Now featured on the Shopify App Store.

genlook
GenlookVirtual Try-on

Privacy Policy (Merchants)

Effective Date: May 29, 2026

Looking for the privacy policy for the Virtual Try-On Widget?

View Shopper/End-User Privacy Policy →

This Privacy Policy describes how PARAKEET LABS, SASU, operating as Genlook ("we", "us", or "our") collects, uses, and discloses information in connection with your installation and use of our Shopify application (the "App"). This policy is directed at Merchants (Store Owners).

1. Introduction

As a Shopify Merchant, you trust us with your store data and your customers' experience. We are committed to protecting this information. When you install the App, you act as the Data Controller for your customers' data, and we act as the Data Processor.

2. Information We Collect from Merchants

  • Shopify Account Info: Name, email address, shop domain, and contact details (via Shopify API).
  • Billing Information: We do not store credit card details directly; billing is handled via Shopify's Billing API.
  • Studio Assets: If you use the Genlook Studio to generate marketing images, we process the model photos and product images you upload.
  • Customer Data (On your behalf): We collect and process your customers' photos and emails (if enabled) to provide the Virtual Try-On service. Note: You do not have access to view customer uploaded photos or generated try-on results. Even when customers use the "Share" feature to send results to friends, this does not grant you access to view these images. See the Widget Privacy Policy for details.

3. How We Use Merchant Information

  • To provide and operate the Service (generating AI images).
  • To process billing and subscription management.
  • To communicate with you regarding updates, support, or billing issues.
  • To provide you with analytics (e.g., "35% conversion uplift").

4. Legal Bases for Processing (GDPR Art. 6)

Where we act as the Data Controller for merchant (business) data, we rely on the following legal bases under Article 6(1) of the GDPR:

  • Account setup & operating the App (Shopify account info, Studio assets) — performance of a contract (Art. 6(1)(b)).
  • Billing & subscription managementperformance of a contract (Art. 6(1)(b)) and compliance with a legal obligation (Art. 6(1)(c), e.g. accounting and tax retention).
  • Service & support communicationsperformance of a contract (Art. 6(1)(b)) / our legitimate interests (Art. 6(1)(f)).
  • Marketing communications — your consent (Art. 6(1)(a)) or our legitimate interests (Art. 6(1)(f)), which you can object to at any time.
  • Product analytics & service improvement (PostHog) and security, fraud prevention & error monitoring (Sentry) — our legitimate interests (Art. 6(1)(f)).
  • Responding to legal requestscompliance with a legal obligation (Art. 6(1)(c)).

For your customers' data, you (the Merchant) are the Data Controller and determine the legal basis; we process it as your Processor under your instructions (see Section 9). In practice, a shopper's photo is processed on the basis of the shopper's consent (Art. 6(1)(a)), given by their active upload.

5. Data Processing, Security & Retention

We adhere to strict data security standards:

  • Encryption: All data is encrypted in transit (TLS) and at rest.
  • AI Training: We DO NOT use your or your customers' data to train our AI models.

Data retention. We keep personal data only as long as necessary:

  • Customer photos & generated images: automatically and permanently deleted after 7 days (or the retention window configured for your store).
  • Merchant account data: deleted within 48 hours of uninstalling the App.
  • Billing records: retained for up to 10 years, as required by French accounting and tax law.
  • Analytics & error logs: retained for up to 12 months for security and service improvement, then deleted or anonymized.
  • Support communications: retained for up to 24 months.

6. Third-Party Subprocessors

We use the following trusted services to run our infrastructure:

  • Shopify: Platform and Billing.
  • Google Cloud (Vertex AI): Image generation (Enterprise-grade privacy).
  • Render: Application and database hosting (EU).
  • Vercel: Marketing site hosting (US).
  • PostHog: Product analytics (EU).
  • Sentry: Error monitoring (EU).
  • Crisp: Customer support chat (EU).
  • Klaviyo: Marketing events integration, only when you connect it (US).

7. International Data Transfers

We host and store data primarily in the European Union. Some processing takes place outside the European Economic Area (EEA), in the United States specifically AI image generation, our marketing site on Vercel, and, where you enable it, the Klaviyo integration. Where personal data is transferred outside the EEA, we rely on appropriate safeguards under Chapter V of the GDPR — primarily the European Commission's Standard Contractual Clauses (SCCs) included in our providers' data-processing terms. You may request more information at privacy@genlook.app.

8. Your Data Protection Rights

Under the GDPR you have the following rights regarding your personal data:

  • Access (Art. 15) — obtain a copy of the personal data we hold about you.
  • Rectification (Art. 16) — correct inaccurate or incomplete data.
  • Erasure (Art. 17) — request deletion of your data.
  • Restriction (Art. 18) — limit how we process your data.
  • Data portability (Art. 20) — receive your data in a portable, machine-readable format.
  • Object (Art. 21) — object to processing based on our legitimate interests, including marketing.
  • Withdraw consent (Art. 7(3)) — where processing is based on consent, withdraw it at any time, without affecting the lawfulness of prior processing.
  • Lodge a complaint with a supervisory authority (Art. 77) — you may complain to your local EEA data protection authority. Our lead authority is the French CNIL (cnil.fr).

To exercise any of these rights, contact us at privacy@genlook.app. We will respond within one month, as required by Art. 12(3). If your request concerns customer data for which a Merchant is the Controller, we will direct it to, or assist, that Merchant.

9. Data Processing Agreement

Because we process your customers' personal data on your behalf, we act as your Processor under Article 28 of the GDPR. A Data Processing Agreement governing this relationship — including our obligations, security measures, and subprocessor terms — is available on request at privacy@genlook.app.

10. Your Privacy Policy (Template)

Since you are the Data Controller, you may need to update your store's privacy policy to inform your customers about the Virtual Try-On feature. You can copy/paste the section below:

Suggested Text for Your Privacy Policy:

Virtual Try-On Feature

Our store uses GenLook, a virtual try-on application that allows you to see how products look on you before making a purchase.

How it works: When you choose to use the virtual try-on feature, you will be asked to upload a photo of yourself. This photo is processed securely using artificial intelligence to generate a virtual try-on image.

Data Privacy: Your uploaded photo and the generated result are processed solely for this purpose and are automatically deleted after 7 days. Your photos are NOT used to train AI models.

For more details, please refer to the Genlook Widget Privacy Policy.

11. Contact Us

PARAKEET LABS (SAS), operating as Genlook
4 Rue de la République, 69001 Lyon, France

12. Cookies & analytics on genlook.app

When you visit genlook.app, we ask for your consent before loading analytics and marketing cookies. You can accept all analytics cookies or continue with essential cookies only (support chat remains available).

  • PostHog (product analytics) — loaded only if you accept. Hosted in the EU via our first-party proxy.
  • Google Analytics (traffic measurement) — loaded only if you accept.
  • Meta Pixel (advertising measurement) — loaded only if you accept.
  • Crisp (customer support chat) — always active so you can reach us; not part of the analytics consent choice.

Your choice is stored locally in your browser. You can change it at any time by clearing site data or contacting us at contact@genlook.app.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective Date" above and, where appropriate, notify you (e.g. in-app or by email). We encourage you to review this page periodically.

14. Legal

Publisher: PARAKEET LABS (SAS), operating as Genlook — 4 Rue de la République, 69001 Lyon, France
Hosting: Vercel Inc., Covina, CA, USA.