal data from anyone under the age of 16. If you believe that someone under the age of 16 has provided us with personal information, please contact us at support@tryitnow.ai, and we will take appropriate steps to delete such information.

Users under the age of 18 must have the permission of their parent or legal guardian to use the Services.


8. Transferring Personal Data to Third Parties

We may share and transfer personal data to third parties only as necessary to provide the Services, comply with legal obligations, or protect our rights, and always subject to appropriate safeguards. Because we use cloud infrastructure and service providers that may be located in various countries, your personal data may be processed in countries other than your own.

Where we transfer personal data internationally, we implement appropriate safeguards required by applicable law, such as Standard Contractual Clauses and, where relevant, reliance on adequacy decisions. For region-specific details, see Sections 11–13.

Categories of recipients (service providers / sub-processors)

We may share personal data with the following categories of service providers, strictly for the purposes described in this Policy:

Engagement with third-party AI service providers

The Application's core features rely on third-party AI service providers ("Third-Party AI Service Providers") to process your content and generate AI-generated outputs. When you voluntarily provide User Content (an "Input") to use an AI-powered feature, that content is transferred to the relevant Third-Party AI Service Provider(s) for the sole purpose of processing your request and generating the requested output.

Transfer occurs only as a result of your voluntary use of an AI-powered feature. If you do not want your content transferred to Third-Party AI Service Providers, please refrain from submitting Input to the relevant features. If you do not provide the required Input, some AI-powered features may not function.

Third-Party AI Service Providers may change from time to time due to our business needs; if they do, we will update this Privacy Policy. The Third-Party AI Service Providers we may engage include, for example:

| Third-Party AI Service Provider | Services & Shared Data | Privacy Policy | |---|---|---| | Google LLC (Gemini / Vertex AI) | AI-generated content (image analysis and generation). Shared Data: Input (User Content) + technical request identifier. | https://policies.google.com/privacy | | fal.ai (Features and Labels, Inc.) | AI-assisted image enhancement (e.g., upscaling) and background removal. Shared Data: Input (User Content) + technical request identifier. | https://fal.ai/privacy | | Other AI providers (e.g., OpenAI) | We may, from time to time, use additional AI service providers to provide or improve AI features. Shared Data: Input (User Content) + technical request identifier. | e.g., https://openai.com/policies/privacy-policy |

The list above is provided as examples and may not be exhaustive; we may engage other reputable AI or infrastructure providers to operate and improve the Services. Each Third-Party AI Service Provider is required to handle data in compliance with applicable data protection laws, and processes the shared data solely to generate the requested output.


9. Your Rights as the Data Subject

Depending on your region, you may have some or all of the following rights regarding your personal data:

Region-specific rights and procedures are described in Sections 11 (EEA/UK/Switzerland), 12 (California), and 13 (Türkiye).

To exercise your rights — including deletion — use Settings → Delete Data in the Application (when available), or contact us at support@tryitnow.ai with a clear description of your request. Because the Application uses anonymous identifiers rather than accounts, we may ask you to provide information that allows us to identify the relevant data (for example, your internal user identifier, which is available in Settings). Verified deletion requests are completed within 30 days as described in Section 5.


10. Contact Information

If you have any questions, comments, or requests regarding this Privacy Policy, or if you would like to exercise your rights, you may contact us at:


11. For Individuals in the European Economic Area, the United Kingdom, and Switzerland

Where the GDPR, the UK Data Protection Act, or the Swiss Federal Act on Data Protection applies, please read this section together with the rest of this Privacy Policy.

Legal bases for processing

We process your personal data on the following legal bases:

Where we process any special category data within the meaning of Article 9 GDPR, we do so on the basis of your explicit consent or another applicable legal basis. We do not use images for biometric identification.

International transfers

When we transfer personal data outside the EEA, the UK, or Switzerland, we rely on appropriate safeguards, such as adequacy decisions issued by the European Commission (or the relevant UK/Swiss authorities) where available, and Standard Contractual Clauses (with supplementary measures where necessary) for transfers to countries not covered by an adequacy decision.

Your GDPR rights

You have the rights of access (Art. 15), rectification (Art. 16), erasure / "right to be forgotten" (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), rights related to automated decision-making and profiling (Art. 22), and the right to withdraw consent (Art. 7(3)).

To exercise these rights, contact us at support@tryitnow.ai. We will respond within one month, which may be extended by two further months for complex requests. You also have the right to lodge a complaint with your local data protection supervisory authority.


12. For California Residents

This section supplements the rest of this Privacy Policy and applies to California residents under the CCPA/CPRA.

Your rights

Subject to certain exceptions, California residents have the right to:

We do not sell your personal information for monetary consideration, and we do not knowingly "share" it for cross-context behavioral advertising. We do not use third-party advertising or cross-app tracking SDKs in the Application.

Categories of personal information

We may collect the following categories of personal information, as described in more detail in Sections 2 and 3: identifiers (e.g., anonymous authentication and internal user identifiers, IP address at the infrastructure level); internet or other electronic network activity information (e.g., how you interact with the Application); visual information (the photos and images you upload and the outputs generated); commercial information (subscription status); and any information you provide when you contact us.

To exercise your rights, or to use an authorized agent, contact us at support@tryitnow.ai. We will not discriminate against you for exercising your rights.


13. For Individuals in Türkiye

Where the Turkish Law on Personal Data Protection No. 6698 ("PDP Law" / "KVKK") applies, we process your personal data as the data controller in accordance with the general principles set out in Article 4 and the conditions for processing set out in Articles 5 and 6 of the PDP Law — in particular, where processing is necessary for the establishment or performance of a contract, for compliance with our legal obligations, for the establishment, exercise, or protection of a right, or for our legitimate interests, provided that your fundamental rights and freedoms are protected — and otherwise on the basis of your explicit consent.

Transfers abroad

Because we use servers and cloud systems that may be located abroad, your personal data may be transferred abroad in accordance with Articles 8 and 9 of the PDP Law, based on the applicable conditions (including, where relevant, standard contractual clauses issued by the Turkish Data Protection Authority or your explicit consent).

Your rights under Article 11 of the PDP Law

Pursuant to Article 11 of the PDP Law, you may request to: learn whether your personal data is processed; request information if it has been processed; learn the purpose of processing and whether it is used accordingly; know the third parties to whom it has been transferred (domestically or abroad); request correction of incomplete or inaccurate data; request deletion, destruction, or anonymization; request that corrections/deletions be notified to third parties; object to results arising from automated analysis; and request compensation for damages due to unlawful processing.

You may submit your requests to support@tryitnow.ai. We will finalize your request free of charge within 30 (thirty) days at the latest, depending on the nature of the request. If a request is rejected, we will notify you of the reasons.


14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors (for example, incorporation of a legal entity, new features, or changes to service providers). When we make changes, we will update the "Last Updated" date at the top of this Policy.

If we make material changes (changes that significantly affect your rights or the way we handle your data), we will provide prominent notice before the changes take effect — for example, through the Application interface or by other reasonable means.

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after the effective date of any revised Privacy Policy constitutes your acknowledgment of the updated Policy, unless applicable law requires a different form of acceptance (such as explicit consent for certain types of changes).