Privacy Policy

Last Updated · April 2026

Vestra respects your privacy. This policy explains what we collect, why we collect it, how we use it, and the rights you have over your data. It applies to both our website at getvestra.app and our mobile application.

If any part of this policy is unclear, email us at hello@getvestra.app.

Who we are

Vestra is operated by the Vestra team, based in the United Kingdom. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller for the information we collect about you.

Contact: hello@getvestra.app

Part One. The website, getvestra.app

What we collect

When you visit the website or join the waitlist, we collect:

  • Email address, submitted voluntarily when you join the waitlist.
  • First name, if you provide it.
  • Standard technical information including IP address, browser type, device type, referring page, and pages visited. This is collected automatically to help us understand how the site is used.
  • Cookies, including a small number of analytics cookies that help us measure traffic.

Why we collect it

  • To send you updates about Vestra's launch, including early access details and pricing.
  • To operate and improve the website.
  • To comply with legal obligations.

How long we keep it

We retain waitlist email addresses until you unsubscribe or request deletion. Technical logs are retained for up to twelve months.

Third-party services used on the website

  • MailerLite, which processes and stores waitlist email addresses on our behalf. MailerLite is GDPR-compliant and based in the European Economic Area. See mailerlite.com/legal/privacy-policy.
  • Cloudflare, which provides DNS and basic site infrastructure.
  • Vercel, which hosts the website.

Part Two. The Vestra mobile application

When you create an account and use the Vestra app, we collect more data because the app is personalised. All data we collect is used to make the styling experience work for you. We do not sell your data to anyone.

What we collect

  • Account information, including your name, email address, and authentication tokens, provided through Clerk.
  • Photos you upload, including photos of clothing items for your wardrobe and the reference photo used to generate your avatar. These are stored in our secure Supabase storage.
  • Generated content, including the virtual figure we create for you and the virtual try-on images the app produces.
  • Style profile information, including your stated aesthetic preferences, occasion preferences, body type if provided, shopping budget tier, and favourite brands.
  • Approximate location, if you grant location permission. We use this only to fetch weather data for styling suggestions. We do not store precise GPS coordinates.
  • Usage data, including which features you use, how often you open the app, and aggregate interaction patterns.
  • Device information, including device type, operating system, and app version.
  • Subscription information, including your subscription status, processed through Apple's App Store and RevenueCat.

Why we collect it

  • To provide the core functionality of the Vestra styling service.
  • To generate your personalised avatar and render virtual try-on results.
  • To remember your wardrobe and preferences across sessions.
  • To manage your subscription and process payments.
  • To improve the app and fix problems.
  • To send service-related communications, such as account updates.

How long we keep it

Account data is retained while your account is active. If you delete your account through the app's Delete Account feature, your data is removed from our systems within thirty days, except where we are required to retain it for legal or accounting purposes.

Photos and generated images are deleted when you delete the associated items or your account.

Third-party services used by the app

The Vestra app relies on the following services to function. By using Vestra, you accept that your data is processed by these providers under their respective privacy policies.

  • Clerk — user authentication. clerk.com/privacy
  • Supabase — database and file storage. supabase.com/privacy
  • Fal.ai — AI image processing for avatars, virtual try-on, and stylist generation. Images processed by Fal are used only to return results to you and are not retained for training. fal.ai/privacy
  • RevenueCat — subscription management. revenuecat.com/privacy
  • Apple App Store — payment processing. Apple handles payments directly. Vestra never sees your card details.

Some of these providers are based in the United States. When your data is transferred outside the UK or European Economic Area, we rely on Standard Contractual Clauses or equivalent legal mechanisms approved by the UK Information Commissioner's Office.

Shoppable suggestions and affiliate links

When Vestra suggests a shoppable product, the link may be an affiliate link. If you click and purchase, we may earn a small commission. See our Affiliate Disclosure for detail.

Affiliate partners, such as Rakuten Advertising, may place cookies on your device when you click a Vestra affiliate link. These cookies track the referral for commission purposes. They do not share your personal data with us beyond a record that a referral occurred.

Your rights

Under the UK GDPR, you have the following rights:

  • Access. You can request a copy of the personal data we hold about you.
  • Correction. You can ask us to correct inaccurate data.
  • Deletion. You can request that we delete your data. You can also delete your account directly through the app.
  • Portability. You can request your data in a machine-readable format.
  • Objection. You can object to certain types of processing, including direct marketing.
  • Withdraw consent. You can withdraw consent for any processing based on consent, at any time.

To exercise any of these rights, email hello@getvestra.app. We will respond within thirty days.

You also have the right to complain to the Information Commissioner's Office at ico.org.uk.

Children

Vestra is not intended for users under sixteen years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us and we will delete it.

Security

We take reasonable technical and organisational measures to protect your data, including encryption in transit and at rest, access controls, and regular reviews of our security posture. No system is perfect. If you believe your account has been compromised, contact us immediately.

Changes to this policy

We may update this policy from time to time. When we do, we will update the date at the top and, where changes are significant, notify you by email.

Contact

For any privacy question, data request, or concern:

hello@getvestra.app

Vestra · United Kingdom