Color Me Stylist

Legal

Privacy Policy

Last updated: May 31, 2026

Draft. This document describes our practices in plain language. It is pending review by qualified counsel before public launch. Material changes will be announced via email and posted here with a revised date.

Who we are

Color Me Stylist (“CMS”, “we”, “us”) is a two-sided personal-styling platform. Clients hire personal stylists for image work; stylists use CMS as their CRM and delivery system. This policy explains what we collect, why, how long we keep it, and the choices you have.

If you have questions, email privacy@colormestylist.com.

What we collect

Account data

  • Email address and password (the password is hashed by our identity provider; we never see it in plain text).
  • Display name and role (client, stylist, agency lead, admin).
  • Login timestamps and session tokens managed by our identity provider.

Profile and styling data (clients)

  • Intake answers you provide during onboarding — preferences, goals, lifestyle context, color and style references.
  • Closet items you upload — photos, descriptions, categories, condition, your own notes.
  • Outfits, recommendations, and journey progress generated with your stylist.
  • Session notes and history of changes to your styling profile (your stylist’s working notes about you).

Sensitive subset (handled with extra care)

  • Internal-voice intake answers — if you choose to share the inner-critic statements you hear while dressing, that free-text is encrypted at rest with AES-256-GCM. Your stylist sees themes, not your verbatim words, by default.
  • Cultural context fields are opt-in. We never infer your cultural identity from photos.
  • Pattern tags (an internal stylist note about wardrobe patterns) and clinical referral flags (a stylist-side prompt that suggests a soft conversation about outside resources) are visible only to your stylist and our admin team. They are never shown to you in your dashboard.

Stylist data (stylists, agency leads)

  • Business profile, service tier, subscription status.
  • Working notes and diagnoses you produce for your clients.
  • Team membership (for Agency-tier accounts).

Technical data

  • Standard request logs (IP address, user agent, referrer, URL path) retained for short-term operational purposes by our hosting provider.
  • Strictly necessary cookies for authentication. We do not use advertising or third-party tracking cookies.

What we don't collect

  • We do not collect biometric data.
  • We do not infer your body shape or measurements from photos.
  • We do not use your data to train external AI models.
  • We do not run advertising and we do not sell your data to advertisers.
  • We do not access your closet photos, intake answers, or messages for any purpose other than delivering the service to you.

How we use your data

  • To provide the styling service — match you with a stylist, store your closet, generate outfits and recommendations, track your journey.
  • To send transactional emails — sign-up confirmation, password resets, billing receipts, in-app activity notifications. We do not send marketing email from this list.
  • To process payments (clients pay stylists directly; stylists pay CMS via subscription).
  • To prevent abuse, debug errors, and improve reliability.
  • To comply with legal obligations (e.g., tax records, lawful requests).

Who sees your data

Your assigned stylist

Your stylist has access to your intake answers, closet, outfits, recommendations, journey, and the working notes they produce for you. Other stylists on the platform do not. Agency leads see the clients of the stylists on their team.

Our admin team

A small operations team has access to everything for support, billing, abuse response, and incident handling. This access is logged.

Service providers (data processors)

We use the following processors and only share what each needs to operate:

  • Supabase — database, authentication, file storage. Data is stored on Supabase’s infrastructure with their security controls.
  • Vercel — application hosting and serverless functions. Receives requests in transit.
  • Stripe — payment processing. Receives the information Stripe needs to charge you (card data goes directly to Stripe; we never see it).
  • Resend — transactional email delivery. Receives the email address and the message body for each transactional message.

When we are legally required

We may disclose data in response to a valid legal request (court order, subpoena). We will notify the account holder unless prohibited by law.

How long we keep your data

We retain your account and styling data while your account is active. Styling is a long-arc service, so we keep your history warm for re-engagement (seasonal refreshes, future stylist handoffs).

When you delete your account, we hard-delete your styling data from the live database. Backups roll out within seven days. Some data is retained for legal reasons (Stripe keeps transaction history per their retention policy; email delivery logs persist with our email provider for a short window).

Your rights

Access

You can see your styling data inside the app. For a copy in a portable format, email privacy@colormestylist.com.

Correction

Edit your intake answers, closet, and account details inside the app. For anything you cannot edit yourself, email the same address.

Deletion

Clients can self-serve account deletion at /account. Stylist and agency-lead deletion goes through support@colormestylist.com because client rosters depend on the account.

Withdrawal of consent

You can withdraw consent for the styling service at any time by deleting your account or asking us to do so on your behalf.

Security

We use HTTPS everywhere, row-level security on every database table, encrypted storage for the most sensitive fields, and principle-of-least-privilege access for staff. For more detail, see our public security overview. If you discover a vulnerability, email security@colormestylist.com.

Where data lives

Our database and storage are hosted in the United States. By using CMS, you understand that your data may be processed in the US regardless of where you live. We work with processors who maintain standard contractual protections for cross-border data transfers where applicable.

Children

CMS is for adults. We do not knowingly collect data from people under 18. If you believe a minor has created an account, email privacy@colormestylist.com and we will remove it.

Changes

We will post material changes to this policy here and email account holders before they take effect. Continued use of CMS after a change means you accept the updated policy.

Contact

Privacy questions: privacy@colormestylist.com

Security reports: security@colormestylist.com

General support: support@colormestylist.com