Skip to main content
V
Vensa

Privacy Policy

Last updated: March 25, 2026

1. Introduction

Vensa (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including the Vensa Shopify application, WordPress/WooCommerce plugin, and Magento extension (collectively, “the Service”).

By installing and using Vensa, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Merchant Information

When you install Vensa or create an account, we collect:

  • Store domain and name
  • Store owner name and email address
  • Product information (titles, images, IDs) for products you enable for try-on
  • Platform-specific access credentials (Shopify access tokens, WordPress/Magento license keys)
  • Billing and subscription information (processed by Shopify or PayPal depending on your platform)

2.2 Customer Information

When customers use the virtual try-on feature on your store, we collect:

  • Photos: Customer-uploaded selfie/body photos used solely for generating try-on results
  • Analytics data: Widget interactions (opens, try-on starts, completions, add-to-cart events)
  • Session identifiers: Anonymous session IDs and browser fingerprints for rate limiting
  • Customer ID: Platform customer ID (if logged in) for per-customer usage limits

2.3 Automatically Collected Information

  • Browser type and version
  • Device type (desktop/mobile)
  • IP address (for rate limiting and abuse prevention only)
  • Timestamps of interactions

3. How We Use Your Information

We use the collected information for the following purposes:

  • Provide the Service: Generate virtual try-on images using AI
  • Analytics: Provide merchants with conversion and usage analytics
  • Billing: Track usage quotas and manage subscriptions and licenses
  • Abuse Prevention: Rate limiting and preventing fraudulent usage
  • Improvement: Improve our service quality and user experience
  • Support: Respond to merchant support requests
  • Transactional Emails: Send receipts, license keys, update notifications, and security alerts

4. Photo Data Handling

We take special care with customer photos as they may contain biometric data under certain jurisdictions:

  • Temporary storage only: Customer photos are stored on Cloudflare R2 (encrypted at rest with AES-256) and are automatically deleted within 24 hours
  • Processing: Photos are sent to Google Vertex AI solely for generating the try-on result image
  • No training: Customer photos are never used to train, fine-tune, or improve AI models
  • No sharing: Photos are never sold, shared, or disclosed to third parties beyond our processing infrastructure
  • No biometric extraction: We do not extract, store, or create biometric templates or identifiers from photos. No facial recognition is performed.
  • Deletion: Customers can request immediate deletion of their data by contacting the merchant or us directly

5. Third-Party Services

We use the following third-party services to operate Vensa:

  • Google Cloud / Vertex AI: AI image processing (subject to Google Cloud Privacy Notice)
  • Cloudflare R2: Temporary image storage (subject to Cloudflare Privacy Policy)
  • Shopify: E-commerce platform and billing for Shopify merchants (subject to Shopify Privacy Policy)
  • PayPal: Payment processing for WordPress and Magento licenses (subject to PayPal Privacy Policy)
  • Resend: Transactional email delivery (receipts, license keys, notifications)
  • Neon: Database hosting for account data, analytics, and license records

6. Data Retention

Data TypeRetention PeriodDeletion Method
Customer photos24 hoursAutomatic deletion from R2
Try-on result images24 hoursAutomatic deletion from R2
Try-on job recordsDuration of subscriptionDeleted on uninstall/cancellation + 90 days
Analytics eventsDuration of subscriptionDeleted on uninstall/cancellation + 90 days
Merchant account dataSubscription + 90 daysManual or automatic purge
License keys (WP/Magento)License duration + 90 daysAutomatic purge

7. Data Security

We implement appropriate security measures to protect your data:

  • All data transfer is encrypted using TLS/HTTPS
  • Image storage uses encrypted-at-rest storage (AES-256 on Cloudflare R2)
  • Shopify API endpoints are protected with HMAC signature verification
  • WordPress and Magento endpoints use license key verification
  • Per-customer and per-IP rate limiting prevents abuse
  • Image uploads use time-limited presigned URLs (expiring in minutes)
  • Admin dashboard uses hashed passwords with account lockout
  • No persistent long-term storage of sensitive photo data

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you
  • Rectification: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data (“right to be forgotten”)
  • Portability: Request a machine-readable copy of your data
  • Objection: Object to certain types of data processing
  • Restriction: Request restriction of data processing

To exercise any of these rights, please contact us at privacy@vensa.app. We will respond within 30 days.

9. GDPR Compliance (EU/EEA Users)

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

  • Contract: Processing necessary to provide our service to you
  • Legitimate Interest: Analytics, abuse prevention, and service improvement
  • Consent: Customer photo processing (implied consent when the customer voluntarily initiates a try-on)

For more details on our GDPR compliance, sub-processors, and data processing activities, see our Data Policy.

10. CCPA Compliance (California Users)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising your CCPA rights

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

11. Children's Privacy

Our Service is not directed to children under the age of 13. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 13, we will delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@vensa.app.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify merchants of material changes via email or through the app dashboard at least 30 days before they take effect. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: