Legal

Privacy Policy

Last updated: July 13, 2026

1. Overview

Baft AI ("Baft", "we", "us", or "our") provides a virtual try-on application for Shopify merchants. This Privacy Policy explains what data we collect from merchants and their customers (“Shoppers”) when the Baft app is installed on a Shopify store, how we use it, and the choices you have.

By installing Baft on your store, or by using virtual try-on on a store that has Baft installed, you agree to the practices described here. If you do not agree, please do not use the app or the try-on feature.

2. Data We Collect

From merchants: store name and domain, contact and billing information, product catalog data (images, titles, variants) needed to power try-on, and usage analytics about how the app is configured and used.

From shoppers: photos or images a shopper uploads or captures to generate a virtual try-on render, body/fit inputs the shopper voluntarily provides (such as height or size), device and browser information, and interaction data (e.g. which products were tried on).

Shopper photos are never saved to our servers. They are held only on the shopper's own device for the duration of their try-on session, used solely to render the try-on preview, and are automatically cleared once the session ends. Shopper photos are not used to build a marketing profile and are never sold.

3. How We Use Data

To generate virtual try-on renders and deliver the core functionality of the app.

To operate, maintain, secure, and improve Baft, including diagnosing errors and preventing abuse.

To communicate with merchants about their account, billing, and material changes to the app or this policy.

To produce aggregated, de-identified analytics (e.g. conversion or return-rate impact) shared with merchants about their own store — this aggregated data cannot be used to identify an individual shopper.

4. Image & Try-On Data Retention

We do not save, store, or retain shopper photos on our servers at any point. An uploaded or captured image stays on the shopper's device, is used only to generate the on-screen try-on preview for that visit, and is automatically cleaned up as soon as the session ends (for example, when the tab or browser is closed).

Because we never hold a copy of your photo after your session ends, there is nothing left on our side to delete — closing your session is itself the deletion.

5. Sharing & Third Parties

Shopify: Baft operates on the Shopify platform and receives store and order data through Shopify's APIs, governed also by Shopify's own privacy policy.

Service providers: rendering a try-on preview may briefly pass the image through infrastructure or machine-learning inference providers strictly to produce that preview in real time — under contracts that prohibit them from retaining or reusing shopper photos — after which no copy is kept by us or by them.

Merchants: a merchant using Baft on their store can see aggregate analytics but never receives a shopper's uploaded photos, since we don't store them in the first place.

Legal: we may disclose data if required by law, subpoena, or to protect the rights, property, or safety of Baft, our merchants, or others.

We do not sell shopper photos or personal data to third parties.

6. Cookies & Similar Technologies

Baft and Shopify use cookies and similar technologies to keep a try-on session working, remember preferences, and understand aggregate app usage. You can control cookies through your browser settings; disabling them may limit try-on functionality.

7. Your Rights & Choices

Depending on where you live (including under GDPR in the EU/UK and CCPA/CPRA in California), you may have the right to access, correct, delete, or export your personal data, and to object to or restrict certain processing.

To exercise these rights over any other data we do hold about you, contact us using the details in Section 10. We will respond within the timeframe required by applicable law. Note that try-on photos specifically are never stored by us (see Section 4), so no deletion request is needed for those.

8. Children’s Privacy

Baft is not directed to children under 16, and we do not knowingly collect personal data, including photos, from children under 16. If you believe a child has provided us data, contact us and we will delete it.

9. International Data Transfers & Security

Data may be processed in countries other than your own. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

We use industry-standard technical and organizational measures — including encryption in transit and access controls — to protect data. No system is perfectly secure, and we cannot guarantee absolute security.

10. Contact Us

Questions about this policy, or requests to access or delete your data, can be sent to baft.support@gmail.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated "Last updated" date below, and where required, we will provide additional notice.