VIRTUE MIRAGE — App Store Privacy Disclosures
Issued by: Virtue Mirage Pty Ltd ABN: 16 697 834 343 ACN: 697 834 343 Contact: hello@virtuemirage.com.au Registered office: Sydney, Australia
This document contains the privacy disclosures required for our public Shopify App Store listing, formatted for direct submission. Each App Store has a slightly different format; the underlying facts are identical.
SHOPIFY APP STORE — Privacy disclosures
What this app accesses on the merchant's store
Virtue Mirage is installed by a fashion brand ("the merchant") on their Shopify store and requires the following access scopes:
| Scope | Why we need it |
|---|---|
read_products |
To read the merchant's catalogue so we can pre-render Avatars wearing each product |
read_product_listings |
To know which products are published / available for sale (we skip drafts and archived) |
read_customers |
To identify logged-in shoppers so we can recognise returning customers |
read_themes |
To read storefront theme files for the Mirror Mode integration |
write_script_tags (only on legacy themes) |
To inject the Virtue Mirage storefront script on themes without App Block support |
GDPR webhooks (customers/data_request, customers/redact, shop/redact) |
Required by Shopify; we honour all three within 30 days |
We do not request any of the following: write_orders, write_customers, write_products, write_themes (we use theme-app-extensions instead), read_orders, read_inventory. We are read-only on commerce data.
How merchant data is used
- Product catalogue data → pre-render Avatars for each product
- Customer identifiers (Shopify customer ID) → recognise returning shoppers so they don't re-onboard
- Theme structure → install our App Block and serve the Mirror Mode toggle
- Brand assets (logo, brand colours, supplied via admin) → personalise the AI generation pipeline per brand
How merchant data is shared
Merchant data is not shared with any third party other than our infrastructure providers (Google Cloud — for compute, storage, and AI inference). See full Sub-processor list in our DPA.
How shopper data is handled
Shoppers who choose to create a Digital Twin go through a separate onboarding flow operated by Virtue Mirage:
- Two photographs are uploaded, processed in memory, and discarded the moment the Digital Twin is generated — they are never written to disk, never stored, never retained.
- The Digital Twin Avatar (an AI-generated image that resembles the shopper) is stored on Google Cloud Storage and reused for that shopper across the merchant's product pages.
- Shopper identity is keyed by a one-way SHA-256 hash of their email address.
- Three-tier consent captures separate opt-ins for: service use (required), brand marketing (optional), Virtue Mirage marketing (optional), and Cross-Brand Network (optional).
- Right to be forgotten is honoured within 30 days of request, cascading across every brand on the network.
Full shopper-facing terms: virtuemirage.com.au/terms Full shopper-facing privacy policy: virtuemirage.com.au/privacy
Data retention
- Original photographs: 0 seconds after Avatar generation (never stored)
- Digital Twin Avatar: until shopper requests deletion, or 24 months after last activity
- Try-on images: 30 days after merchant uninstalls, or 24 months after shopper last active
- Quick Try-On guest images: 24 hours (auto-expiry)
- Audit logs: 12 months
- Email content: as long as shopper retains marketing consent
GDPR & regional compliance
- GDPR (EU + UK): we are a Processor; the merchant is the Controller. Full DPA available on request. SCCs in place for transfers.
- CCPA / CPRA (California): we act as a Service Provider under the CCPA; we do not "sell" or "share" personal information.
- Australian Privacy Act / APPs: we comply with all 13 APPs. Biometric handling under APP 3.4 with express consent.
- PIPEDA, LGPD, PDPA: Canadian, Brazilian, and Singaporean residents have equivalent rights as set out in our Privacy Policy.
Support
- Shopper privacy questions: hello@virtuemirage.com.au
- Merchant support: hello@virtuemirage.com.au
- Documentation: virtuemirage.com.au/docs
APPLE APP STORE — "App Privacy" labels
(If Virtue Mirage publishes a companion iOS app in future, the following App Store privacy labels apply. The web-based service alone does not require an App Store privacy label, but having these ready for the moment a companion app ships is good housekeeping.)
Data linked to you (the shopper)
| Category | Specific data |
|---|---|
| Identifiers | Email (hashed); name (if provided) |
| Personal Information | Gender; age range; height; weight (derived); body measurements (entered or AI-estimated) |
| Sensitive Information | Photographs (transient); biometric Avatar (stored) |
| Health & Fitness | Body measurements (used for size recommendation only) |
| Usage Data | Product views; Mirror Mode toggles; Avatar regenerations |
| Contact Info | Email (where you've consented to marketing) |
Used for: App Functionality only. Not used for analytics, advertising, or personalisation outside the app's core function.
Data not collected
- Precise location
- Financial information (the merchant handles all payments)
- Browsing history outside the merchant's store
- Search history outside the merchant's store
- Audio data
- Sensitive personal info beyond what's listed above
Data linked to your identity
Yes — the Digital Twin Avatar is linked to your SHA-256 email hash. We can identify you to deliver the service. We cannot identify you to anyone else.
Tracking
No tracking. Virtue Mirage does not track users across other apps or websites. The "Mirror Mode" experience is contained within the merchant's storefront.
GOOGLE PLAY STORE — Data Safety section
(For a future companion Android app, the equivalent of the Apple labels above. Same factual content, Google's required taxonomy.)
Data collected
- Personal info: Email address (hashed); Name
- Photos and videos: Photos (transient only; deleted immediately after Avatar generation); generated Avatar image (stored)
- App activity: In-app actions (Avatar creation, try-ons, Mirror Mode toggles)
- Personal info, sensitive: Biometric data (Avatar)
Data shared
- None beyond infrastructure providers required to deliver the service.
Data is encrypted in transit
Yes — TLS 1.2+ for all communications.
You can request that data be deleted
Yes — within 30 days, via hello@virtuemirage.com.au.
Independent security review
No (yet). We will publish a security review once we engage one — current status: SOC 2 readiness assessment scheduled for [DATE].
SHOPIFY PARTNER PROGRAM — Built for Shopify requirements
To qualify for the "Built for Shopify" badge, our app must meet specific criteria. Tracking progress:
| Requirement | Status |
|---|---|
| Performance: 95+ Lighthouse score on storefront integration | ✅ Verified on Dawn, Studio, and tested on 6 popular themes |
| Mandatory GDPR webhooks implemented | ✅ All three (customers/data_request, customers/redact, shop/redact) wired and tested |
| HMAC verification on webhooks | ✅ |
| App Bridge integration in embedded admin | ✅ |
| OAuth flow with offline tokens | ✅ |
| App Store listing assets ready | 🟡 In progress — copy locked, screenshots and demo video next |
| Shopify Billing API for charges | 🟡 Manual invoicing currently; Billing API integration scheduled |
| Privacy Policy URL | 🟡 Awaiting lawyer review of 02 - Privacy Policy v2.md |
| Terms of Service URL | 🟡 Awaiting lawyer review of 01 - Terms of Service v2.md |
| Support email | ✅ hello@virtuemirage.com.au |
| Public sub-processor list | 🟡 To publish at virtuemirage.com.au/subprocessors |
Marketing-site disclosures (to publish at virtuemirage.com.au/legal)
The following pages must be live on the marketing site before the App Store submission goes through:
| Page | URL | Source document |
|---|---|---|
| Terms of Service | virtuemirage.com.au/terms | 01 - Terms of Service v2.md |
| Privacy Policy | virtuemirage.com.au/privacy | 02 - Privacy Policy v2.md |
| Sub-processors list | virtuemirage.com.au/subprocessors | Schedule A of 04 - DPA.md, kept up to date |
| DPA (downloadable PDF) | virtuemirage.com.au/dpa | 04 - DPA.md |
| Cookie statement (currently: "we don't use trackers") | virtuemirage.com.au/cookies | TBD — simple page |
| Contact / privacy requests | virtuemirage.com.au/contact | Form pointing to hello@virtuemirage.com.au |
I'll publish all of these to the marketing site once the lawyer has signed off on the underlying documents. The HTML versions will follow the same structure as the existing brain/public/website/terms.html.
Submission timeline (after lawyer sign-off)
| Day | Task |
|---|---|
| 1 | Lawyer redlines integrated into Markdown drafts |
| 2 | Convert all docs to HTML, deploy to marketing site |
| 3 | Capture screenshots of admin + storefront experience |
| 4 | Record + edit demo video (script in marketing/Demo Video - Script + Storyboard.md) |
| 5 | Submit App Store listing with all assets |
| 7-14 | Shopify review (typically takes a week) |
| 15 | Address any review feedback |
| 16-30 | Marketing push: listing live, paid acquisition begins |
This sequence assumes the lawyer turnaround is fast. If the lawyer review is slow, days 2 onwards can begin in parallel using the redlined drafts — the only blocker is having the customer-facing Terms and Privacy Policy publicly accessible by the time of submission.