Effective: 2026-05-24 App: Tela (iOS) Operator: Sebastián Torres Linke ([email protected]) Address: Am Pohlacker 9, 40885 Ratingen
| Data | Where it lives | Legal basis (GDPR Art. 6) |
|---|---|---|
| Selfie photo(s) you upload | On your device. Transmitted to our server only at the moment of a try-on request, and forwarded to the AI image provider for that one render. Not retained on our server after the response is returned. | Art. 6(1)(b) — performance of the service you requested |
| Generated try-on images | Our servers, keyed to your anonymous profile_id | Art. 6(1)(b) |
| Anonymous profile_id (random UUID, generated on first launch) | On your device + referenced in our database | Art. 6(1)(b) |
| Try-on metadata (timestamp, model, quality, prompt variant, latency) | Our servers, keyed to profile_id | Art. 6(1)(b) / Art. 6(1)(f) — operational metrics |
| Swipes & taste signals (which catalog items you liked or passed, derived style affinities) | Our servers, keyed to profile_id | Art. 6(1)(b) — personalizing the feed |
| Device push token | Our servers, keyed to profile_id. Only stored if you accept push permission. | Art. 6(1)(a) — consent, granted via the iOS push prompt |
| Crash reports | The platform's built-in crash reporting (no third-party crash SDK) | Art. 6(1)(f) — fixing bugs |
Your name, email, phone, address, contacts, calendar, location, microphone audio, health, financial, or biometric data. No behavioral data for advertising.
We use a small number of processors, each bound by a Data Processing Agreement (GDPR Art. 28).
| Category | Location | What they receive |
|---|---|---|
| Hosting / database | EU (Germany) | Generated images, profile_id, try-on metadata, swipes, push token |
| AI image generation | USA | Your selfie + the product image, only at the moment of each render |
| Push notifications | USA | Device push token + push payloads (e.g. "your try-on is ready") |
On vendor changes. We may switch or add processors (for example, to use a different AI model or improve reliability). If we do, we'll update this page to reflect the new category, country of processing, or safeguards.
We do not share your data with advertisers, analytics platforms, or data brokers.
Under EU GDPR you have the right to access, correct, delete, object to processing, receive a copy in a portable format, and lodge a complaint with a supervisory authority. The competent authority for our registered address is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).
To use these rights:
Tela is not directed at users under 12. If a parent believes their child has used Tela, email [email protected] and we'll delete the data.
Generated images are encrypted at rest; all network traffic uses TLS 1.2+.
Some processors operate outside the EU/EEA (currently in the United States). Transfers are governed by Standard Contractual Clauses approved by the European Commission. If we change the destination country or safeguard mechanism, we'll update this page.
If we materially change how we handle your data — including changing the category of processor, country of processing, or safeguard mechanism — we'll update this page and, where required, prompt you in-app before continuing.
Sebastián Torres Linke [email protected] Am Pohlacker 9, 40885 Ratingen
This policy is provided in English. A German translation is available on request.