Data Handling
Understand how TrialClouds collects, stores, and protects customer data. Transparency is our priority.
What Data We Collect
Automatically Collected
When Widget Is Installed:
Site domain (from your configuration)
Widget script requests (for analytics)
When Customer Opens Widget:
Anonymous Visitor ID: Random-generated identifier (not personally identifiable)
Session ID: Unique per widget interaction
Page URL: Where widget was opened
Device Information: Browser type (Chrome, Safari), OS (Windows, iOS), device type (desktop, mobile, tablet)
IP Address: Used for country/region detection only, not stored long-term
Timestamp: When interaction occurred
Referrer: Where customer came from (Google, Facebook, direct, etc.)
When Customer Uploads Photo:
Image file: Customer's photo
Image metadata: Dimensions, format (JPEG/PNG), file size
When Try-On Completes:
Result image: AI-generated try-on result
Product information: From button attributes (product ID, name, etc.)
Processing time: How long AI took
When Customer Downloads:
Download event: Timestamp and product info
Optionally Collected (If You Choose)
Merchants can optionally send customer data via button attributes or Shopify integration:
Via data- attributes:
Via Shopify "Capture Customer Data":
Customer name
Customer email
(Only for logged-in customers)
Important: This is YOUR choice as merchant. If you don't send this data, we don't collect it.
What Data We Do NOT Collect
β Passwords or payment information β Credit card numbers β Social security numbers or government IDs β Precise GPS location (only country-level from IP) β Browsing history outside your site β Contacts, messages, or other personal device data β Biometric data (beyond temporary AI processing) β Data from non-participated visitors (those who don't use widget)
How Data Is Used
Customer Photos
Purpose: Generate AI try-on results
NOT used for:
Marketing or advertising
Training AI models (without explicit consent)
Sharing with third parties
Public display
Identifying individuals
Event Tracking Data
Purpose: Provide analytics to merchants
Used for:
Dashboard analytics (widget opens, try-ons, downloads)
Product performance metrics
Visitor engagement tracking
Geographic distribution reports
Conversion funnel analysis
Shared with:
Only the merchant whose site data belongs to
Not shared with other merchants or third parties
Personal Information (if provided)
If merchant sends customer name/email:
Purpose:
Allowing merchant to identify visitors in dashboard
Enabling merchant follow-up (via merchant's own systems, not TrialClouds)
NOT used for:
TrialClouds marketing (we don't email customers directly)
Selling to third parties
Merchant responsibility: If you collect customer emails, YOU must obtain consent and honor customer rights (GDPR, CCPA, etc.).
Data Storage & Security
Where Data Is Stored
Servers: AWS (Amazon Web Services) or Cloudflare R2 private storage bucket Region: USA / EU Environment: Production-grade, enterprise security
Storage Types:
S3 / R2 Buckets: Customer and result images (private)
Database: Event data, visitor records, analytics (encrypted)
Cache: Temporary processing data (cleared after use)
Security Measures
In Transit (data moving):
β HTTPS only (TLS 1.2+)
β Encrypted connections
β No plain HTTP
At Rest (data stored):
β S3 / R2 encryption (AES-256)
β Database encryption
β Access controls (IAM roles, least privilege)
Access Controls:
β Private buckets (no public access)
β Presigned URLs (temporary, expire after 1 hour)
β Authentication required for API access
β Role-based access for employees (only those who need it)
See Security Features for technical details.
Data Retention
Images
Customer Uploaded Photos: Deleted after 30 days
Try-On Result Images: Deleted after 30 days
Exception: If customer downloads result, THEY have a copy (stored on their device, not our servers).
Event Data
Analytics Events (opens, try-ons, downloads): Stored indefinitely (for merchant analytics)
Visitor IDs & Session Data: Stored indefinitely (for merchant analytics)
Device/Browser Info: Stored indefinitely (for merchant analytics)
No images in long-term storage, only event metadata.
Personal Information (if collected)
Customer Name/Email (if merchant sent it): Stored indefinitely (for merchant use)
Deletion: Merchants can request deletion anytime (see Customer Rights below).
Customer Rights (GDPR/CCPA)
Customers have rights regarding their data:
Right to Erasure ("Right to be Forgotten")
What: Customer can request deletion of their data
Merchant Requests Deletion
Merchant emails [email protected] with:
Visitor ID or customer email
Request for deletion
Right to Object
What: Customer can opt out of data collection
How: Customer simply doesn't use the try-on feature (participation is voluntary)
Alternative: For sites with login, merchants can exclude certain customers by not displaying try-on button for them.
Cookies & LocalStorage
No Cookies Used
TrialClouds does NOT use cookies for tracking.
Why: Privacy-friendly approach, aligns with GDPR/CCPA best practices.
LocalStorage Used
We store small data in browser localStorage:
Visitor ID: Anonymous identifier for visitor (generated in browser)
Session ID: Current widget session identifier
Purpose: Track user journey across page reloads, avoid duplicate visitor IDs
Clear-able: User can clear browser data to remove (Settings β Clear browsing data β Cookies and site data)
Third-Party Access
Who Has Access to Data
Merchant (you): Full access to YOUR site's data via dashboard
TrialClouds Employees: Limited access (engineering, support) only when necessary for operations/troubleshooting
AI Processing: AWS & Cloudflare services (under data processing agreement)
Nobody Else: No third-party marketing, analytics, or ad platforms
Subprocessors
We use these services to operate TrialClouds:
AWS (Amazon Web Services): Hosting, storage, compute
Cloudflare (Amazon Web Services): storage
Razorpay: Payment processing (only for merchant billing, not customer payments)
Data Processing Agreements in place ensuring GDPR compliance.
Data Breaches
Our Commitment:
In the unlikely event of a data breach:
Merchant Responsibility
Children's Privacy
TrialClouds is not directed at children under 13 (or 16 in EU).
Merchant Responsibility:
If your site targets children, do NOT collect personal information via try-on
Use anonymous mode only (no data-user-name, no data-user-email)
Comply with COPPA (USA) and local child privacy laws
International Data Transfers
EU to USA
Default: Data stored in USA
Legal Basis: AWS Standard Contractual Clauses (SCCs) for GDPR compliance
Safeguards:
Encryption in transit and at rest
Access controls
Regular security audits
Your Responsibilities as Merchant
Privacy Policy
You must update YOUR privacy policy to include the example text below (preserve links and tailor contact details):
Obtaining Consent
GDPR (EU): May need explicit consent before collecting customer data
Options:
Consult legal counsel for your jurisdiction.
Honoring Customer Requests
When customers request:
Access: Export data from dashboard, provide to customer
Deletion: Email [email protected] to delete data
Correction: Update in dashboard if applicable, or delete and re-collect
Portability: Export CSV, provide to customer
Transparency & Trust
Our philosophy: Your customers own their data.
We:
β Collect only what's necessary
β Store securely
β Delete promptly
β Never sell or share inappropriately
β Honor all privacy rights
β Maintain transparency
Questions or Concerns?
Data Privacy Inquiries: [email protected]
Customer Data Requests: Merchants should email support with:
Visitor ID or customer email
Type of request (deletion, access etc.)
Your Site ID (for verification)
Related Guides:
We're committed to protecting privacy. Thank you for trusting TrialClouds.
Last updated