Privacy Policy

Last updated: March 29, 2026

This Privacy Policy describes how Garma ("we," "us," or "our") collects, uses, stores, and protects your information when you use our platform and services (the "Service"). We are committed to safeguarding your privacy and handling your data responsibly.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, password (stored in hashed form), company name, and billing information. This information is necessary to provide the Service and process payments.

1.2 Content You Upload

We collect and store the garment photographs and other images you upload to the Service, as well as any text inputs such as collection names, client information, season data, and custom prompt text. This content is processed to deliver the AI image generation service.

1.3 Generated Content

We store the AI-generated images produced through your use of the Service, along with associated metadata such as the style template used, generation timestamps, and approval status.

1.4 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, generation history, credit consumption, session duration, device information, browser type, and IP address.

1.5 Payment Information

Payment processing is handled by our third-party providers. We do not store your full credit card number or payment credentials on our servers. We receive and store transaction identifiers, billing addresses, and payment status information from our payment processors.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Process your garment photographs through AI models to generate product images.
  • Manage your account, subscriptions, and credit balance.
  • Process payments and issue invoices.
  • Communicate with you about your account, service updates, and support requests.
  • Analyze usage patterns to improve the Service, fix bugs, and develop new features.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

3. AI Image Processing

When you initiate an image generation, your uploaded photographs and selected style parameters are sent to third-party AI services for processing. This transmission is necessary to produce the generated images. We send only the data required for generation and do not share your account information or other personal data with these AI providers.

AI-generated images are stored in our cloud infrastructure and associated with your account. Our AI providers may process your image data according to their own privacy policies and data processing terms. We select AI providers that commit to not using customer data for training purposes.

4. Data Sharing

We do not sell your personal information. We may share your information with the following categories of third parties:

  • Payment Processors: Third-party providers that handle payment and billing on our behalf.
  • Analytics Providers: To help us understand usage patterns and improve the Service.
  • Legal Compliance: When required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

5. Data Storage and Security

Your data is stored on secure servers operated by our cloud infrastructure providers. We implement industry-standard security measures including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Fine-grained access control policies on all stored data.
  • Authentication via secure token-based sessions with automatic expiry.
  • Regular security audits and vulnerability assessments.
  • Access controls limiting employee access to personal data on a need-to-know basis.

While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your account data and generated content for as long as your account is active. If you delete your account, we will remove your personal data and uploaded content within 30 days, except where retention is required for legal compliance, dispute resolution, or enforcement of our Terms.

Usage logs and anonymized analytics data may be retained for up to 24 months for service improvement purposes.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdrawal of Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@garma.app. We will respond to your request within 30 days.

7.1 For California Residents (CCPA)

California residents have the right to know what personal information is collected, disclosed, or sold; to request deletion of personal information; and to opt out of the sale of personal information. We do not sell personal information.

7.2 For European Economic Area Residents (GDPR)

If you are located in the EEA, our legal basis for processing your data includes: performance of a contract (providing the Service), legitimate interests (improving the Service, fraud prevention), and consent (where specifically requested). You have the right to lodge a complaint with your local data protection authority.

8. Cookies and Tracking

We use essential cookies to maintain your session and authenticate your identity. We may also use analytics cookies to understand how visitors interact with our website. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or other legally recognized transfer mechanisms.

10. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service and update the "Last updated" date. Your continued use of the Service after notification constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at privacy@garma.app.