This Privacy Policy explains how Virtue Mirage (a product of Virtue Creative Studios Pty Ltd, ABN to be confirmed, "we," "us," "our") collects, uses, stores, and shares personal information about you when you use the Virtue Mirage service through a participating brand's online store.
By creating a Virtue Mirage avatar or using the Quick Try-On feature, you agree to the practices described in this Policy. If you do not agree, please do not use the service.
Contents
- Who we are
- What information we collect
- How we use your information
- Photos and biometric considerations
- How long we keep your information
- Who we share information with
- The Cross-Brand Network
- Where your data is stored
- Your rights
- Security
- Cookies and tracking
- Children
- Changes to this Policy
- Contact us
1. Who we are
Virtue Mirage is a software-as-a-service product operated by Virtue Creative Studios Pty Ltd, a company registered in New South Wales, Australia, with studios at:
- Studio 1: Unit 4/28-30 Lilian Fowler Pl, Marrickville NSW 2204
- Studio 2: 3.12/106-110 Euston Rd, Alexandria NSW 2015
For all privacy-related enquiries, please contact us at hello@virtuemirage.com.au.
2. What information we collect
We collect the following categories of information when you use Virtue Mirage:
Identity and contact
- First name (or display name)
- Email address
- Encrypted identifier (a SHA-256 hash of your email used as your Virtue Mirage ID)
Physical attributes (avatar onboarding)
- Two photographs you upload: one portrait, one full-body
- Height, weight, build, age range, gender, shoe size, preferred sizing system
Generated content
- Your Digital Twin avatar — an AI-generated image derived from your uploaded photos and physical attributes
- Rendered try-on images — your avatar wearing products from participating brands
Usage and preferences
- The brand whose store you used to create your avatar
- Your marketing consent choices (per-brand and Virtue Mirage-wide, all opt-in)
- Your cross-brand network opt-in choice (opt-in only)
- Records of which products you have tried on
Technical
- IP address, browser type, device type, and timestamp of each session
- Login session token (kept in your browser, expires periodically)
- Theme preference (light/dark) stored locally in your browser
3. How we use your information
We use the information we collect to:
- Generate your Digital Twin avatar — your uploaded photos and physical attributes are processed by our AI pipeline to create a single avatar that represents you.
- Render try-on images — your avatar is combined with product images from participating brands to produce personalised renders, batch-processed as new arrivals drop.
- Recommend the right size — your measurements are matched against each brand's size matrix to surface a recommended size on every product page.
- Recognise you across brands (with your consent) — if you opt in, your Twin is portable to other brands on the Virtue Mirage network.
- Send marketing communications (with your consent) — only if you ticked the relevant box during onboarding. You can unsubscribe at any time.
- Operate, secure, and improve the service — including logging, fraud prevention, and aggregate analytics.
- Comply with our legal obligations — including responding to lawful requests and meeting our recordkeeping duties.
We do not use your photos, avatar, or rendered images to train any external or third-party AI model. Your data is not sold and is not used to target advertising.
4. Photos and biometric considerations
The photographs you upload during avatar onboarding can be considered biometric information under certain laws (including some U.S. state laws, e.g. Illinois BIPA). We take this seriously.
- Originals are deleted immediately. The portrait and full-body photos you upload are processed only long enough to generate your avatar, then permanently deleted from our servers. They are not archived, not backed up, and not transmitted to any third party.
- Your avatar is a derivative work. It is a stylised AI rendering, not a facial scan or biometric template. We do not run face-recognition matching against any external database.
- You may decline to participate. The avatar feature is fully optional. Brand stores remain usable without Virtue Mirage.
- 12-month identity lock. Once your avatar is created, we lock it for 12 months (or shorter if the brand opts in to 3 or 6 months). This protects against accidental or fraudulent re-creation.
- You can request immediate deletion. See section 9 for how.
5. How long we keep your information
| Data type | Retention |
|---|---|
| Uploaded photos (portrait, full body) | Deleted immediately after avatar generation |
| Digital Twin avatar | Retained until you delete it or your account becomes inactive for 24 months |
| Try-on images (logged-in customer) | Retained while your avatar is active |
| Quick Try-On images (guest) | Deleted after 1 hour |
| Email + name (consent record) | Until you unsubscribe, plus 12 months for audit |
| Server logs (IP, request data) | 90 days, then anonymised |
6. Who we share information with
We share your information only with the parties needed to operate the service:
- The brand whose store you used. The brand can see that you have an avatar with them, which products have been rendered, and which sizes were recommended — but not your underlying photos (which we have already deleted).
- Brands you have opted in to via the Cross-Brand Network. See section 7.
- Google Cloud Platform. Our infrastructure provider. Avatars and renders are stored in Google Cloud Storage; metadata in Firestore. Region:
us-central1(United States). - Shopify. For brands using the Shopify Theme App Extension, Shopify hosts the storefront where you interact with Virtue Mirage. Standard Shopify privacy practices apply.
- Stripe. If a brand uses Stripe to bill for avatar fees, transaction data flows through Stripe — but never includes your photos or avatar.
- Law enforcement or regulators when lawfully compelled.
We do not sell your personal information, and we do not share it with advertising networks.
7. The Cross-Brand Network
The Cross-Brand Network is an opt-in feature that lets you carry your Digital Twin across multiple brands on Virtue Mirage. If you have not ticked the cross-brand box during onboarding, your avatar stays scoped to the single brand where you created it.
If you opt in:
- Other participating brands can render their products onto your avatar, in their own brand aesthetic.
- You remain in control — you can revoke cross-brand access at any time from any brand's avatar settings.
- Each brand that opts to use the network must agree to handle your data under terms equivalent to this Policy.
8. Where your data is stored and processed
We treat storage (data at rest) and processing (AI generation) as two separate concerns because Google's infrastructure handles them differently.
Storage (data at rest)
Your avatar, rendered try-on images, customer record, and consent records are stored on Google Cloud Platform infrastructure. The bucket region is currently us-central1 (Iowa, United States). We are actively migrating storage to australia-southeast1 (Sydney, Australia) — once complete, all data at rest for Australian customers will reside in Australia. We will update this Policy when the migration completes.
AI processing (image generation)
The AI image generation we use (Google's Gemini 3 Pro Image, accessed via Vertex AI) operates on Google's global endpoint. Google does not currently offer a regional endpoint for this model. This means individual image-generation requests may be processed in any Google data centre worldwide (Europe, Asia, the Americas) depending on capacity and routing at the moment of the request. Google's global endpoint does not guarantee in-region ML processing. We rely on this service to deliver the Virtue Mirage experience and cannot operate without it.
Cross-border transfer safeguards
Because data is transferred internationally during AI processing, we rely on the following safeguards:
- Google Cloud Data Processing Addendum (DPA) — includes the EU Commission-approved Standard Contractual Clauses (SCCs) for transfers out of the European Economic Area and the UK. By using Virtue Mirage, your information is covered by these SCCs whenever it leaves the EU/UK.
- EU-U.S. Data Privacy Framework — Google LLC is certified under the EU-US DPF, the UK Extension, and the Swiss-US DPF, providing additional legal basis for transfers to the United States.
- Australian Privacy Principle 8 — we comply with the cross-border disclosure rules under the Australian Privacy Act 1988 and disclose all overseas recipients here.
- Google Cloud certifications — ISO 27001, ISO 27017, ISO 27018, SOC 1/2/3, FedRAMP Moderate. The infrastructure is independently audited.
For details on Google Cloud's data residency model, see the Vertex AI Data Residency documentation.
What this means in practice
- Your uploaded photos are processed in memory only and deleted immediately after the avatar is generated — they never leave Google's infrastructure as a persisted file, and they're never archived in any region.
- Your avatar and renders are stored at rest in the bucket region above (currently US, migrating to Australia).
- The AI computation that creates new renders may happen in any Google data centre globally, subject to the safeguards above. The output flows directly back to our storage.
9. Your rights
You have the following rights at any time:
- Access: request a copy of the personal information we hold about you.
- Correction: ask us to correct or update inaccurate data.
- Deletion: ask us to delete your avatar and all associated records. This is permanent and irreversible. We will action requests within 30 days.
- Portability: request a machine-readable export of your avatar and metadata.
- Withdraw consent: opt out of marketing or the cross-brand network at any time.
- Lodge a complaint: with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au, or with your local data protection authority if you are an EU resident.
To exercise any of these rights, email hello@virtuemirage.com.au from the address associated with your avatar. We will respond within 30 calendar days.
10. Security
We use industry-standard safeguards to protect your information:
- TLS 1.3 in transit, AES-256 encryption at rest (managed by Google Cloud).
- Strict identity and access management — no public read access to avatar storage; signed URLs with short expiry for image delivery.
- Role-based access for our internal team; access is logged.
- Annual review of vendor security posture.
No system is perfectly secure. If you believe your account has been compromised, please contact us immediately at hello@virtuemirage.com.au.
11. Cookies and tracking
Virtue Mirage uses a minimal amount of browser storage:
- An authentication token identifying you to the service. Expires after the session.
- A theme preference (light/dark) — stored locally in your browser via
localStorage, not transmitted to our servers.
We do not use third-party analytics tracking, advertising cookies, or cross-site fingerprinting.
12. Children
Virtue Mirage is not intended for users under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us at hello@virtuemirage.com.au so we can delete it.
13. Changes to this Policy
We may update this Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your avatar) at least 14 days before the change takes effect, and we will update the "Effective" date at the top of this page. Continued use after the effective date constitutes acceptance.
14. Contact us
All enquiries — privacy, security, support, general — go to hello@virtuemirage.com.au. We monitor this inbox during Australian business hours and aim to respond within one business day.
Postal: Virtue Creative Studios Pty Ltd, Unit 4/28-30 Lilian Fowler Pl, Marrickville NSW 2204, Australia.