Now On Me

Privacy Policy

Version 1.0 · Last updated 2026-07-07

⚠️ Draft for review. Engineering draft, not legal advice. Confirm the controller identity, lawful bases, sub-processor list, and DPAs with counsel/your DPO before production.

This policy explains what personal data Now On Me ("we", "us") collects, how we use it, and your rights. We are the data controller for the personal data described here.

1. What we collect

DataWhenWhy
Device identifier + revocable device tokenOn first run of the extensionTo operate the Service, meter usage, and prevent abuse
Account details (email) — when accounts launchOn sign-upAuthentication, billing, cross-device history
Usage metadata (model used, timing, success/failure, allowance)On each try-onTo provide the Service, enforce limits, debug, and bill
The URL / domain of the product page you act onOn a try-onTry-on context and (with consent) shopping links
Your selfie, the product image, and the generated resultOnly if you grant data-capture consentTo power your personal "Home" gallery and let you revisit looks
Your selfie is private by default. If you do not grant capture consent, your selfie and results are used only transiently to generate a result and are not stored on our servers. When you do consent, each unique selfie is stored once (content-addressed and de-duplicated), encrypted at rest, and retained for a limited period (target 90 days) or until you delete it.

2. How we use it

3. Sub-processors

We share data with the following processors only as needed to run the Service:

These providers may process data outside the UK/EEA; such transfers are covered by appropriate safeguards (e.g. Standard Contractual Clauses / the UK IDTA) under their data-processing terms. (Execute DPAs before production.)

4. Legal bases (UK GDPR / GDPR)

5. Retention & deletion

Metadata is retained as needed to operate and secure the Service. Captured images/results are retained for a limited period (target 90 days) or until you delete them. Deleting an item removes it and, once nothing else references the underlying image, the stored file is garbage-collected after a short grace period. Some records (e.g. billing) are retained longer where required by law.

6. Your rights

Subject to applicable law, you can access, correct, delete, export, or restrict processing of your personal data, and withdraw consent. To exercise these rights or make a data-subject request, contact privacy@nowonme.com. You also have the right to complain to your local supervisory authority (in the UK, the ICO).

7. Security

Data is encrypted in transit (TLS) and at rest. Provider API keys are held server-side only and are never shipped in the extension. Access to the test environment is restricted.

8. Children

The Service is for adults (18+). We do not knowingly collect data from children, and images of minors are prohibited (see Acceptable Use Policy).

9. Changes & contact

We may update this policy; material changes will be notified in-product or by email. Contact: privacy@nowonme.com.