Tast-e Inc. ("Tast-e," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website (tast-e.ai), use our mobile application, or engage with our services (collectively, the "Services").
This policy is designed to comply with applicable United States federal and state privacy laws, including the Texas Data Privacy and Security Act (TDPSA), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable state data protection laws.
By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.
Privacy Inquiries: [email protected]
Customer Support: [email protected]
Sales: [email protected]
Mailing Address: Tast-e Inc., Dallas, TX 75214
1. Information We Collect
1.1 Information You Provide Directly
Account Information: When you create an account, we collect your name, email address, phone number, password (stored only as a bcrypt hash — we never store your actual password), city, and the role(s) you select (consumer, seller, specialist).
Profile & Style Data: Gender identity, age range, body type, style preferences, favorite colors, preferred brands, budget range, deal-breakers, and inspiration photos you upload during the Style DNA onboarding questionnaire.
Closet Data: Photos you take or upload of clothing items, and the AI-generated metadata derived from those photos (brand, color, type, pattern, fabric, condition, season, size, estimated retail value, and estimated resale value).
Transaction Data: Purchase history, sale history, consignment listing details, payment method tokens (we never store full card numbers — see Section 5), shipping addresses, and wallet transaction history.
Communication Data: Messages between buyers and sellers, support chat transcripts, chatbot interactions (with Gina and Live Support), reviews and ratings you leave, and feedback you submit.
Concierge Data: Home address (collected only for concierge visits), scheduling preferences, specialist visit reports, and garment photos taken by specialists during home visits.
Specialist Applicant Data: Resume/experience, city, availability, phone number, and background check authorization. Background checks are conducted by our third-party provider (Checkr) — we do not receive your Social Security Number or its results beyond pass/fail status.
1.2 Information Collected Automatically
Device Information: Device type, operating system, unique device identifiers, browser type and version, screen resolution, and language settings.
Usage Data: Pages visited, features used, actions taken (scans, outfits generated, items listed), time spent on each screen, search queries, and referral sources.
Location Data: City-level location derived from your IP address. We do not collect precise GPS location unless you explicitly grant permission for concierge distance matching.
Log Data: IP address, access timestamps, error logs, and API request logs. Log data is retained for 90 days.
Cookies and Tracking Technologies: See Section 7 (Cookie Policy) below for detailed information.
1.3 Information from Third Parties
Social Login Providers: If you sign in with Google or Apple, we receive your name and email address from those services. We do not receive your password from social login providers.
Stripe (Payment Processor): Stripe provides us with payment confirmation status, subscription status, and payout status. We never receive or store your full credit card number, CVV, or expiration date.
Shipping Carriers: USPS, UPS, and FedEx provide tracking updates for marketplace orders.
Checkr (Background Checks): For specialist applicants only, Checkr provides pass/fail background check status.
2. How We Use Your Information
We use personal information for the following purposes:
Provide and operate the Services: Closet management, AI outfit recommendations, marketplace transactions, concierge booking, and shipping coordination.
Personalize your experience: Style recommendations based on your profile, color preferences, wardrobe contents, and past interactions.
Process transactions: Subscription billing, marketplace purchases and seller payouts, concierge charges and specialist payouts, and wallet management.
Account security: Multi-factor authentication (SMS verification via Twilio), account lockout protection after failed login attempts, password reset, and fraud detection.
Communicate with you: Order confirmations, shipping updates, outfit suggestions, account notifications, marketing emails (with your consent), and responses to support inquiries.
Safety and fraud prevention: Detect counterfeit items, prevent marketplace scams, moderate uploaded images for prohibited content, and verify specialist identities.
Improve our Services: Analyze usage patterns to improve AI recommendations, identify bugs, and develop new features.
Legal compliance: Respond to lawful requests from law enforcement, enforce our Terms of Service, and comply with applicable laws and regulations.
3. How We Share Your Information
We do not sell your personal information. We do not sell, rent, or trade your personal data to third parties for their marketing purposes. This applies to all users regardless of state of residence.
We do not share your personal information for cross-context behavioral advertising.
We share information only as follows:
| Recipient | Data Shared | Purpose | Legal Basis |
|---|---|---|---|
| Stripe | Email, name, payment tokens | Payment processing | Contract performance |
| Twilio | Phone number | SMS verification codes (MFA) | Security / contract |
| Shipping carriers (USPS, UPS, FedEx via Shippo) | Buyer name, shipping address | Package delivery | Contract performance |
| Marketplace buyers | First name, city (not full address until purchase) | Order fulfillment | Contract performance |
| Concierge specialists | First name, address (visit day only) | Home visit service | Contract performance |
| Checkr | Specialist name, DOB, authorization | Background checks (specialists only) | Consent |
| AWS | Encrypted data, photos | Cloud hosting and storage | Contract performance |
| Anthropic (Claude AI) | Garment photos, style preferences | AI garment analysis and outfit generation | Contract performance |
| AWS Rekognition | Uploaded images (transient) | Content moderation / safety screening | Legitimate interest |
| Mailchimp | Name, email, city, interest | Marketing email campaigns | Consent |
| Law enforcement | As required by valid legal process | Legal obligations | Legal requirement |
Important: When we send garment photos to Anthropic's Claude AI for analysis, we strip all EXIF metadata (including GPS coordinates and device information) before transmission. No personally identifiable information is sent with garment photos.
4. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account profile | Duration of account + 30 days after deletion | Service provision |
| Closet photos & AI metadata | Duration of account + 30 days after deletion | Service provision |
| Transaction records | 7 years after transaction | Tax and legal compliance (IRS requirements) |
| Payment card data | Never stored by Tast-e | Managed entirely by Stripe |
| Reviews and ratings | Indefinite (anonymized after account deletion) | Community trust and marketplace integrity |
| Usage and access logs | 90 days | Security monitoring, debugging |
| Shipping addresses | 1 year after last use | Order fulfillment, returns |
| Concierge visit addresses | 30 days after visit completion | Service coordination, dispute resolution |
| Support chat transcripts | 2 years | Quality assurance, dispute resolution |
5. Data Security
We implement industry-standard security measures to protect your personal information:
Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security). HTTPS is enforced on all pages via HSTS (HTTP Strict Transport Security).
Encryption at Rest: All data stored in our databases and file storage is encrypted using AES-256 encryption via AWS Key Management Service (KMS). Encryption keys are rotated annually.
Password Security: Passwords are hashed using bcrypt with 12 salt rounds. We never store, log, or have access to your actual password. We check passwords against known breached databases to prevent use of compromised credentials.
Payment Card Security: We are PCI DSS compliant (SAQ-A level). Your credit card number, CVV, and expiration date are collected directly by Stripe's secure SDK and never pass through or are stored on Tast-e servers. We store only Stripe-issued tokens and customer identifiers.
Multi-Factor Authentication (MFA): All accounts require SMS or email verification for login, signup, password changes, and high-value transactions (over $200). MFA is powered by Twilio Verify.
Account Lockout: After 5 failed login attempts, accounts are temporarily locked for 15 minutes to prevent brute-force attacks.
Image Safety: All uploaded photos are scanned through a multi-layer AI content moderation pipeline (AWS Rekognition + Claude Vision) before storage. EXIF metadata (GPS, device info) is stripped from all images before processing or storage.
Specialist Vetting: All Style Specialists undergo FBI-level background checks (via Checkr), sign non-disclosure agreements, and are covered by $1M general liability insurance.
6. Your Privacy Rights
6.1 Rights Under Texas Data Privacy and Security Act (TDPSA)
If you are a Texas resident, you have the following rights under the TDPSA (effective July 1, 2024):
Right to Access: You may confirm whether we are processing your personal data and request access to that data.
Right to Correction: You may request that we correct inaccuracies in your personal data.
Right to Deletion: You may request that we delete the personal data you provided to us or that we obtained about you.
Right to Data Portability: You may request a copy of your personal data in a portable, readily usable format (JSON or CSV).
Right to Opt Out: You may opt out of the processing of your personal data for purposes of targeted advertising, the sale of personal data (we do not sell your data), or profiling in furtherance of decisions that produce legal or similarly significant effects.
Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
We will respond to your request within 45 days. If additional time is needed due to complexity, we will notify you of an extension of up to 45 additional days.
6.2 Rights Under California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, you have the following additional rights:
Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting, and the categories of third parties with whom we share it.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions (e.g., completing a transaction, legal obligations).
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link.
Right to Limit Use of Sensitive Personal Information: You may request that we limit the use of sensitive personal information (such as precise geolocation or account credentials) to what is necessary to provide the Services.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
Authorized Agents: You may designate an authorized agent to submit requests on your behalf. Agents must provide signed authorization or power of attorney.
We will respond to verifiable consumer requests within 45 days, with one 45-day extension if reasonably necessary.
Categories of personal information collected in the last 12 months: Identifiers (name, email, phone), commercial information (purchase history), internet activity (usage data), geolocation (city-level), and visual information (garment photos).
6.3 Rights Under Other State Laws
If you reside in Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Oregon, Delaware, or any other state with comprehensive privacy legislation, you may have similar rights to those described above. We honor all valid consumer privacy requests regardless of your state of residence.
6.4 How to Exercise Your Rights (DSAR Process)
You may submit a Data Subject Access Request (DSAR) through any of the following methods:
In the app: Settings → Privacy → Submit Data Request
By email: [email protected]
On the web: tast-e.ai/support (Live Chat → Account Help)
Verification: We will verify your identity before processing any request. Verification methods include email confirmation to your account email, last 4 digits of your phone number, or confirmation of recent account activity.
What is included in a data export: Account profile, style DNA preferences, closet inventory with photos, outfit history, purchase and sale history, reviews given and received, wallet transactions, communication logs, and login/activity history.
Deletion process: Upon receiving a verified deletion request, your account enters a 30-day grace period (during which you can reactivate). After 30 days, all personal data is permanently deleted from production systems. Backups are purged within 90 days. Transaction records required for tax compliance are retained for 7 years but anonymized.
7. Cookie Policy
7.1 What Are Cookies
Cookies are small text files stored on your device when you visit a website. They help us provide core functionality, remember your preferences, and understand how our Services are used.
7.2 Types of Cookies We Use
| Cookie Type | Purpose | Duration | Can You Opt Out? |
|---|---|---|---|
| Strictly Necessary | Authentication (JWT session token), CSRF protection, security preferences | Session / 15 minutes (access token) / 30 days (refresh token) | No — required for the site to function |
| Functional | Language preference, dark/light mode, last-viewed items | 1 year | Yes |
| Analytics | Page views, feature usage, session duration (via PostHog or similar) | 1 year | Yes |
| Marketing | Not currently used. If added in the future, we will update this policy and request consent. | N/A | N/A |
7.3 Cookie Consent
When you first visit tast-e.ai, you will see a cookie consent banner that allows you to accept or reject non-essential cookies. You may change your cookie preferences at any time through Settings → Privacy → Cookie Preferences.
Strictly Necessary cookies cannot be disabled as they are essential for the website to function (e.g., keeping you logged in).
Functional and Analytics cookies are set only after you provide consent. If you do not consent, these cookies will not be placed on your device.
7.4 Global Privacy Control (GPC)
We honor Global Privacy Control (GPC) signals transmitted by your browser. If we detect a GPC signal, we treat it as a valid opt-out request for the sale or sharing of personal information and for targeted advertising, in compliance with the CCPA/CPRA and TDPSA.
7.5 Do Not Track
We also honor Do Not Track (DNT) signals. When we detect a DNT signal, we disable non-essential analytics tracking for your session.
7.6 Managing Cookies in Your Browser
You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, if you block strictly necessary cookies, some parts of our Services may not function correctly.
8. Children's Privacy
Tast-e is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected data from a child under 13, we will delete it immediately and terminate the associated account.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will take steps to remove the information.
For users between 13 and 17 years of age, we require parental or guardian consent for account creation.
9. International Data Transfers
Tast-e is based in the United States and our data is stored and processed in the United States. If you access our Services from outside the United States, your personal information will be transferred to and processed in the United States.
The United States may not provide the same level of data protection as your country of residence. By using our Services, you consent to the transfer of your data to the United States.
10. Third-Party Links
Our Services may contain links to third-party websites or services (e.g., Poshmark, eBay, social media platforms). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing personal information.
11. AI and Automated Decision-Making
Tast-e uses artificial intelligence (Claude by Anthropic) for garment identification, outfit recommendations, pricing estimates, and listing descriptions. These AI-generated outputs are informational and assistive in nature. They do not constitute appraisals, financial advice, or binding decisions.
No fully automated decisions with legal or similarly significant effects are made about you without human review. You may request human review of any AI-generated recommendation or decision by contacting [email protected].
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:
Notify you by email at least 30 days before the changes take effect.
Display a prominent notice within the app and on our website.
Update the "Last Updated" date at the top of this page.
We encourage you to review this Privacy Policy periodically. Continued use of our Services after changes become effective constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy Inquiries & DSAR Requests
[email protected]
Customer Support
[email protected]
Sales
[email protected]
Mailing Address
Tast-e Inc.
Dallas, TX 75214
United States
This Privacy Policy was last reviewed on March 14, 2026. This document is provided for informational purposes and should be reviewed by qualified legal counsel licensed in your jurisdiction before reliance.