tela.

Privacy Policy

Effective: 2026-05-24 App: Tela (iOS) Operator: Sebastián Torres Linke ([email protected]) Address: Am Pohlacker 9, 40885 Ratingen


What we collect

Data Where it lives Legal basis (GDPR Art. 6)
Selfie photo(s) you upload On your device. Transmitted to our server only at the moment of a try-on request, and forwarded to the AI image provider for that one render. Not retained on our server after the response is returned. Art. 6(1)(b) — performance of the service you requested
Generated try-on images Our servers, keyed to your anonymous profile_id Art. 6(1)(b)
Anonymous profile_id (random UUID, generated on first launch) On your device + referenced in our database Art. 6(1)(b)
Try-on metadata (timestamp, model, quality, prompt variant, latency) Our servers, keyed to profile_id Art. 6(1)(b) / Art. 6(1)(f) — operational metrics
Swipes & taste signals (which catalog items you liked or passed, derived style affinities) Our servers, keyed to profile_id Art. 6(1)(b) — personalizing the feed
Device push token Our servers, keyed to profile_id. Only stored if you accept push permission. Art. 6(1)(a) — consent, granted via the iOS push prompt
Crash reports The platform's built-in crash reporting (no third-party crash SDK) Art. 6(1)(f) — fixing bugs

What we don't collect

Your name, email, phone, address, contacts, calendar, location, microphone audio, health, financial, or biometric data. No behavioral data for advertising.


Who we share it with

We use a small number of processors, each bound by a Data Processing Agreement (GDPR Art. 28).

Category Location What they receive
Hosting / database EU (Germany) Generated images, profile_id, try-on metadata, swipes, push token
AI image generation USA Your selfie + the product image, only at the moment of each render
Push notifications USA Device push token + push payloads (e.g. "your try-on is ready")

On vendor changes. We may switch or add processors (for example, to use a different AI model or improve reliability). If we do, we'll update this page to reflect the new category, country of processing, or safeguards.

We do not share your data with advertisers, analytics platforms, or data brokers.


How long we keep it


Your rights

Under EU GDPR you have the right to access, correct, delete, object to processing, receive a copy in a portable format, and lodge a complaint with a supervisory authority. The competent authority for our registered address is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).

To use these rights:


Children

Tela is not directed at users under 12. If a parent believes their child has used Tela, email [email protected] and we'll delete the data.


Security

Generated images are encrypted at rest; all network traffic uses TLS 1.2+.


International transfers

Some processors operate outside the EU/EEA (currently in the United States). Transfers are governed by Standard Contractual Clauses approved by the European Commission. If we change the destination country or safeguard mechanism, we'll update this page.


Changes to this policy

If we materially change how we handle your data — including changing the category of processor, country of processing, or safeguard mechanism — we'll update this page and, where required, prompt you in-app before continuing.


Contact

Sebastián Torres Linke [email protected] Am Pohlacker 9, 40885 Ratingen


This policy is provided in English. A German translation is available on request.